Privacy Policy

Effective date: February 17, 2026

Introduction

Protecting your personal data is a priority for Oday. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

These privacy practices complement our Terms of Service. Please review both documents to understand your rights and obligations. Terms of Service

Data Controller

The data controller responsible for processing your personal data is:

BESSON Guy Dominique

Trading as: Oday

Living in Paris, France

Email: contact@oday.app

Our Core Principles

  • Lawfulness and transparency: We process your data legally and inform you clearly
  • Purpose limitation: Your data is collected for specific and legitimate purposes
  • Data minimization: We only collect data that is strictly necessary
  • Accuracy: We keep your data up to date and allow you to correct it
  • Storage limitation: Your data is only kept for as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures

Data Collected

Identification Data

  • Email address (used as unique identifier)
  • Password (stored in encrypted form if using password authentication)
  • Google or Apple identification tokens (if using social authentication)

Profile Data

  • Username
  • Preferred language
  • Timezone (automatically detected)

Device Data

  • Push notification token (for notifications)
  • Device type (iOS, Android)
  • Installed app version

Chat Data

  • Your conversations with Oday's AI

Data from Connected Apps

When you connect external apps to Oday, we collect:

  • Reminders: Title, due date, completion status, and notes from your device's reminder app
  • Calendar: Title, date, time, location, and attendees from your device's calendar

Subscription and Payment Data

  • Subscription status and expiration date
  • Purchase history and transaction IDs
  • Subscribed product identifiers

Important: Payment details (credit card numbers, etc.) are handled exclusively by Apple/Google and RevenueCat. We never have access to your payment information.

Usage Analytics Data

To improve the app, we collect usage analytics via PostHog:

  • User ID linked to your account
  • Email address to identify your account
  • How you interact with the app (screens viewed, features used, buttons clicked)

Advertising and Attribution Data

To measure the effectiveness of our advertising campaigns, we use the TikTok Business SDK, which may collect:

  • Advertising identifier (IDFA on iOS) — only with your explicit consent via the App Tracking Transparency prompt
  • App events: installs, launches, registrations, subscription starts, and purchases (no personal content data is shared)
  • Basic device information (device model, OS version) for attribution purposes

Data We Never Collect

We NEVER collect:

  • Your precise GPS location
  • Your contacts
  • Your photos or media
  • Your SMS messages or call history

How We Use Your Data

Providing the Service

  • Managing your account and authentication
  • Storing your tasks and events
  • Syncing between your devices and external apps
  • Sending reminders and daily recaps

Artificial Intelligence

We use AI to help you manage your productivity. When you interact with the AI, we send: your message, timezone, current date, and recent conversation context. The AI also may access your tasks, calendar events, and reminders to provide better scheduling suggestions and productivity insights.

Your email, name, and personal identification information are NEVER sent to the AI.

Important: Your data is NEVER used to train AI models.

Advertising Measurement

We use the TikTok Business SDK to measure the performance of our advertising campaigns. This helps us understand which ads lead users to install and use Oday. Event data (such as app installs, registrations, and subscriptions) is shared with TikTok for attribution purposes. No personal task content, calendar data, or AI conversations are ever shared for advertising.

Service Improvement

  • Usage analytics linked to your account (PostHog) - we track how you use the app to improve features and user experience
  • Bug detection and fixes (Sentry)
  • Performance optimization

Data Sharing

We NEVER sell, rent, or trade your personal data with third parties for commercial purposes.

We only share your data with our technical service providers:

  • Supabase: Database hosting and authentication (EU)
  • OpenRouter: AI inference for task translation (USA, minimal data)
  • RevenueCat: Subscription and payment management (USA)
  • PostHog: Usage analytics (EU/USA)
  • Sentry: Error tracking (Germany)
  • Expo: Push notifications (USA)
  • Inngest: Background tasks (USA)
  • TikTok for Business: Advertising attribution and campaign measurement (USA/Singapore)

International Transfers

Some of our subcontractors are located outside the European Union. We ensure the protection of your data through:

  • Standard Contractual Clauses (SCC) from the European Commission
  • Encryption of all data in transit (TLS/HTTPS)

Security

  • Encrypted communications (TLS 1.2+)
  • Row Level Security: You can only access your own data
  • Authentication via signed JWT tokens
  • Continuous monitoring and incident response plan

Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: Obtain a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Delete your data ("right to be forgotten")
  • Right to restriction: Temporarily suspend processing
  • Right to data portability: Receive your data in a structured format (JSON)
  • Right to object: Object to processing
  • Right to withdraw your consent at any time

To exercise your rights, contact us at contact@oday.app. We will respond within 1 month.

You can also file a complaint with the CNIL (www.cnil.fr) or your local supervisory authority.

Data Retention

  • Active account: Data retained as long as your account is active
  • After deletion: All your data is deleted immediately and permanently
  • Technical logs: 30 to 90 days depending on type
  • Inactivity: After 24 months without login, we will contact you before potential deletion

Account Deletion

You can delete your account at any time in Settings > Account > Delete my account. This action is immediate, permanent, and irreversible. All your data will be deleted.

Cookies and Tracking Technologies

The mobile app does not use HTTP cookies. We use secure local storage for your session and preferences.

We use the TikTok Business SDK for advertising attribution. On iOS, this SDK requests your consent via the App Tracking Transparency (ATT) prompt before accessing your advertising identifier (IDFA). You can decline this request, and the app will continue to function normally. You can also revoke this permission at any time in your device's Settings > Privacy > Tracking.

Changes

We may modify this policy to reflect changes in our practices or regulations. Substantial changes will be notified to you by email or in-app notification. They take effect 30 days after publication.

Contact

For any questions about this Privacy Policy or your data, contact us at contact@oday.app.

Supervisory Authority
CNIL - 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
www.cnil.fr