Back to Policies · Back to Policies

sDiary Privacy Policy

A book of your days, kept private - a local-first journal with complete data protection

Last updated: July 3, 2026|Effective: July 3, 2026

If you connect a Sapplify Account

If you connect a Sapplify Account to sDiary, the Sapplify Account Privacy Policy and Sapplify Account Terms of Service additionally apply to your use of account-related features (sign-in, profile, cross-device sync, Sync subscription, Trusted Reader).

1. Introduction

In short: sDiary is a privacy-first journal app. By default, all your journal content — your daily intention, moments (text, photo, or voice), and reflections — stays on your device. We don't track you, we don't sell your data, and we don't show ads. The only data that leaves your device by default is anonymous diagnostic data (crash and performance reports) and optional feedback you explicitly choose to send. If you connect a Sapplify Account and subscribe to Sapplify Sync, your journal content is additionally synced to our servers, and if you invite a Trusted Reader, the sealed days you choose to share become visible to them; the Sapplify Account Privacy Policy governs that flow on top of this one.

Welcome to the Privacy Policy for sDiary ("we", "us", or "our"). sDiary is a slow, intentional journal: you set a one-line intention for the day, capture a handful of moments as text, photos, or voice recordings, then seal the page at day's end. This Privacy Policy describes how we handle your data while you do that, with complete control kept in your hands.

sDiary operates on a local-first principle by default: your journal content is stored on your device unless you opt in to Sapplify Sync. This Privacy Policy describes that default, local-only behavior. If you connect a Sapplify Account, the Sapplify Account Privacy Policy additionally applies to data your account holds on our servers.

Please read this policy carefully to understand how we treat your personal content. By using sDiary, you acknowledge that you have read and understood this Privacy Policy.

Data Controller

The data controller responsible for your personal data is:

Anthony Eli Rasch - sapplify
PO Box 004
91501 Nove Mesto nad Vahom
Slovakia
ICO: 56665032

Email: contact@sapplify.com
Privacy inquiries: privacy@sapplify.com

Data Protection Officer

Sapplify operates at a scale that does not require the designation of a Data Protection Officer under Article 37 GDPR. For any data protection inquiry, contact privacy@sapplify.com.

2. Definitions

To help you understand this Privacy Policy, we define the following terms:

  • Personal Data: Any information relating to an identified or identifiable person.
  • Journal Content: Any content you create in sDiary, including your daily intention, moments (text, photos, or voice recordings), and end-of-day reflections. This is personal data you author yourself; it may incidentally touch on sensitive subjects if you choose to write about them, but sDiary does not ask for, prompt for, categorize, or analyze health, medical, or any other special category of information.
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
  • Local Storage: Data stored only on your device, not transmitted to external servers.
  • Sapplify Account: An optional sign-in identity that lets you use the same account across all Sapplify apps.
  • Sapplify Sync: An optional paid subscription that backs up and syncs your data to our servers across the devices you use, and powers the Trusted Reader feature.
  • Trusted Reader: An optional feature, available only with an active Sapplify Sync subscription, that lets you invite one person by email to view the sealed days you choose to share, at a visibility level you set (today only, the last 7 sealed days, or your full history). You can revoke access at any time.
  • Sealed Day: A day you have completed and locked in sDiary. Once sealed, its intention, moments, and reflection become part of your book and can no longer be edited.
  • Threads: An optional Pro feature that identifies words and phrases that recur across your sealed days, computed entirely on your device.

3. Data Collection

sDiary is a privacy-focused app. By default, all your journal content is stored on your device and is not transmitted to external servers. If you opt in to Sapplify Sync, your data is also synced to our servers; see the Sapplify Account Privacy Policy for the server-side details.

