Privacy Policy

1. Data Controller

The controller responsible for your personal data is:

connvision Ltd. (operating the Daydrop brand)
Rämistrasse 2
8001 Zürich
Switzerland

For any privacy questions, you can reach us via the contact options on the Contact page.

2. What data we collect

We process the following categories of data:

• Account data: name, email address, authentication identifiers, and settings (for example analytics preferences).
• Journal content: text entries, photos, videos, audio recordings and transcripts, tags, and AI-generated summaries or analysis linked to your moments.
• Location and context: optional location attached to a moment (GPS coordinates and derived place names), local weather at the time of the moment, and time-zone information.
• Faces and people: optional face crops and embeddings used to help you find moments with specific people, and any labels you assign (like names or roles). We do not send these embeddings to external third-party face recognition providers.
• Usage and device data: app usage events, device model, operating system, crash logs, and performance data (via Firebase services such as Analytics and Crashlytics).
• Waitlist data: name, email address, and optional social handles (X/Twitter, TikTok) provided on the website waitlist form.
• Website cookies: technical cookies used for the Daydrop console session on the website. We currently do not use marketing or advertising cookies on the public website.

3. How we use your data and legal bases

We process your data for the following purposes and legal bases:

• Provide and improve the service (Art. 6(1)(b) GDPR – performance of a contract), including syncing your moments across devices, securing access to your account, generating journal entries, and providing search and timeline features.
• Optional analytics and crash reporting to understand how the app is used and fix issues (Art. 6(1)(a) GDPR – consent, or Art. 6(1)(f) GDPR – legitimate interest). You can control analytics settings in the app where provided.
• Waitlist communication to send you updates about Daydrop and invite you to early access (Art. 6(1)(a) GDPR – consent).
• Security and abuse prevention, including preventing unauthorized access and protecting our infrastructure (Art. 6(1)(f) GDPR – legitimate interest).
• Legal obligations, for example where we are required to retain or disclose certain data (Art. 6(1)(c) GDPR).

4. Third-party services and data storage

We rely on trusted third-party providers to operate Daydrop. These providers process personal data on our behalf as processors or, in some cases, as independent controllers. In particular:

• Google Firebase (Google LLC) – we use Firebase for authentication, Firestore database, Storage, Cloud Functions, messaging, Remote Config, Analytics, and Crashlytics. Your account data, journal content, media files, and usage data are stored in Firebase projects associated with Daydrop.
• Analytics (Google Analytics / Firebase Analytics) – used in the app and on the website (via Google Analytics 4) to understand feature usage, improve the product, and measure the effectiveness of campaigns. Where required, we only enable analytics if you give consent, for example via the cookie banner on the website or the analytics setting in the app.
• OpenAI – we use OpenAI's APIs for: speech recognition (transcribing audio), image and video analysis, text analysis, and generating or polishing journal text. For these features, we send relevant content (such as audio snippets, transcripts, images, video frames, and associated text) to OpenAI, and we store the returned results in Firebase. We configure OpenAI services so that training on your data is disabled where the provider supports this.
• Google Maps Platform – we use Google Maps SDK and the Google Maps Geocoding API to show maps in the app and to convert GPS coordinates into human-readable place names (e.g. city, country, venue). For this, your approximate location (coordinates) is sent to Google.
• OpenWeather – we use the OpenWeather API to enrich your moments with historical weather information based on the location and time of the moment. For this, we send coordinates and a timestamp to OpenWeather.
• Supabase – we use Supabase to store waitlist entries from the website (name, email, and optional social handles) and to manage the internal waitlist console.
• Advertising and measurement platforms – on the website we may use Meta (Facebook/Instagram) Pixel, TikTok Pixel, and Google Analytics to measure how well our ads perform and to understand how visitors come to the site. We use these tools for measurement and attribution only; we do not show third‑party ads inside the app or on the website itself.
• Authentication providers (Google, Apple) – if you choose to sign in with Google or Apple, those providers process your login information and share authentication tokens and basic profile data (such as email and name) with Firebase and Daydrop.

These providers may process data in the EU, the US, and other jurisdictions. Where personal data is transferred outside the EU/EEA or the UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and equivalent mechanisms as provided by those vendors.

5. Cookies and similar technologies

On the website, we use essential cookies that are necessary for basic site functions, and (with your consent) analytics cookies and marketing/measurement pixels (for example Google Analytics, Meta, and TikTok) to understand how the site is used and how our campaigns perform.

Analytics and marketing cookies are only set if you consent via the cookie banner. You can withdraw your consent at any time by clearing cookies in your browser.

The Daydrop app uses on-device storage provided by the operating system rather than browser cookies.

6. Data retention

We retain your personal data for as long as you maintain a Daydrop account or as necessary to provide you with the service. When you delete content or your account, we aim to delete or anonymize related data within a reasonable period, subject to technical constraints and legal obligations.

Waitlist data is kept until we have invited you and the early access phase is complete, or until you ask us to delete it.

7. Your rights

Under the GDPR (and similar laws), you have the following rights in relation to your personal data:

• Right of access (to know what data we hold about you).
• Right to rectification (to correct inaccurate data).
• Right to erasure (to delete your account and associated data).
• Right to restriction and objection to certain processing.
• Right to data portability (to receive certain data in a portable format).
• Where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights, please contact us via the Contact page. You also have the right to lodge a complaint with your local data protection authority.

8. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app or by email.