Dayline AI

PRIVACY POLICY

Last Updated: February 4, 2026

Introduction

This Privacy Policy explains how AllBlazing BV ("we," "our," or "us") processes your personal data when you use Dayline AI ("App"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Dutch GDPR implementation law (UAVG), and Apple's App Store requirements. This policy is written in clear language so you can understand what data we collect, why we use it, and how you can control it.

Summary (At a glance)

What we collect: Health data from Apple Health (with your consent), approximate location at city level only (for weather, with your consent), and limited calendar information (whether you have long events—no titles or details). We also store app preferences and cached insights on your device.

How we use it: To generate your daily Dayline insight and to provide app functionality. We do not sell your data. We do not use your data for tracking or advertising purposes.

Sharing: Anonymized metrics and limited context (e.g. city-level location, calendar context) may be sent to our AI provider to generate insights, and to analytics services for app performance. We use appropriate safeguards for any transfers outside the EEA.

Your control: You can withdraw Health, Location, and Calendar access at any time in iOS Settings. You can request access, deletion, or export by contacting us. We respond within 30 days.

Data Controller

AllBlazing BV
c/o Dayline AI, Buitenwatersloot 81
2613 TB Delft, The Netherlands
KvK: 83648941
Email: support@daylineai.com

Types of Data We Process

Health Data: We access health data from Apple Health only with your explicit consent. This includes Heart Rate Variability (HRV), Resting Heart Rate (RHR), Sleep Analysis, and Activity/Exercise data. All health data is processed locally on your device and is never transmitted to our servers.

Location (Apple Weather): With your permission, we use Apple Weather, which may use your approximate location at city level only. We do not access, store, or use precise location (e.g. GPS coordinates). City-level location is used only to provide weather context for your Dayline.

Calendar (Apple Calendar): With your permission, we access Apple Calendar only to detect long-duration events. We do not access event titles, descriptions, locations, or any other specific calendar details—only information about whether you have long events, to help contextualize your day in your Dayline.

App Data: We store locally on your device: widget display settings, cached insights (last 7-21 days depending on subscription), and calculated health baselines. This data is stored using iOS UserDefaults and App Groups.

Purposes of Processing

We process your data only for the following purposes: (1) to generate and display your daily Dayline insight; (2) to provide weather context using city-level location; (3) to contextualize your day using calendar information (long events only); (4) to operate and improve the App (including analytics). We do not process your data for any other purpose. You are not legally required to provide data to us; however, without health data we cannot provide the core Dayline feature. Location and calendar are optional and can be denied in iOS Settings.

Legal Basis for Processing (GDPR Article 6 and 9)

  • Health Data (Special Category Data under GDPR Article 9): Processed based on your explicit consent. You provide consent when you grant Apple Health permissions. You can withdraw consent at any time through iOS Settings > Privacy & Security > Health > Dayline AI.
  • Location (city only): Processed based on your explicit consent when you enable Apple Weather or location for the App. You can withdraw consent in iOS Settings > Privacy & Security > Location Services > Dayline AI.
  • Calendar (long events only): Processed based on your explicit consent when you grant calendar access. You can withdraw consent in iOS Settings > Privacy & Security > Calendars > Dayline AI.
  • App Preferences: Processed based on contract performance (necessary to provide the App's functionality).
  • Analytics: Processed based on legitimate interest (improving app performance and user experience). You can opt out via iOS Settings > Privacy & Security > Analytics.

Note: Health data is considered 'special category data' under GDPR, requiring explicit consent. Withdrawing consent will disable the App's core functionality, as health data processing is essential for generating insights.

How We Use Your Data

Health data is used solely to calculate patterns and trends, generate your Dayline insight, and display it in the widget. Health data never leaves your device.

City-level location is used only for weather context; calendar access only to consider long events (no titles or details are read or stored). See Summary above for our commitments on selling and tracking.

Data Storage and Security

Data Storage Locations:

  • Health Data: Stored exclusively in Apple Health on your device. We only read this data; we never store copies on our servers.
  • App Data: Stored locally on your device using iOS UserDefaults and App Groups (widget data sharing).
  • Location & Calendar: We do not store your precise location or any specific calendar event details. City-level location and calendar context (long events only) are used at the time of generating your Dayline and are not retained in our app storage.
  • Cloud Sync: We use iCloud Key-Value Store only to sync your Pro subscription status across devices (not health data).
  • Third-Party Processing: Anonymized metrics (and where relevant, city-level location and calendar context such as presence of long events—no specific calendar details) may be temporarily sent to our AI provider and analytics services, as described in the AI-Powered Processing section.