Journal Content You Create

The app stores the following content that you actively create:

  • Daily intention: A one-line statement of what the day is about, with a commit timestamp
  • Moments: Text notes, photos, or voice recordings you add throughout the day, each with a timestamp
  • Reflection: An end-of-day note you write when you seal the page
  • Seal status: Whether and when a day has been sealed
  • Threads cache (Pro): Recurring phrases identified across your own sealed days, computed and stored on your device

App Settings and Preferences

  • Profile: An optional display name
  • Notification settings: Your morning/evening nudge times and quiet hours
  • User preferences: Language settings
  • Terms acceptance: Record of when you accepted our Terms of Service and Privacy Policy

Trusted Reader Data (only if you enable it)

If you invite a Trusted Reader, we collect:

  • The email address of the person you invite
  • The visibility level you choose (today only, last 7 sealed days, or full history)
  • Your notify-on-seal preference
  • Invitation, acceptance, and revocation timestamps

See Section 9 for full details on how Trusted Reader works.

Diagnostic Data

To keep sDiary reliable, we automatically collect crash reports and basic performance data through our own in-house analytics (not a third-party service). This includes:

  • App version and platform
  • An anonymous device identifier generated at install, and a session identifier
  • Event names such as day sealed, app opened, or purchase completed
  • If a crash occurs: the error type, message, and a truncated stack trace

Your journal content is never included:

Diagnostic data never includes your intentions, moments, or reflections. It is limited to technical information about how the app is running.

Optional Feedback Data

If you choose to submit feedback through the app, we collect:

  • Your feedback message and type (bug report, feature request, general)
  • App version and device information (model, operating system)
  • Your locale/language
  • Email address (optional, only if you provide it for follow-up)

See Section 6 for details on data transmission.

What We DO NOT Collect

  • We DO NOT collect your name, address, or personal identification documents (other than an email address you choose to enter to invite a Trusted Reader)
  • We DO NOT collect GPS location or movement data
  • We DO NOT access your general photo library, contacts, or other personal files — only the specific photo or voice recording you choose to attach to a moment
  • We DO NOT use third-party analytics or advertising SDKs (no Google Analytics, Firebase Analytics, Facebook Ads, or similar)
  • We DO NOT display advertisements or use advertising networks
  • We DO NOT read, scan, or analyze your journal content on our servers
  • We DO NOT collect health data, medical information, or biometric data
  • We DO NOT track you across devices or apps

5. Threads & On-Device Analysis

Threads is an optional Pro feature that surfaces words and phrases you write often across your sealed days. All processing happens entirely on your device.

How Threads Works

On-device processing

Threads runs locally on your device

No cloud dependency

Your journal content never leaves your device for this analysis

Private insights

Recurring phrases are identified using only your own sealed days

No cross-user learning

Threads doesn't learn from or share patterns across users

Threads uses straightforward text-frequency analysis — counting how often words and phrases recur across the sealed days you have written. It is static, deterministic, and fully transparent: we do not use machine learning, neural networks, or any "black box" model that could produce unpredictable or unexplainable results. If a phrase appears often in your sealed days, Threads surfaces it; there is no hidden logic.

No AI Provider

No external AI model or provider is contacted to compute Threads. The analysis is built into the app and runs entirely offline, on your device, using your own data only.

Human Oversight

You maintain full oversight over what Threads shows you:

  • Threads is descriptive only — it surfaces recurring words and phrases, it does not interpret or explain them
  • You decide what a recurring phrase means to you
  • Threads does not perform automated actions or modify your entries
  • Every core journaling feature (intention, moments, reflection, sealing) works fully without ever opening Threads

Accuracy Limitations

Threads is based entirely on the days you've sealed. If you've sealed only a handful of days, or write inconsistently, Threads may show few or no recurring phrases. Accuracy improves the more consistently you write.

6. Data Transmission

sDiary is designed as a local-first app. There are limited circumstances where data may be transmitted to our servers:

Sapplify Sync (User-Initiated, if subscribed)

If you connect a Sapplify Account and have an active Sapplify Sync subscription, your journal content (intentions, moments including any photos or voice recordings, and reflections) and your Trusted Reader settings are transmitted to our servers in Supabase's EU region (Frankfurt) for cloud backup, cross-device sync, and to power the Trusted Reader feature. See the Sapplify Account Privacy Policy for sub-processors, retention, and your rights over this server-side copy.

Diagnostic Data (Automatic)

Crash reports and basic performance events (described in Section 3) are sent automatically to our own analytics backend, also hosted in Frankfurt, Germany (EU). This is a first-party service we operate ourselves — it is never shared with a third-party analytics or advertising company.

