DearDiario

Back to Home

Privacy Policy

Last Updated: November 11, 2025

1. Introduction

Welcome to DearDiario ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our daily journaling service.

By using our service, you agree to the collection and use of information in accordance with this policy.

Contact Information:
Email: contact@deardiario.com

2. Your Data Ownership

You Own Your Data

You own all of your data. This includes your journal entries, account information, and any personal data you provide to us. We do not claim ownership of your data.

You have complete control over your data. You can:

  • Access your data at any time
  • Download/export your data (see Section 7)
  • Delete your data at any time
  • Request data deletion by contacting us

3. Information We Collect

3.1 Information You Provide

Account Information:

  • Email address
  • Password (hashed with bcrypt - we never store plain text passwords)
  • First name (optional)
  • Authentication method (email/password or Google OAuth)

Journal Entries:

  • Daily journal entries
  • Dates of entries
  • Entry metadata (creation date, last updated)

Payment Information:

  • Payment processing is handled by Stripe
  • We do not store credit card numbers
  • We store subscription status, billing period, and related metadata

3.2 Information Collected Automatically

Technical Information:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Session cookies for authentication
  • Usage data (pages visited, features used)

Cookies:

  • Session cookies for authentication (expires after 7 days)
  • Necessary for service functionality

3.3 Information from Third-Party Services

Google OAuth (if used):

  • Email address
  • Profile information (name)
  • Google account ID

Stripe (Payment Processing):

  • Subscription status
  • Billing period information
  • Customer ID
  • Payment method type (last 4 digits of card, if available)
  • No credit card numbers are stored by us

4. How We Use Your Information

We use your information to:

Provide Service:

  • Create and manage your account
  • Store and encrypt your journal entries
  • Enable access to your entries
  • Process payments and manage subscriptions
  • Provide customer support

Improve Service:

  • Analyze usage patterns (aggregated, anonymized)
  • Fix bugs and improve performance
  • Develop new features

Communication:

  • Send service-related emails (account updates, security notices)
  • Respond to support requests
  • Send important service updates

Legal Compliance:

  • Comply with legal obligations
  • Respond to legal requests
  • Protect our rights and prevent fraud

5. Data Storage and Security

5.1 Encryption

Your Journal Entries Are Encrypted

Your journal entries are encrypted before being stored in our database:

  • Encryption method: AES-256 encryption
  • Encryption key: Stored securely in environment variables
  • Encryption occurs before data is written to the database
  • We cannot read your encrypted entries - only you can decrypt them with your account

What This Means:

  • Your entries are encrypted in our database
  • Even with database access, your entries remain encrypted
  • Only you can decrypt and view your entries
  • We do not have access to the plain text of your entries

5.2 Password Security

  • Passwords are hashed using bcrypt (never stored in plain text)
  • We cannot see or recover your password
  • If you forget your password, you must reset it

5.3 Data Transmission

  • All data is transmitted over HTTPS (secure connection)
  • Secure connections protect your data in transit

5.4 Security Measures

  • Secure servers and databases
  • Regular security updates
  • Access controls and authentication
  • Monitoring for suspicious activity
  • Regular backups

Your Responsibility

  • Use a strong, unique password
  • Keep your account credentials secure
  • Log out when using shared devices
  • Notify us immediately of any unauthorized access

6. Third-Party Services and Data Sharing

6.1 OpenAI Integration (AI Search Feature)

Important: OpenAI Integration

When It's Used:
  • Only when PAID users use the AI-powered search feature
  • Not used for FREE users
  • Not used for regular entry storage or access
What Data Is Shared:
  • Your search query
  • Relevant journal entries (decrypted and sent to OpenAI for processing)
  • Entry dates and content
Why We Share It:
  • To provide AI-powered semantic search
  • To understand natural language queries
  • To find relevant entries even with different wording or languages
OpenAI's Data Usage:
  • OpenAI processes your data to provide search results
  • OpenAI's Privacy Policy applies: https://openai.com/policies/privacy-policy
  • OpenAI may use your data to improve their services (see OpenAI's policy)
  • Data is sent to OpenAI only during active search requests
  • Data is not stored by OpenAI beyond what's necessary for the API call
Your Control:
  • You can avoid using AI search if you prefer
  • Regular keyword search does not use OpenAI
  • You can disable AI features in your account settings (if available)

6.2 Stripe (Payment Processing)

What We Share:
  • Email address
  • Subscription plan information
  • Customer ID
What Stripe Processes:
  • Payment information (credit card numbers, billing addresses)
  • Payment transactions
  • Subscription management
Stripe's Privacy Policy:
  • Stripe's Privacy Policy applies: https://stripe.com/privacy
  • We do not store credit card information
  • All payment data is handled by Stripe

6.3 Google OAuth (Authentication)

What We Access:
  • Email address
  • Basic profile information (name)
  • Google account ID
Google's Privacy Policy:

