Skip to content
JaapDaily

Privacy Policy

Effective date: 18 May 2026. Data controller: Dishika Singh, sole developer of JaapDaily, contactable at support@jaapdaily.com. This policy is written in plain English by the developer and has not been reviewed by a lawyer. If you are an EU/UK user with a question about your rights under GDPR or UK GDPR, see Section 14 below or write to the email above.
Anonymous by default. Sign-in is optional — only needed for cloud sync.

The app works fully without an account. If you sign in, your practice data syncs across devices via Firebase — but sign-in is never required and never will be. This website uses standard marketing analytics, with consent. All three surfaces are described below.

1. What this policy covers

The Jaap Daily mobile app on iOS and Android, the Apple Watch companion, the iOS and Android home-screen widgets, and this website, jaapdaily.com.

2. Anonymous mode — what we do not collect

Anonymous mode is the default when you install the app. In this mode: no name, no email, no phone number, no location, no contacts. No account is required. The app contains no analytics SDK, no advertising SDK, and no crash reporting that transmits user data. The iOS app does not present an App Tracking Transparency prompt in anonymous mode because it performs no tracking as defined by Apple.

3. Optional sign-in — what an account collects

Sign-in is optional and exists solely to enable cloud sync across your devices. You can use every feature of the app without one. If you choose to sign in, the data collected depends on your method:

  • Phone number. Your phone number. Used for authentication only — we do not use it for calls, SMS marketing, or any other purpose.
  • Email and password. Your email address. Used for authentication and, if needed, account recovery.
  • Google Sign-In. Your Google account email and display name, as provided by Google.
  • Sign in with Apple. Your Apple ID email address. Apple lets you hide your real email behind a relay address — if you choose that option, we receive only the relay address. We do not receive your Apple ID password.

None of the above is used for advertising, analytics, profiling, or any purpose other than authentication and syncing your practice data to your account.

4. Religious-practice data is treated as special-category data

The naam, mantra, deity, and mala size you choose reveal religious belief. Under GDPR Article 9 and equivalent laws elsewhere, this is "special category" data deserving heightened protection. In anonymous mode this data never leaves your device. If you sign in and enable cloud sync, your practice data (sessions, streaks, naams, settings) is stored in Firebase under your account — encrypted in transit and at rest. We do not read it, sell it, or use it for any purpose other than returning it to your devices when you sign in.

5. What lives on your device

Session history, streaks, custom naams, settings, in-app purchase status, Apple Watch session data (synced device-to-device over Apple's WatchConnectivity framework), and home-screen widget snapshot data (read from a private App Group on iOS / private SharedPreferences on Android). In anonymous mode all of this stays on device only. If you are signed in, this data is also backed up to Firebase as described in Section 7.

6. What the app transmits

For anonymous users, three things and nothing else. For signed-in users, those three plus authentication and sync data.

  • In-app purchases. Apple's StoreKit and Google's Play Billing handle donations. The transaction goes between your device and the platform, not through us. To support "Restore Purchases," Apple and Google link the purchase to your Apple ID or Google account; we receive only an anonymous purchase token, not your account identity.
  • Notifications. Streak reminders and milestone celebrations are scheduled and delivered locally on your device using the operating system's local-notification facilities. We do not run a push-notification server, and no device token leaves your device.
  • Mantra Library updates (planned). When this ships, the app will fetch updated mantra text from our content endpoint over HTTPS without sending any identifier. The request is equivalent to a static asset fetch.
  • Authentication (signed-in users only). Your sign-in credential (phone number, email, or third-party token) is sent to Firebase Authentication over HTTPS to verify your identity. Firebase issues a session token stored securely on your device.
  • Cloud sync (signed-in users only). Your practice data is encrypted and synced to Firebase under your authenticated account. It is not readable by us.

7. Cloud sync

Cloud sync is available now for signed-in users. It is opt-in — you activate it by creating an account. It syncs your sessions, streaks, naams, and settings across all devices where you sign in with the same account. Signing out on a device stops sync on that device; the local copy remains. Deleting your account permanently removes all synced data from our servers — see the Delete Data page for step-by-step instructions.

8. This website — what we collect

With your consent (via the cookie banner), this site uses Google Analytics 4 to understand which pages people read and Meta (Facebook) Pixel to measure ad-campaign effectiveness. Both set cookies in your browser. Both are off by default — they only activate after you click Accept on the banner. If you click Reject, or do nothing, neither runs.

A note about Meta Pixel: by design, Meta Pixel sends data back to Meta, which may use it to retarget ads to you on Facebook and Instagram. We use it only to measure ad-campaign effectiveness, but we cannot control Meta's secondary use. If this is uncomfortable for you, click Reject and Meta will see nothing.

9. Why we use analytics on the marketing site but not in the app

The website's job is to help people find an app that helps them. Analytics tell us which channel sent you, which page convinced you, which one bored you. The app's job is to be a quiet, trustworthy tool — analytics there would betray the practice. We hold both lines.