Feedback Submission (User-Initiated)

When you voluntarily submit feedback through the app, the following data is sent to our server:

  • Your feedback message and category
  • App version
  • Device model and operating system version
  • Your locale/language setting
  • Email address (only if you choose to provide it)

Server location: Frankfurt, Germany (EU)
Endpoint: api.sapplify.com
Encryption: All transmissions use HTTPS/TLS encryption

What Is NEVER Transmitted Without Your Action

Without Sapplify Sync enabled, none of the following ever leaves your device:

  • Your daily intention
  • Your moments, including photos and voice recordings
  • Your reflections
  • Your Threads results

The anonymous diagnostic events described in Section 3 are the only automatic transmission that happens regardless of Sync, and they never include your journal content.

Offline Functionality

If you submit feedback while offline, it is queued locally and sent when connectivity is restored. You can cancel pending feedback by clearing app data.

7. App Permissions

sDiary requests only the permissions necessary to function:

Required Permissions

  • Internet Access: Used for:
    • Submitting feedback (user-initiated only)
    • In-app purchase verification through app stores
    • Sapplify Account sign-in and Sapplify Sync data transfer (only if you have connected an account)
    • Sending anonymous diagnostic (crash/performance) data
    • Opening links to our website, support pages, or privacy policy
    • Checking for app updates through app stores
  • Billing Permission (Android): Required for in-app purchases through Google Play

Optional Permissions

  • Camera: To take a photo for a moment, only when you choose to add one
  • Photo Library: To attach an existing photo to a moment, only when you choose one
  • Microphone: To record a voice moment, only while you are recording
  • Notification Access: For your morning/evening nudge reminders, only if you enable them

Platform-Specific Permissions

Android:

  • CAMERA - To capture a photo for a moment
  • READ_MEDIA_IMAGES - To attach an existing photo to a moment
  • RECORD_AUDIO - To record a voice moment
  • INTERNET - Network access for feedback, purchases, sync, and diagnostics
  • BILLING - Google Play in-app purchases
  • POST_NOTIFICATIONS (Android 13+) - Local reminder notifications

iOS:

  • Camera access - For photo moments
  • Photo library access - For attaching existing photos to moments
  • Microphone access - For voice moments
  • User notifications - For reminder notifications

Permissions We DO NOT Request

  • Contact list access
  • Location services (GPS)
  • Calendar access
  • Health app integration (HealthKit/Google Fit)
  • Background location or tracking

8. Purchases & Payments

sDiary offers two independent purchases:

  • sDiary Pro (one-time, per-app): Unlocks Threads, voice moments, unlimited photos per day, full-history search, and Year-Review. There is no time-limited trial — the free tier itself is fully usable indefinitely (intention, moments, sealing your book).
  • Sapplify Sync (subscription or lifetime, suite-wide): Optional cross-device cloud sync and the Trusted Reader feature, working across every Sapplify app you sign into. Sold and billed separately by Apple or Google. See the Sapplify Account Terms of Service for full pricing, trial, cancellation, and refund details.

Both are independent: buying one does not grant the other.

Pro Features

  • Threads (recurring phrase detection)
  • Voice moments
  • Unlimited photos per day
  • Full-history search
  • Year-Review

Payment Processing

All payments are processed exclusively through official app stores:

What We Track

  • Whether you have purchased Pro (boolean status)

What We DO NOT Track

  • Credit card or payment method details
  • Billing address or name
  • Transaction IDs or purchase receipts
  • Purchase history or amounts

We never see or store your payment details. All payment processing, refunds, and subscription management is handled entirely by the respective app store.

9. Trusted Reader

Trusted Reader lets you invite one person to read the sealed days you choose to share. This section explains exactly how it works and what data is involved.

How It Works

  • You invite a Trusted Reader by email from inside the app. This requires an active Sapplify Sync subscription on your account.
  • You choose a visibility level: today only, the last 7 sealed days, or your full history.
  • You can turn on or off a notification to your reader whenever you seal a new day.
  • Your reader must accept the invitation, using their own Sapplify Account, before they can see anything.
  • You can revoke access at any time from Settings, immediately cutting off their view.

