Privacy Policy

This is the privacy policy for Dayo, an iOS app that helps you spend less time on your phone by locking apps behind a real-world object you pick — your “Totem.” We wrote this in plain English on purpose. If anything is unclear, email us at hello@dayo.co and we'll fix it.

• Dayo is a single-user iOS app. You sign in with your phone number and use it to manage your own screen time.
• We collect the minimum we need to make the app work: your phone number (for sign-in + the weekly recap SMS), your name (whatever you type during onboarding), and the photos + label you pick for each Totem.
• We never see which specific apps you blocked or how long you used them. Apple's Screen Time API gives us opaque tokens, not a list of app names, and your usage data stays on your device.
• We don't sell your data. We don't track you across other apps or websites. We don't run ads.
• You can delete your account anytime from inside the app, and everything gets wiped.

Account

• Phone number. Used as your login (we send a 6-digit code via SMS to verify it) and as the destination for the optional Sunday-evening weekly recap SMS.
• Display name. Whatever you type during onboarding. Used inside the app and on any future buddy-facing surfaces.
• Email address. Optional. Only collected if you provide one in account settings.
• IANA timezone. Captured automatically at sign-up from your device so the weekly recap fires at a sane hour in your local time.

Totem data

• Totem photos. When you set up a Totem, you take three photos of the object. We store a small thumbnail (~200×200 JPEG) for display in the app, and an opaque Vision feature-print embedding used for matching. The full-resolution source photos are never uploaded.
• Totem name + category.Whatever you call it (“Robie,” “coffee mug”) and which Mode you picked (Work, Sleep, Study, Focus, Limit, or Custom).
• Anchor location.If you grant location permission, we store the GPS coordinates of where you enrolled the Totem so we can verify you're in the same place when unlocking. We don't track your location at any other time.

Usage data (from Apple)

• Opaque app tokens + minute counts.Apple gives our app totals (e.g. “52 minutes”) tied to anonymous tokens, not app names. We use these to enforce daily limits and render the “today's top apps” chart on your home screen. Per Apple's rules, this data is processed on your device and is not retained by us.

Session data

• Lock + unlock events (timestamps, which Totem, how you unlocked).
• Optional reflections you type after unlocking (“what did you do instead?”).
• Streak data (current streak, longest streak, minutes saved).

Push tokens

If you grant notification permission, we store your APNs device token so we can deliver streak-milestone notifications and the “focus block done” banner. The token is rotated by Apple periodically; we don't correlate it across accounts.

Crash + diagnostic data

We use Sentry to receive crash reports and breadcrumb logs of in-app events (e.g. “applied shield”). Reports are tied to your user ID so we can correlate bugs to behavior, but they aren't used for advertising or shared with anyone.

You opt in to receiving SMS from Dayo by entering your phone number on the sign-in screen of the iOS app and tapping “Send code.” The screen displays a consent disclosure beneath the button: “By tapping Send code, you agree to receive SMS from Dayo for verification and your weekly recap. Msg/data rates apply. Reply STOP to opt out. See dayo.co/privacy.”

Message types

• Account verification (transactional). Triggered every time you sign in. Format: “Your Dayo code is 123456.”
• Weekly recap (opt-in marketing-adjacent). One message per week, Sunday evening in your local time, summarizing the minutes you reclaimed and your current streak. Format: “Dayo recap: 3h 22m off your phone this week across 9 sessions. 7-day streak going. Reply STOP to opt out.”

Frequency

Verification messages: as needed (typically one per sign-in attempt). Weekly recap: at most one message per 7 days, only if you opted in and had at least one closed session in the window.

Opting out

Reply STOP to any message at any time and our SMS provider will stop sending you further messages. Reply HELP for support contact info. Standard message and data rates may apply.

SMS data — including your phone number and message content — is not shared with third parties for marketing purposes.

Dayo offers an optional Totem Pro subscription processed entirely through Apple's in-app purchase system. We never receive your credit card number, billing address, or any payment details — Apple handles all of it. We only receive a receipt from Apple confirming that your subscription is active so we can unlock Pro features in the app.

Manage or cancel your subscription anytime from Settings → [Your Name] → Subscriptions on your iPhone.

Dayo uses Apple's Family Controls and DeviceActivity frameworks to shield apps and read minute-level usage on your device. Two important things about how that works:

• You explicitly authorize it. The first time you set up a Totem, iOS shows the system Screen Time consent dialog and you tap to allow.
• The data stays on your device. Apple guarantees that the per-app token-based usage data we read is privacy-preserving — we get opaque identifiers + minute totals, never the actual app names you blocked or your full browsing history.

We use this data only to enforce the rules you set up (apply a shield, count minutes against a daily limit, draw the home screen usage chart). We never aggregate it across users or sell it.

We use Supabase (Postgres database + Auth) hosted on AWS as our primary backend. Row-level security policies ensure each user can only read and write their own data. Communication between the app and our backend is encrypted with TLS. Sensitive credentials (push tokens, the buddy-invite signing secrets) are kept in Supabase's secret store, not in normal database rows.

No system is perfectly secure, but we treat your data like it's ours.

• Access. Email hello@dayo.co and we'll send you everything we have tied to your account.
• Correction. Update your name, email, or timezone in the app at any time. For anything else, email us.
• Deletion.Open the app → Settings → Delete account. Wipes your profile, Totems, sessions, reflections, streaks, and push tokens. Can't be undone.
• SMS opt-out. Reply STOP to any Dayo SMS at any time.
• Push opt-out. iOS Settings → Notifications → Dayo → turn off.

Dayo is intended for users 13 and older. We do not knowingly collect data from anyone under 13. If you believe we have, email us and we'll delete the account.

If we make a material change, we'll update the effective date at the top of this page and (where required by law) notify you in-app or via SMS. Continued use of Dayo after the change means you accept the updated policy.

Questions, requests, or just want to say hi: email hello@dayo.co.