Security Measures:

  • All data on your device is encrypted using iOS security features
  • Health data access requires explicit user consent via iOS Apple Health permissions
  • API communications use industry-standard encryption
  • We implement data minimization: only necessary data is processed

Data Retention

Cached insights are retained for 7 days (Free users) or 21 days (Pro users), after which they are automatically deleted. Health baselines are calculated from the same retention periods. We do not retain city-level location or calendar context after your Dayline is generated. Data sent to our AI provider may be retained by them according to their policy (typically up to 30 days); we do not control that retention. You can delete all app data at any time through Settings > Delete All Data.

AI-Powered Processing and Third-Party Services

Dayline AI uses artificial intelligence (AI) to generate personalized health insights. The AI system analyzes anonymized health metrics and patterns to create daily insights.

AI System Details:

  • AI Provider: We use a third-party AI service provider to generate insights.
  • Data Sent: Anonymized health metrics; where used for context, city-level location (e.g. for weather) and calendar context (e.g. whether you have long events—no event titles or details). No other personally identifiable information is sent.
  • Data Location & Transfers: AI processing may occur outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, in compliance with GDPR Chapter V. You may request a copy of the safeguards by contacting us.
  • AI Limitations: Insights are generated by AI and are for informational purposes only. They are not medical diagnoses or professional health advice.
  • Human Oversight: AI-generated content may contain errors or inaccuracies.

Sub-processors: We use sub-processors (e.g. our AI provider and analytics provider) to provide the App. We have contracts in place that require them to process data only on our instructions and to protect your data in line with GDPR (Article 28).

Analytics: We use analytics services to track app usage and performance. Analytics data is anonymized and does not include health data. You can disable analytics in iOS Settings > Privacy & Security > Analytics.

No tracking or advertising: We do not use your personal data for cross-app or cross-website tracking, and we do not use your data for advertising purposes. Data is used only to provide the App's functionality and to improve the App.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of all personal data we hold about you. View cached insights through Settings > Insight History, or contact support@daylineai.com for a complete export.
  • Right to Rectification (Article 16): Correct inaccurate data. Modify app preferences in Settings. Health data accuracy depends on your devices and Apple Health.
  • Right to Erasure (Article 17): Request deletion of your data. Delete all app data via Settings > Delete All Data, or contact support@daylineai.com. Note: Data already sent to our AI provider may be subject to that provider's retention policy (typically up to 30 days); we do not control their systems.
  • Right to Restrict Processing (Article 18): Limit how we process your data. Revoke Apple Health permissions in iOS Settings > Privacy & Security > Health > Dayline AI. You can also revoke location (Location Services > Dayline AI) and calendar access (Calendars > Dayline AI) at any time.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format. Contact support@daylineai.com to request an export of your insight history.
  • Right to Object (Article 21): Object to processing based on legitimate interests. Withdraw consent at any time through iOS Settings. You can also disable analytics in iOS Settings > Privacy & Security > Analytics.
  • Right to Withdraw Consent: You may withdraw consent for health data processing at any time through iOS Settings. This will disable the App's core functionality.

To exercise any of these rights, contact us at support@daylineai.com. We will respond within one month, as required by GDPR (or explain in writing if we need an extension). If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (see Supervisory Authority below).

Children's Privacy

The App is intended for users aged 18 and over. Under GDPR, valid consent for health data processing requires users to be 18+ (or parental consent for younger users). We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, contact us at support@daylineai.com and we will delete it promptly.

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach
  • Notify you without undue delay if the breach poses a high risk to your rights
  • Provide clear information about the nature of the breach, likely consequences, and measures taken

Given that health data is stored locally on your device and never transmitted to our servers, the risk of a data breach affecting your health data is minimal. Any breach would likely affect only app preferences and cached insights stored locally.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the App or via email. The "Last Updated" date at the top indicates when this policy was last revised.

Contact Us

For questions about this policy, to exercise your rights, or for data protection concerns, contact us at support@daylineai.com. We aim to respond within 30 days as required by GDPR. (A Data Protection Officer is not required for companies under 250 employees; we handle inquiries directly.)

EU AI Act Compliance

Dayline AI uses AI systems that process health data, which may be classified as 'high-risk' under the EU AI Act. We comply with the following requirements:

  • Transparency: We clearly disclose that AI is used to generate insights.
  • Risk Management: We implement measures to ensure AI-generated insights are appropriate and do not provide medical advice or diagnoses.
  • Accuracy and Robustness: We implement validation to ensure insights meet quality standards.
  • Data Governance: We use anonymized health metrics for AI processing.
  • Limitations Disclosure: We clearly state that insights are informational only and not medical advice.

AI System Classification: The AI system may be considered 'high-risk' under the EU AI Act due to processing health data. Full EU AI Act obligations, including mandatory conformity assessment, apply from August 2, 2026 for high-risk systems.

Supervisory Authority

You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 - 888 85 00
Address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ Den Haag, The Netherlands

Download