What Your Trusted Reader Can See

Only the sealed days within the visibility level you've set, for as long as the relationship is active. They cannot see unsealed (in-progress) days, your Threads results, or any other part of your account.

What We Do With This Data

The invited email address, the visibility level, the notify preference, and the relationship's invited/accepted/revoked timestamps are stored on our servers (Supabase, EU) so the sharing relationship can function across both accounts. We do not read or analyze the shared journal content ourselves; we only relay it between the two accounts you've connected.

Revoking Access

You can revoke a Trusted Reader relationship at any time from Settings. Revocation is immediate: your reader loses access the next time their app syncs.

Note on notifications:

At launch, your Trusted Reader is notified of a newly sealed day only when their app next syncs; real-time push notification to readers is planned for a future release.

10. Data Sharing

We are committed to keeping your journal content private. Here's our complete data sharing policy:

We DO NOT Share Your Journal Content

  • We DO NOT sell your data to anyone
  • We DO NOT share data with advertisers or marketing companies
  • We DO NOT share data with data brokers or analytics firms
  • We DO NOT share data with social media platforms
  • We DO NOT share your journal content with any third party for the local app data covered by this policy. If you enable Sapplify Sync, your data is processed by the sub-processors listed in the Sapplify Account Privacy Policy §6.

The only person who can ever see your journal content besides you is a Trusted Reader you explicitly invite, and only the sealed days within the visibility level you set (see Section 9).

User-Initiated Data Sharing

You have full control over sharing your data through the export feature:

  • Export format: A ZIP archive containing Markdown files for each sealed day, plus your original photos and voice recordings
  • What you can export: Your entire book — all sealed days, intentions, moments, and reflections
  • You choose recipients: Email, cloud storage, or wherever you choose to save the file

Important:

When you export and share your data, recipients have their own privacy policies. We recommend reviewing their practices before sharing personal content.

Legal Requirements

We may disclose information if required by law, such as in response to a valid court order or government request. We will notify you of such requests when legally permitted. We have never received such a request to date.

11. Third-Party Services

sDiary minimizes third-party dependencies to protect your privacy. The following services may be involved when you use the app:

App Distribution & Purchases

  • Apple App Store: App distribution and in-app purchases for iOS - Privacy Policy
  • Google Play Store: App distribution and in-app purchases for Android - Privacy Policy

First-Party Services (Our Own Servers)

  • Sapplify API: Our own server (Frankfurt, Germany) for processing user-submitted feedback
  • Sapplify Analytics: Our own in-house crash and performance reporting (Frankfurt, Germany) — not a third-party analytics provider

Sapplify Account and Sync (if you connect one)

If you connect a Sapplify Account or enable Sapplify Sync, additional sub-processors are involved (Supabase for the database and authentication, Resend for transactional email, and Anthropic conditionally for any AI features). The full list, with roles, locations, and links, is in the Sapplify Account Privacy Policy §6.

What We DO NOT Use

  • No Google Analytics or any third-party analytics service
  • No Firebase Analytics or Crashlytics
  • No advertising networks (Facebook Ads, Google Ads, etc.)
  • No social media SDKs or integrations
  • No user tracking or behavioral analytics

Fonts

The app includes fonts locally bundled within the app. No external font loading or requests are made during app use.

12. Data Security

We implement security measures to protect your journal content:

Local Data Security

Local Database

All journal content stored in SQLite on your device's protected app storage

App Sandboxing

Data protected by iOS/Android app isolation

No sDiary cloud by default

We do not operate cloud servers that store your journal content unless you opt in to Sapplify Sync

No remote access to local data

We cannot access data stored only on your device under any circumstances

Device Cloud Backup Disclosure

By default sDiary does not transmit your journal content to its own servers. Independently of Sapplify Sync, your data (including photos and voice recordings) may also be included in your device's native cloud backup services if you have them enabled:

  • iOS: Your sDiary data may be included in iCloud Backup if you have this service enabled. Apple encrypts iCloud backups, but your data would be stored on Apple's servers.
  • Android: Your sDiary data may be included in Google One or device backups if you have backup enabled. Google encrypts these backups, but your data would be stored on Google's servers.