10. What GA4 and Meta Pixel see if you accept

Pages you visit on jaapdaily.com, your approximate region (city-level), device type, and referrer. They do not see what you do inside the app.

11. Withdrawing consent

Click the "Cookies" link in our footer to reopen the banner and change your choice.

12. Children

We do not knowingly collect data from anyone under 13. If you are a parent and believe a child has created an account or used our website's contact form to share information, email us and we will delete it promptly.

13. Third-party services we use

Apple App Store and Google Play (distribution and in-app purchases), Firebase Authentication and Firestore (optional sign-in and cloud sync, operated by Google LLC), Google Sign-In (optional sign-in method), Sign in with Apple (optional sign-in method), iCloud and Google Drive (device-level backups when enabled by the user, outside our control), Cloudflare (website hosting and CDN), Google Analytics 4 (website analytics, consent-gated), Meta Pixel (ad measurement, consent-gated), and Resend (delivery of email you send through the contact form — messages retained for 12 months unless you ask for earlier deletion).

14. Your rights

Regardless of where you live:

  • Anonymous users can delete all app data by uninstalling the app.
  • Signed-in users can delete their account and all synced data from Settings → Account → Delete Account, then uninstall. Full instructions: jaapdaily.com/delete-data.
  • You can withdraw cookie consent at any time via the footer link.
  • You can email support@jaapdaily.com to request deletion of any contact-form correspondence or account data.

If you are in the EU, EEA, or UK, the General Data Protection Regulation (and UK GDPR) give you the right to:

  • access the personal data we hold about you,
  • have it corrected if inaccurate (rectification),
  • have it erased (the "right to be forgotten"),
  • restrict how we process it,
  • receive a portable copy (data portability),
  • object to processing,
  • withdraw any consent you previously gave, and
  • lodge a complaint with your national supervisory authority (for example, the ICO in the UK, or your country's data-protection authority in the EU/EEA) if you believe we have not handled your data properly.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know, the right to delete, the right to correct, and the right to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioural advertising.

To exercise any right, email support@jaapdaily.com. We will respond within 30 days.

15. Security and data breaches

On-device app data is protected by your operating system's standard encryption (iOS Data Protection / Android File-Based Encryption). Account and sync data stored in Firebase is encrypted in transit (TLS) and at rest using Google's standard encryption. Website analytics data sits with Google and Meta under their standard security regimes. Email you send via the contact form sits with Resend (in transit) and Gmail (at rest). If a security incident affects data we hold — account data or contact-form correspondence — we will notify affected users within 72 hours, consistent with GDPR Article 33.

16. Changes to this policy

Material changes will be announced on this page and noted in the changelog below. The date at the top of this page reflects the most recent revision. For changes that materially expand data collection, we will notify signed-in users in-app before the change takes effect.

17. Contact

Privacy questions, deletion requests, and rights requests: support@jaapdaily.com.

18. Online counter on this website

The /counter page on this website lets you tap to count without installing the app. Your count, mala progress, streak, and naam choice are saved in your browser's local storage on your device. We do not send any of this data to any server, and the counter does not fire any analytics event when you tap, complete a mala, or change your naam. Clearing your browser data, switching browsers, or using private/incognito mode will reset the counter — for persistent history, multi-device streaks, and full insights, use the mobile app.

If you choose "Add to Home Screen," the page is installed as a Progressive Web App on your device and uses a small service worker to cache the counter so it works offline. The service worker stores only the page itself and its visual assets — no count, streak, or naam data passes through it.


Changelog

18 May 2026 — Major update for optional sign-in and cloud sync launch. Adds Section 3 (optional sign-in — phone, email/password, Google, Apple Sign-In). Updates Section 4 (religious data — cloud sync now live via Firebase). Updates Sections 5 and 6 to cover signed-in user transmission. Rewrites Section 7 (cloud sync now live, not future). Updates Section 13 (third-party services — adds Firebase Auth, Firestore, Google Sign-In, Apple Sign-In). Updates Section 14 (rights — adds account deletion path). Updates Section 15 (security — adds Firebase encryption). All section numbers above 2 shifted by one to accommodate new Section 3.

15 May 2026 — Updates Section 13 to clarify the two-step deletion process: uninstall the app for on-device data, then email for any remote data. Links to /delete-data for full instructions.

11 May 2026 — Adds Section 17 covering the online jap counter at /counter and its PWA service worker. Confirms no analytics events fire on tap, mala completion, or naam change. Notes that local-storage data never leaves the device and that the service worker caches only page assets.

8 May 2026 — Initial published version. Names Dishika Singh as data controller. Adds enumerated GDPR rights including the right to lodge a complaint with a supervisory authority. Adds CCPA "we do not sell or share" notice. Adds GDPR Article 9 special-category-data note. Clarifies that notifications are scheduled locally, not via a push server. Clarifies that in-app purchase identity stays with Apple/Google. Adds Apple Watch and widget on-device note. Adds 72-hour breach-notification commitment. Adds 12-month Resend retention period.