Effective Date: February 17, 2026 · Version: 1.0 · Last Updated: February 17, 2026
Welcome to Dairoo, the personal calendar app that lets you save notes, images, videos, audio recordings, and documents for every day of the year.
Protecting your personal data is our top priority. This Privacy Policy informs you about what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the Italian Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018).
Our core privacy principles:
The Data Controller is:
dairoo
Email: team@dairoo.com
For any request regarding the processing of your personal data or to exercise your GDPR rights, you can contact us at the addresses above.
Dairoo collects different categories of personal data, depending on the features you use and the consents you have provided.
Legal Basis: Art. 6(1)(b) GDPR - Contract performance
When you create a Dairoo account via Google Sign-in or Apple Sign-in, we collect:
Source: Provided directly by you through Google or Apple during registration.
Why we collect it: This data is essential to create and manage your account, allow you to access the app, and sync your notes across devices.
Legal Basis: Art. 6(1)(b) GDPR - Contract performance
When you use Dairoo to create notes, we collect:
Where it's stored:
Why we collect it: This is the core of the application. Without collecting this data, we couldn't provide you with the calendar and notes service.
Important: Your notes are encrypted at rest on both Firestore and Google Drive. Only you can access the content of your notes through your Google/Apple account.
Legal Basis: Art. 6(1)(a) GDPR - Explicit consent
If you accept the "App Analytics" consent in privacy settings, we collect anonymous data about app usage via PostHog:
anonymous_id stored on your device, never linked to your accountWhat we DON'T collect:
disableGeoip: true)Server: Europe (Frankfurt, Germany) - PostHog EU Cloud
Why we collect it: To understand how users utilize the app and improve user experience.
How to revoke: Go to Settings → Privacy → Disable "App Analytics". The effect is immediate.
Retention: 7 years (configurable, can be reduced upon request)
Legal Basis: Art. 6(1)(a) GDPR - Explicit consent
If you accept the "Error Monitoring" consent, we collect technical information about crashes and bugs via Sentry:
What we DON'T collect:
Server: Germany (EU)
Why we collect it: To identify and fix technical bugs, improving app stability.
How to revoke: Settings → Privacy → Disable "Error Monitoring".
Retention: 90 days from the error
Legal Basis: Art. 6(1)(a) GDPR - Explicit consent
If you accept the "Marketing Emails" consent, we subscribe your email to our newsletter via Loops.so:
Email Frequency: Maximum 2 emails per month
How to revoke: Click "Unsubscribe" at the bottom of any email, or Settings → Privacy → Disable "Marketing Emails".
Server: USA (with Standard Contractual Clauses - SCC)
Retention: Until consent revocation or account deletion
Legal Basis: Art. 6(1)(a) GDPR - Explicit consent
If you accept the "Subscription Support" consent, we share data with RevenueCat to manage paid subscriptions:
How to revoke: Settings → Privacy → Disable "Subscription Support".
Server: USA (with Standard Contractual Clauses - SCC)
Retention: Up to 12 months after account deletion
Legal Basis: Art. 6(1)(a) GDPR - Explicit consent; Art. 9(2)(a) GDPR for health-related data
During onboarding, we optionally ask you to share profile information. All fields are optional.
Important — Health Data (Art. 9 GDPR): The "personal challenges" category may include health-related data. This data is processed only on the basis of your explicit consent and is not shared with third parties.
Where it's stored: Firestore (europe-west1 - Belgium), in your private user document.
Retention: Until account deletion.
Pursuant to Art. 13 GDPR, below we summarize the processing purposes and related legal bases:
| Data Collected | Purpose | Legal Basis | Mandatory? |
|---|---|---|---|
| Email, Name, UID | Authentication and account management | Art. 6(1)(b) - Contract | ✅ Yes |
| Note Content (text, media) | Calendar service provision | Art. 6(1)(b) - Contract | ✅ Yes |
| Profile Data (age, gender, etc.) | Internal app personalization | Art. 6(1)(a) - Consent | ❌ No |
| Personal Challenges (health data) | Internal app personalization | Art. 9(2)(a) - Explicit consent | ❌ No |
| Analytics (PostHog) | App improvement and UX | Art. 6(1)(a) - Consent | ❌ No |
| Error Tracking (Sentry) | App stability and bug fixing | Art. 6(1)(a) - Consent | ❌ No |
| Email Marketing (Loops) | Newsletter and promotional communications | Art. 6(1)(a) - Consent | ❌ No |
| Support Email/Name (RevenueCat) | Subscription assistance | Art. 6(1)(a) - Consent | ❌ No |
Dairoo uses the following third-party services ("subprocessors" under GDPR) to process your personal data:
Some of our subprocessors are located in the United States. We ensure all international data transfers comply with Chapter V of the GDPR (Art. 44-49).
Data Stored in EU
Transfers to USA
We retain your personal data only for as long as necessary, in accordance with Art. 5(1)(e) GDPR.
| Data Type | Retention Period |
|---|---|
| Account and authentication | Until account deletion |
| Note content (text, media) | Until account deletion |
| Analytics (PostHog) | 7 years (reducible upon request) |
| Error logs (Sentry) | 90 days from the error |
| Email marketing (Loops) | Until consent revocation or account deletion |
| Transaction data (RevenueCat) | 12 months after account deletion |
| Google Drive backup | Until manual deletion by you |
Automatic Deletion on Account Deletion (within 48h):
In accordance with Articles 15-22 of the GDPR, you have the following rights:
You have the right to obtain a copy of all personal data we hold about you. Go to Settings → Export Data to generate a ZIP file containing all your notes, media, and account metadata.
You have the right to receive your data in a structured, machine-readable format. Use the same export procedure as the Right of Access (JSON export).
Go to Settings → Delete Account and confirm with your email. All data is permanently deleted within 48 hours.
Go to Settings → Privacy to disable individual consents: App Analytics, Error Monitoring, Marketing Emails, Subscription Support. Effect is immediate.
For name/email: edit directly from your Google/Apple account settings. For note content: edit notes directly in the app. For other data: contact us.
You have the right to request restriction of processing in certain circumstances. Contact us at team@dairoo.com explaining the request.
If you believe the processing of your data violates the GDPR, you can lodge a complaint with:
Italian Data Protection Authority (Garante)
Piazza Venezia, 11 - 00187 Rome, Italy
Tel: +39 06.696771 · Email: garante@gpdp.it
We adopt appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Art. 32 GDPR.
Data Breach Notification
In case of a personal data breach, we commit to: notify the Authority within 72 hours (Art. 33 GDPR), notify affected users without undue delay if high risk (Art. 34 GDPR), and document all breaches.
We reserve the right to modify this Privacy Policy at any time to reflect regulatory changes, new features, or improvements in data protection.
All previous versions will be archived and available upon request.
For any question, request, or complaint regarding the processing of your personal data:
Email: team@dairoo.com
We commit to respond within 30 days of receiving the request (Art. 12.3 GDPR).
© 2026 Dairoo. All rights reserved.
Version 1.0 · Published February 17, 2026