This is your choice and responsibility. Cloud backup allows you to restore your book if you switch devices or reinstall the app. You can manage your device's cloud backup settings:

  • iOS: Settings > [Your Name] > iCloud > iCloud Backup, or exclude specific apps under iCloud > Manage Storage
  • Android: Settings > Google > Backup

We are not responsible for the security or privacy practices of Apple, Google, or other third-party cloud backup providers. Please review their respective privacy policies if you use their backup services.

Sync Transmission Security

  • All network communications use HTTPS/TLS encryption
  • Server located in Frankfurt, Germany (EU jurisdiction)
  • Sapplify Sync is not end-to-end encrypted. Your data is encrypted in transit (TLS) and at rest, but Sapplify-side service-role access could in principle read the contents (we do not, except as needed to operate the service, such as powering Trusted Reader sharing). See the Sapplify Account Privacy Policy §9 for the full disclosure

Limitations

Please note:

  • The local SQLite database is not encrypted at rest (relies on device security)
  • Security depends significantly on your device's own security measures

Your Responsibility

To maximize security of your journal content, we recommend:

  • Enable device lock screen protection (PIN, password, biometric)
  • Keep your device operating system and sDiary app updated
  • Review your device's cloud backup settings if you wish to prevent cloud storage of your journal content
  • Be cautious when sharing exported data
  • Do not use sDiary on shared or public devices
  • Create regular local backups using the export feature

13. Data Retention & Deletion

Journal Content Retention

  • All local journal content (intentions, moments, reflections) is stored on your device indefinitely until you delete it
  • For local data, we have no access and cannot delete it remotely; you have complete control
  • If you have enabled Sapplify Sync, a server-side copy of the same data is also retained while your Sapplify Account exists. See the Sapplify Account Privacy Policy §8 for the Sync retention table

Trusted Reader Data Retention

  • The invited email address, visibility level, and timestamps are retained on our servers while the relationship is active
  • This data is deleted when you revoke the relationship or delete your Sapplify Account

Diagnostic Data Retention

  • Crash and performance data is retained only as long as needed to diagnose issues and improve app reliability
  • It is not linked to your journal content and cannot be used to reconstruct it

Feedback Data Retention

  • Submitted feedback is retained on our servers for up to 2 years
  • Feedback is used to improve the app and respond to inquiries
  • You can request deletion of feedback data by contacting us

How to Delete Your Data

Delete All Local Data

Within the app: Go to Settings > Delete All Data. This permanently removes all intentions, moments, reflections, and settings from your device.

Complete Data Removal

Uninstalling the app removes all local data.

Revoke Trusted Reader

Go to Settings > Trusted Reader > Revoke. This immediately ends the relationship; see Section 9.

Delete Sapplify Account (if connected)

If you have connected a Sapplify Account, deleting it from inside the app (Settings > Account > Delete) immediately hard-deletes all server-side data, including any Sapplify Sync data and Trusted Reader relationships. See the Sapplify Account Privacy Policy §13.

Delete Feedback Data

Email privacy@sapplify.com to request deletion of any feedback you have submitted.

14. Your Rights

You have comprehensive rights over your personal data:

General Rights (All Users)

  • Access: View all your content within the app at any time
  • Export: Download your complete book as a ZIP archive
  • Correction: Edit any moment or setting directly in the app (sealed days are locked by design once sealed)
  • Deletion: Delete individual entries or all data at any time
  • Withdraw Consent: Stop using the app and delete your data at any time

GDPR Rights (EU/EEA Users)

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access (Art. 15): Request confirmation of what personal data we process
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format (export)
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA/CPRA Rights (California Users)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: What personal information is collected, used, and disclosed
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

We do not sell or share your personal information. We do not "sell" your data as defined by the CCPA, nor do we "share" it for cross-contextual behavioral advertising. We have no advertising in our app and do not monetize your data.