6.4 Data Sharing Policy

We Do NOT:
  • Sell your personal data
  • Share your journal entries with third parties (except OpenAI for search, as described above)
  • Use your data for advertising or marketing (except service-related communications)
  • Share your data with data brokers
We MAY Share:
  • When required by law or legal process
  • To protect our rights or prevent fraud
  • In connection with a business transfer (merger, acquisition, etc.)
  • With your explicit consent

7. Your Rights and Data Export

7.1 Data Ownership

You Own Your Data

You have the right to:

  • Access your data
  • Download/export your data
  • Correct inaccurate data
  • Delete your account and data
  • Request data portability

7.2 Data Export/Download

How to Export Your Data:
  • Use the "Export Data" feature in your account settings (Profile page)
  • Contact us at contact@deardiario.com to request a data export
  • We will provide your data in a machine-readable format (JSON, CSV, or Markdown)
Export Format:
  • JSON format with all entries and metadata
  • CSV format for spreadsheet compatibility
  • Markdown format for readability
  • Entries will be decrypted for export
  • Includes dates, content, and creation/update timestamps
Response Time:
  • We will respond to export requests within 30 days
  • Large exports may take additional time

7.3 Account Deletion

How to Delete Your Account:
  • Use the "Delete Account" feature in your account settings (if available)
  • Contact us at contact@deardiario.com to request account deletion
What Happens When You Delete:
  • Your account is permanently deleted
  • All journal entries are permanently deleted
  • All personal data is removed from our systems
  • Subscription is canceled (if active)
  • Data cannot be recovered after deletion
Data Retention After Deletion:
  • Data is deleted within 30 days of account deletion request
  • Backup copies may be retained for up to 90 days for security purposes
  • After 90 days, all backups are permanently deleted

7.4 GDPR Rights (EU Users)

If you are in the EU, you have additional rights:

  • Right to access your data
  • Right to rectification (correction)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise these rights, contact us at contact@deardiario.com.

7.5 CCPA Rights (California Users)

If you are in California, you have additional rights:

  • Right to know what data is collected
  • Right to delete your data
  • Right to opt-out of sale (we do not sell your data)
  • Right to non-discrimination

8. Data Retention

How Long We Keep Your Data:

  • Account information: Until you delete your account
  • Journal entries: Until you delete your account or individual entries
  • Payment information: As required by law (typically 7 years for tax purposes)
  • Session data: 7 days (session cookies expire)
  • Backup data: Up to 90 days after account deletion

Automatic Deletion:

  • Inactive accounts may be deleted after 2 years of inactivity
  • You will be notified before deletion
  • You can reactivate your account by logging in

9. Children's Privacy

Our service is not intended for children under 13 (or 16 in the EU):

  • We do not knowingly collect data from children under 13
  • If we learn we have collected data from a child under 13, we will delete it immediately
  • Parents can contact us to request deletion of their child's data

10. International Data Transfers

Data Location:

  • Your data is stored on servers located in [Your Server Location]
  • Data may be processed in other countries for service provision
  • We ensure appropriate safeguards are in place for international transfers

GDPR Compliance:

  • For EU users, we comply with GDPR
  • We use Standard Contractual Clauses (SCCs) for international transfers
  • We implement appropriate technical and organizational measures

11. Cookies and Tracking Technologies

Cookies We Use:

  • Session cookies: Required for authentication (expires after 7 days)
  • No tracking cookies or advertising cookies
  • No third-party analytics cookies (unless you opt-in)

How to Manage Cookies:

  • You can disable cookies in your browser settings
  • Disabling cookies may affect service functionality
  • Session cookies are required for login

12. Changes to This Privacy Policy

Updates:

  • We may update this Privacy Policy from time to time
  • We will notify you of material changes via email or in-app notification
  • Continued use after changes constitutes acceptance
  • The "Last Updated" date will be updated when changes are made

Review:

  • We recommend reviewing this Privacy Policy periodically
  • Previous versions are available upon request

13. Contact Us

Privacy Inquiries:

14. Additional Information

Security Breaches:

  • We will notify you of any data breaches that affect your personal information
  • Notifications will be sent within 72 hours of discovery
  • We will provide details about the breach and steps you can take

Dispute Resolution:

  • If you have concerns about our privacy practices, contact us first
  • We will work to resolve your concerns promptly
  • You have the right to file a complaint with your local data protection authority

Summary of Key Points

  • You own your data - we don't claim ownership
  • Your journal entries are encrypted in our database
  • You can download/export your data at any time
  • OpenAI is used only for AI search (PAID users only)
  • We do not sell your data
  • You can delete your account and data at any time
  • We use encryption and security measures to protect your data

Legal Basis for Processing (GDPR)

For EU users, we process your data based on:

  • Consent: When you create an account and use our service
  • Contract: To provide the service you requested
  • Legal obligation: To comply with legal requirements
  • Legitimate interests: To improve our service and prevent fraud