Privacy Policy

Last updated: June 2026

1. Data We Collect — About You

When you create an account and use DayMoz, we collect the following data that you provide directly:

Phone number — used solely for account authentication via SMS verification. Stored by Firebase (Google LLC).
Display name — shown to group members who can see your profile.
Profile photo (avatar) — only if you choose to upload a photo from your device gallery.
Date of birth — optionally added to your profile.
Notes about yourself — public (visible to group members), group-scoped, or private (visible only to you and stored encrypted; see §5).
Wish lists, preferences, and stop-lists — items you voluntarily add to your profile for group members to see.
Custom profile fields — any additional data you choose to add (email addresses, social media handles, custom fields, events and anniversaries).

We do not sell your data. We do not share it with third parties except as required by law or as strictly necessary to operate the Service (e.g., Firebase authentication by Google).

2. Data We Collect — About Other People

DayMoz is a relationship management app. When you add contacts, you may store information about other people, including:

Names, phone numbers, email addresses, dates of birth, and photos;
Notes, preferences, wish lists, stop-lists, and custom fields you record about them;
Event dates (birthdays, anniversaries, custom events);
Group membership and relationship context.

All this data is stored on our servers and synchronized with your account. You are responsible for having a legitimate basis to store personal information about other individuals and for complying with applicable privacy laws. We process this data solely on your behalf and do not use it for any other purpose.

If another DayMoz user adds you to a group, they may write notes about you visible to other group members. You may request deletion of data about you by contacting us.

3. Device Permissions

DayMoz requests the following device permissions:

Read Contacts (READ_CONTACTS) — used only when you explicitly tap "Import from phone book." The app reads your device address book solely to let you quickly add existing contacts to DayMoz. No contact data is sent to our servers without your deliberate action to save it. This permission is never used for background or automatic data collection.
Camera / Photo Library — used only when you select a photo for your profile avatar or a contact's avatar. Images are not collected automatically.
Internet access — required to synchronize your data with our servers and to authenticate your account. Without internet access the app works in read-only mode using locally cached data.

All permissions are requested at the point of use and explained in context. Denying READ_CONTACTS or camera access does not affect core functionality.

4. Data Storage and Synchronization

Your DayMoz data — contacts, notes, group memberships, events — is stored on our secure servers and synchronized across all devices where you sign in with your account. This means:

Data entered on one device is automatically available on all your other signed-in devices;
Data is retained on our servers while your account is active;
An encrypted copy is also cached locally on each device (see §6).

Server infrastructure is provided by Firebase (Google LLC). See §11 for details on international transfers.

5. Encryption

DayMoz uses end-to-end encryption for sensitive notes:

Private notes — AES-256 encrypted on your device before transmission. The server stores only the encrypted ciphertext. We cannot read your private notes.
Group notes — AES-256 encrypted with a key derived independently by each group member from the group owner's UID and group ID. No key is transmitted to the server.
Public notes — stored as plaintext on the server, because you explicitly chose to make them visible to all group members.
Local cache — all locally stored data is encrypted with a random key held in the OS secure keystore (Android Keystore / iOS Keychain). This protects your data if your device is lost or stolen.
In transit — all communication with our servers uses HTTPS with certificate pinning.

6. Authentication

We use Firebase Phone Authentication (Google LLC). Your phone number is used solely to verify your identity via one-time SMS code. Authentication tokens issued after verification are stored in the OS secure keystore (Android Keystore / iOS Keychain) and are never written to disk in plaintext. We do not have access to your device keystore.

7. Account and Data Deletion

In-app deletion (recommended): You can permanently delete your account and all associated data directly within the app: Settings → Delete Account & Data. This action immediately and irreversibly removes all your contacts, notes, group data, profile information, and authentication credentials from our servers.

Deletion by request: You may also request account deletion by writing to us via the contact page or at service@daymoz.com. We will complete the deletion within 30 days of receiving your verifiable request.

After deletion:

All server-side data associated with your account is permanently and irreversibly erased;
Residual data in backup snapshots may persist for up to an additional 30 days required by backup rotation, after which it is also erased;
Deleted data cannot be recovered under any circumstances. We are not liable for any consequences of account deletion.

Notes written by other users about shared contacts are those users' data — deleting your account removes your data but does not affect notes authored by others.

8. Security

We implement reasonable technical and organizational measures to protect your data: device-side AES-256 encryption, HTTPS with certificate pinning, secure token storage in the OS keystore, and access controls on our servers. However, no security measure is infallible.

We expressly disclaim all liability for data loss, corruption, unauthorized access, disclosure, alteration, or destruction resulting from a security incident, cyberattack, infrastructure failure, human error, or any other cause. By using the Service you acknowledge that no digital system can guarantee complete security and that you accept this inherent risk.

We strongly encourage you to keep independent backups of any data you consider important. The Service must not be used as the sole or primary storage for irreplaceable information.

9. Third-Party Services

The Service relies on the following third-party infrastructure:

Firebase Authentication (Google LLC) — phone number verification. Google Privacy Policy.
Firebase / Cloud infrastructure (Google LLC) — server-side data storage and synchronization.

We have no control over the data practices, security, or availability of third-party services and are not liable for any data loss, breach, or misuse by third-party providers.

10. No Liability for Data Loss or Security Incidents

Despite the technical measures described above, we expressly disclaim all liability for any data loss, corruption, unauthorized access, disclosure, alteration, or destruction of your data, whether resulting from a security incident, cyberattack, infrastructure failure, human error, or any other cause, foreseeable or unforeseeable.

By using the Service you acknowledge and accept that no digital system can guarantee complete security, and that such risks are inherent in the use of any online service. Your use of the Service constitutes your explicit, informed acceptance of these risks.

11. International Data Transfers

Your data may be stored and processed in data centers located outside your country of residence, including in the United States, as part of the Firebase (Google LLC) infrastructure. By using the Service you consent to such international transfers. We rely on applicable data transfer mechanisms (including Standard Contractual Clauses where required) to ensure an adequate level of protection.

12. Children's Privacy

DayMoz is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided personal data, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy at any time. The date at the top of this page reflects the most recent revision. We will make reasonable efforts to notify users of material changes (e.g., via in-app notice). Your continued use of the Service after changes are posted constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.

14. Contact

Questions about this Privacy Policy? Contact or email service@daymoz.com.