Sensitive Personal Information: Your journal entries are Personal Information under the CCPA. sDiary does not ask you to disclose any category of Sensitive Personal Information (such as health conditions, racial or ethnic origin, religious beliefs, or sex life). If anything you voluntarily write happens to reveal such a category, that portion is treated as Sensitive Personal Information under California law, and you can exercise the rights below over it just as you can any other entry.

Right to Limit Sensitive Personal Information

California law provides the right to limit the use and disclosure of sensitive personal information.

For local data (the default mode of sDiary), all processing is on your device:

  • You can delete individual moments or entire days at any time within the app
  • You can delete all historical data via Settings, which immediately terminates all local Threads analysis of that data
  • You can uninstall the app to remove all local data from your device

For server-side data (only if you have enabled Sapplify Sync), see the Sapplify Account Privacy Policy §12. The fastest path to exercise the right to limit is to delete your Sapplify Account from inside the app, which immediately hard-deletes all Sync data from our servers.

UK GDPR Rights (United Kingdom Users)

Following Brexit, the United Kingdom has adopted the UK GDPR, which mirrors the EU GDPR with minor modifications. For users in the United Kingdom:

  • All references to GDPR in this policy include the UK GDPR as retained in UK law
  • You have the same rights as EU users listed above (access, rectification, erasure, restriction, portability, objection)
  • You may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk

LGPD Rights (Brazil Users)

Users in Brazil have rights under the Lei Geral de Proteção de Dados (LGPD), which are similar to GDPR rights:

  • Confirmation and Access: Confirm whether we process your data and access it
  • Correction: Request correction of incomplete, inaccurate, or outdated data
  • Anonymization, Blocking, or Deletion: Request anonymization or deletion of unnecessary or excessive data
  • Data Portability: Request transfer of your data to another service provider
  • Information about Sharing: Know which third parties have access to your data
  • Revocation of Consent: Withdraw consent at any time

For local data, you can exercise these rights directly within the app. For Sapplify Sync data on our servers (if you have enabled Sync), see the Sapplify Account Privacy Policy. For questions about LGPD compliance, contact us at privacy@sapplify.com.

Exercising Your Rights

For local data, you can exercise most rights directly within the app. For rights related to feedback data or diagnostic data, contact us at privacy@sapplify.com. For rights over server-side Sync data (if you have enabled Sapplify Sync), see the Sapplify Account Privacy Policy §12.

We will respond to verified requests within 30 days (or 45 days for complex requests, with notification).

15. Children's Privacy

sDiary is intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13. In some EU/EEA member states, the minimum age for consenting to data processing may be higher (up to 16 years) under GDPR Article 8; that higher age applies where required by local law.

  • If you use sDiary without a Sapplify Account, all journal content is stored only on your device and we have no access to it or to your age
  • If you connect a Sapplify Account, you confirm that you meet the minimum age requirement in your jurisdiction
  • Trusted Reader requires both people to have a Sapplify Account and is intended for adult users sharing with another trusted adult; it is not designed as a parental-monitoring tool for a minor's account
  • Parents or guardians of a minor using sDiary locally, without an account, should supervise use; all local data can be removed via Settings > Delete All Data or by uninstalling the app

Parental Notice

If you are a parent or guardian and discover your child under 13 has been using sDiary:

  • If the child has not enabled Sapplify Sync, all journal content is stored only on their device and we have no access to it
  • To remove all local data: Uninstalling the app permanently deletes all local journal content from the device, or use Settings > Delete All Data
  • If the child connected a Sapplify Account, delete the account from inside the app (Settings > Account > Delete) to immediately hard-delete all server-side data; see the Sapplify Account Privacy Policy §13

If you believe your child under 13 has submitted feedback through the app (which would be transmitted to our server), please contact us at privacy@sapplify.com and we will delete any such data promptly.

16. International Users

sDiary is available to users worldwide.

App Language

The sDiary app interface is currently available in English. Sign-in and account screens (shared across the Sapplify suite) support 18 languages, matching your Sapplify Account. This website, including this policy, is also available in 18 languages.

Local-only data (default)

By default, all journal content is stored on your device. In that mode there are no cross-border data transfers for your intentions, moments, or reflections.

