Legal
Privacy Policy
Last updated: April 2026 · Effective immediately
Plain English summary: We collect only what we need to personalise your experience. We never sell your data. We never store real names of children. You can delete your account and all data at any time. We comply with GDPR.
1. Who We Are
DailyBond ("we", "us", "our") operates the website at dailybond.app and provides an AI-powered parenting companion service. For privacy enquiries, contact us at: privacy@dailybond.app
2. What Data We Collect
We collect the minimum data necessary to provide our service:
- Account data: Your email address and password (encrypted) when you create an account
- Parent profile: Whether you are a mother or father
- Child profiles: Your child's age, a nickname you choose (which can be entirely fictional — we never require real names), up to 3 personality words, interests, and relationship description
- Usage data: Which suggestions you marked as worked, skipped, or didn't work — used to personalise future suggestions
- Payment data: Handled entirely by Stripe — we never see or store your card details
- Marketing consent: Whether you opted in to receive our emails — only if you explicitly agreed
3. What We Do NOT Collect
- Real names of children — our system is designed to work with nicknames only
- Photos of children
- School names, locations, or any identifying information about children
- Your location beyond your country (used for payment currency only)
- Device-level tracking beyond standard analytics
4. How We Use Your Data
- To provide the service: Generate personalised daily suggestions for your child
- To improve suggestions: Your feedback (worked/skipped) trains the AI for your specific child profile
- To send product emails: Trial reminders, subscription confirmations, and weekly insight reports
- To send marketing emails: Only if you explicitly opted in during signup. You can unsubscribe at any time.
- To process payments: Subscription billing via Stripe
- To improve DailyBond: Aggregated, anonymised usage patterns — never individual data
We never sell your data to third parties. Ever. DailyBond's business model is subscription revenue — not advertising or data monetisation.
5. Marketing Emails
We will only send you marketing emails (product updates, tips, promotions) if you explicitly ticked the marketing consent checkbox during signup. This consent is separate from transactional emails (receipts, trial reminders) which are sent regardless.
You can withdraw marketing consent at any time by:
- Clicking "Unsubscribe" in any marketing email
- Going to Account Settings → Email Preferences
- Emailing us at privacy@dailybond.app
6. Data Storage and Security
Your data is stored on Supabase infrastructure hosted in the European Union (Ireland). All data is encrypted at rest and in transit using industry-standard TLS encryption. Row-level security ensures users can only access their own data.
Passwords are hashed using bcrypt — we cannot see your password, ever.
7. Your Rights Under GDPR
If you are in the UK or EU, you have the following rights:
- Right of access: Request a copy of all data we hold about you
- Right to rectification: Correct any inaccurate data
- Right to erasure: Delete your account and all associated data permanently
- Right to portability: Export your data in a machine-readable format
- Right to object: Object to processing for marketing purposes
- Right to restrict processing: Limit how we use your data
To exercise any of these rights, email privacy@dailybond.app. We will respond within 30 days.
8. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- Your profile and child profiles are deleted immediately
- Your suggestion history is deleted within 7 days
- Anonymised, aggregated usage statistics may be retained
- Payment records are retained for 7 years as required by law
9. Third-Party Services
We use the following third-party services, each with their own privacy policies:
- Supabase (database and authentication) — GDPR compliant, EU hosting
- Stripe (payments) — PCI DSS compliant
- Anthropic / OpenAI (AI suggestions) — prompts sent do not include real names
- Resend (email delivery) — GDPR compliant
- Vercel (hosting) — GDPR compliant
- Google Analytics (anonymised usage statistics) — IP anonymisation enabled
10. Children's Privacy
DailyBond is a service for parents, not for children. Children do not create accounts. We do not knowingly collect personal data from children under 13. Child profiles contain only anonymous descriptive information chosen by the parent.
11. Cookies
We use essential cookies for authentication (keeping you logged in) and analytics cookies (Google Analytics with IP anonymisation). We do not use advertising cookies or track you across other websites.
12. Changes to This Policy
We will notify you by email if we make material changes to this privacy policy. Continued use of DailyBond after notification constitutes acceptance of the updated policy.
13. Contact
For any privacy questions or to exercise your rights: privacy@dailybond.app