DayZen — Privacy Policy
Last updated: October 23, 2025
This Privacy Policy explains how DayZen processes personal data. It reflects our architecture: on-device by default, optional iCloud and EventKit integrations, and no DayZen-managed servers for your content.
1. Who is the controller?
DayZen (contact: joris@kavolis.xyz) is the controller for processing performed by the app. For Apple services you enable (iCloud, App Store, Calendar/Reminders), Apple is an independent controller under Apple's terms and privacy policies.
2. What data we process
User Content (on-device by default): tasks, schedules, categories, notes, settings.
Calendar/Reminders data (optional): if you grant permission, we read/write relevant events to your Apple Calendars/Reminders via EventKit, so changes appear system-wide.
Purchase status: StoreKit provides product/entitlement information to unlock Pro features. We do not receive payment card data.
Diagnostics: If you opt in at the OS level, Apple may provide crash logs/analytics; we do not embed third-party trackers.
3. Where data lives
On device: stored using SwiftData/App Group.
iCloud (optional): if you enable sync, data resides in your Apple ID's iCloud containers under Apple's terms.
Apple Calendar/Reminders (optional): events/reminders live in your Apple account if you allow it. We do not upload your User Content to DayZen-managed servers.
4. Why we process data (purposes)
To provide core features (time blocking, scheduling, widgets, exports).
To read/write events when you enable calendar/reminders sync.
To validate IAP entitlements and apply Pro access.
Basic app security and fraud prevention.
5. Legal bases (EU/EEA/UK)
Performance of a contract (Art. 6(1)(b) GDPR): delivering the features you request.
Consent (Art. 6(1)(a)): optional integrations (Calendar/Reminders, iCloud). You can revoke in iOS Settings.
Legitimate interests (Art. 6(1)(f)): app security, preventing abuse, purchase validation.
6. Sharing & recipients
We do not sell or share your personal data for advertising. We do not disclose User Content to third parties. Apple acts as an independent controller for its services (iCloud, App Store, EventKit). If required by law, we may disclose data to authorities.
7. International transfers
Your data may be processed by Apple in locations outside your country when you enable iCloud/App Store/Calendar features; Apple's safeguards apply. DayZen does not host User Content on its own servers.
8. Retention
Local data: remains until you delete it or uninstall DayZen.
iCloud: remains until you remove it from iCloud.
Calendar/Reminders: remain until you remove them from Apple's apps.
Purchase records: Apple retains billing records; we retain minimal entitlement info as needed.
9. Your choices & rights
Permissions: Manage Calendar/Reminders and iCloud access in iOS Settings.
Export/Delete: You can export schedules and delete local data (including by deleting the app). Remove calendar items in Apple Calendar if you want them gone from your account.
Privacy rights: Depending on your location, you may have rights to access, correct, delete, port, or object/restrict processing. Because we do not host your User Content, many rights can be exercised on device. You can also contact joris@kavolis.xyz.
Complaints: You may lodge a complaint with your local supervisory authority. In the Netherlands, Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).
10. Security
We rely on Apple's platform security (device encryption, sandboxing, Keychain) and follow reasonable measures to protect data. No system is 100% secure—keep your device and Apple ID protected.
11. Children
DayZen is not directed to children under 13 (or the minimum age in your region). We do not knowingly collect data from children.
12. Changes
We may update this Policy. Material changes will be shown in-app. Continued use after updates means you accept the revised Policy.