Sapplify Sync data (if enabled)

If you have enabled Sapplify Sync, your data is transferred to and stored in Supabase's EU region (Frankfurt). See the Sapplify Account Privacy Policy §7 for full residency and international-transfer details.

Feedback and Diagnostic Data

If you choose to submit feedback, or when the app automatically sends diagnostic data, it is processed on servers located in Frankfurt, Germany (European Union). This means:

  • EU users: Data remains within the EU
  • Non-EU users: Data is transferred to the EU, which maintains high data protection standards under GDPR

17. Data Breach Notification

By default, sDiary does not send your journal content to any server, so there is no per-app server-side breach surface for that data. This section covers the cases where server-side data does exist.

Local data on your device

Your intentions, moments, reflections, and Threads results are stored locally on your device. They are not affected by any server-side incident on our side. To protect them, keep your device locked, your operating system patched, and avoid installing apps from unknown sources.

Voluntary feedback and diagnostic data

Feedback you submit, and the automatic diagnostic data described in Section 3, are sent to our servers (Frankfurt, EU). In the unlikely event of a security incident there, the following could be affected:

  • Feedback messages and their metadata
  • Email addresses you voluntarily provided in feedback
  • App version, device model, and OS information
  • Crash reports and event names (never your journal content)

In that event we will investigate the scope, notify the Slovak Office for Personal Data Protection within 72 hours under GDPR Article 33, and notify you without undue delay under Article 34 if the breach poses a high risk to your rights.

Sapplify Sync data (if you have enabled Sync)

If you have connected a Sapplify Account and enabled Sapplify Sync, your journal content and Trusted Reader settings are also held on our servers (Supabase, EU region). Breach notification for that data follows the same 72-hour authority notification and high-risk user-notification process and is described in the Sapplify Account Privacy Policy §10.

To date, we have not experienced a personal data breach affecting sDiary users.

18. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, add new features, or comply with legal requirements.

How We Notify You

When we make material changes, we will notify you by:

  • Displaying an in-app notification requiring acknowledgment
  • Updating the "Last updated" date at the top of this policy
  • Requiring re-acceptance for significant changes (tracked within the app)
  • Updating the privacy policy in app store descriptions

Version Tracking

The app tracks which version of the Terms of Service and Privacy Policy you have accepted. If we make significant changes, you will be prompted to review and accept the updated policies.

Your Continued Use

Your continued use of sDiary after changes are posted constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the app and delete your data.

We encourage you to review this Privacy Policy periodically.

19. Governing Law

This Privacy Policy and any disputes arising from it are governed by the laws of the Slovak Republic, without regard to conflict of law principles.

Jurisdiction

For users in the European Union, any disputes shall be subject to the jurisdiction of the courts in Slovakia, unless mandatory consumer protection laws in your country of residence provide otherwise.

EU Users - Supervisory Authority

If you are located in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

As we are based in Slovakia, our lead supervisory authority is:

Urad na ochranu osobnych udajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hranicna 12
820 07 Bratislava 27
Slovak Republic
Website: dataprotection.gov.sk
Email: statny.dozor@pdp.gov.sk

Dispute Resolution

We encourage you to contact us first at privacy@sapplify.com to resolve any concerns or disputes. We are committed to working with you to reach a fair resolution.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

General Inquiries:
contact@sapplify.com

Privacy & Data Protection:
privacy@sapplify.com

Postal Address:
Anthony Eli Rasch - sapplify
PO Box 004
91501 Nove Mesto nad Vahom
Slovakia

Response Time

We are committed to addressing your privacy concerns and will respond to your inquiry within 30 days. For complex requests, we may extend this by an additional 60 days with notification.

Data Protection Requests

For specific data protection requests (access, deletion, correction of feedback data), please include:

  • A clear description of your request
  • The email address used when submitting feedback (if applicable)
  • Any relevant details to help us locate your data

We may need to verify your identity before processing certain requests.

Back to Policies

Questions About This Policy?

If you have any questions or concerns about our privacy practices for your journal content, please don't hesitate to contact us.

Contact Us →