Dayline AI

PRIVACY POLICY

Last Updated: January 16, 2026

Introduction

This Privacy Policy explains how AllBlazing BV ("we," "our," or "us") processes your personal data when you use Dayline AI ("App"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Dutch data protection laws.

Data Controller

AllBlazing BV
c/o Dayline AI, Buitenwatersloot 81
2613 TB Delft, The Netherlands
KvK: 83648941
Email: support@daylineai.com

Types of Data We Process

Health Data: We access health data from Apple Health only with your explicit consent. This includes Heart Rate Variability (HRV), Resting Heart Rate (RHR), Sleep Analysis, and Activity/Exercise data. All health data is processed locally on your device and is never transmitted to our servers.

App Data: We store locally on your device: widget display settings, cached insights (last 7-21 days depending on subscription), and calculated health baselines. This data is stored using iOS UserDefaults and App Groups.

Legal Basis for Processing (GDPR Article 6)

  • Health Data (Special Category Data under GDPR Article 9): Processed based on your explicit consent. You provide consent when you grant Apple Health permissions. You can withdraw consent at any time through iOS Settings > Privacy & Security > Health > Dayline AI.
  • App Preferences: Processed based on contract performance (necessary to provide the App's functionality).
  • Analytics: Processed based on legitimate interest (improving app performance and user experience). You can opt out via iOS Settings > Privacy & Security > Analytics.

Note: Health data is considered 'special category data' under GDPR, requiring explicit consent. Withdrawing consent will disable the App's core functionality, as health data processing is essential for generating insights.

How We Use Your Data

Health data is used solely to: (1) calculate patterns and trends in your biometrics, (2) generate personalized insights, and (3) display information in the widget. Health data never leaves your device. We do not sell, rent, or share health data with third parties.

Data Storage and Security

Data Storage Locations:

  • Health Data: Stored exclusively in Apple Health on your device. We only read this data; we never store copies on our servers.
  • App Data: Stored locally on your device using iOS UserDefaults and App Groups (widget data sharing).
  • Cloud Sync: We use iCloud Key-Value Store only to sync your Pro subscription status across devices (not health data).
  • Third-Party Processing: Anonymized metrics are temporarily sent to OpenAI (US) and Firebase/Google (EU/US) for processing, as described in the AI-Powered Processing section.

Security Measures:

  • All data on your device is encrypted using iOS security features
  • Health data access requires explicit user consent via iOS Apple Health permissions
  • API communications use industry-standard encryption
  • We implement data minimization: only necessary data is processed

Data Retention

Cached insights are retained for 7 days (Free users) or 21 days (Pro users), after which they are automatically deleted. Health baselines are calculated from the same retention periods. You can delete all app data at any time through Settings > Delete All Data.

AI-Powered Processing and Third-Party Services

Dayline AI uses artificial intelligence (AI) to generate personalized health insights. The AI system analyzes anonymized health metrics and patterns to create daily insights.

AI System Details:

  • AI Provider: We use a third-party AI service provider to generate insights.
  • Data Sent: Anonymized health metrics only. No personally identifiable information is sent.
  • Data Location: AI processing may occur outside the EU. We ensure appropriate safeguards (Standard Contractual Clauses) are in place for data transfers.
  • AI Limitations: Insights are generated by AI and are for informational purposes only. They are not medical diagnoses or professional health advice.
  • Human Oversight: AI-generated content may contain errors or inaccuracies.

Analytics: We use analytics services to track app usage and performance. Analytics data is anonymized and does not include health data. You can disable analytics in iOS Settings > Privacy & Security > Analytics.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of all personal data we hold about you. View cached insights through Settings > Insight History, or contact support@daylineai.com for a complete export.
  • Right to Rectification (Article 16): Correct inaccurate data. Modify app preferences in Settings. Health data accuracy depends on your devices and Apple Health.
  • Right to Erasure (Article 17): Request deletion of your data. Delete all app data via Settings > Delete All Data, or contact support@daylineai.com. Note: We cannot delete data already processed by OpenAI (subject to their 30-day retention).
  • Right to Restrict Processing (Article 18): Limit how we process your data. Revoke Apple Health permissions in iOS Settings > Privacy & Security > Health > Dayline AI.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format. Contact support@daylineai.com to request an export of your insight history.
  • Right to Object (Article 21): Object to processing based on legitimate interests. Withdraw consent at any time through iOS Settings. You can also disable analytics in iOS Settings > Privacy & Security > Analytics.
  • Right to Withdraw Consent: You may withdraw consent for health data processing at any time through iOS Settings. This will disable the App's core functionality.

To exercise any of these rights, contact us at support@daylineai.com. We will respond within one month (or explain if we need more time). If you are not satisfied with our response, you may lodge a complaint with the Dutch Data Protection Authority.

Children's Privacy

The App is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child under 18 has provided us with personal data, please contact us immediately at support@daylineai.com and we will delete such data promptly.

Note: The app requires users to be 18+ to provide valid consent for health data processing under GDPR. Users under 18 should not use this app without parental supervision and consent.

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach
  • Notify you without undue delay if the breach poses a high risk to your rights
  • Provide clear information about the nature of the breach, likely consequences, and measures taken

Given that health data is stored locally on your device and never transmitted to our servers, the risk of a data breach affecting your health data is minimal. Any breach would likely affect only app preferences and cached insights stored locally.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the App or via email. The "Last Updated" date at the top indicates when this policy was last revised.

Contact Us

Data Protection Officer: Not required for companies under 250 employees, but you may contact us directly.
Email: support@daylineai.com
Response Time: We aim to respond to data protection inquiries within 30 days, as required by GDPR.

If you have questions about this Privacy Policy, wish to exercise your GDPR rights, or have concerns about data processing, please contact us at support@daylineai.com

EU AI Act Compliance

Dayline AI uses AI systems that process health data, which may be classified as 'high-risk' under the EU AI Act. We comply with the following requirements:

  • Transparency: We clearly disclose that AI is used to generate insights.
  • Risk Management: We implement measures to ensure AI-generated insights are appropriate and do not provide medical advice or diagnoses.
  • Human Oversight: AI-generated content may contain errors.
  • Accuracy and Robustness: We implement validation to ensure insights meet quality standards.
  • Data Governance: We use anonymized health metrics for AI processing.
  • Limitations Disclosure: We clearly state that insights are informational only and not medical advice.

AI System Classification: The AI system may be considered 'high-risk' under the EU AI Act due to processing health data. Full EU AI Act obligations, including mandatory conformity assessment, apply from August 2, 2026 for high-risk systems.

Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 - 888 85 00
Address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, The Netherlands

Download