Privacy Policy

This policy explains what data the “One My Day” app (“the Service”, “the App”) collects, why, how we protect it, and what rights you have.

1. Who is the controller

Data controller: OPSoft Inc., a Wyoming corporation with registered address at 30 N Gould St Ste R, Sheridan, WY 82801, United States.

Data-protection contact: support@onemyday.com.

Users located in the Russian Federation are served by a separate data controller — see the Russian-language version of this policy.

2. Consent and applicable law

By using the Service you confirm that you have read this policy and consent to the processing of your personal data under its terms.

This policy is governed by the laws of the State of Wyoming, United States. Additionally:

• If you are in the European Union or the European Economic Area, your rights under the General Data Protection Regulation (Regulation 2016/679, “GDPR”) apply.
• If you are in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply.
• If you are in California, the California Consumer Privacy Act (CCPA / CPRA) applies.

The Service is intended for users aged 18 and older. If you are younger, please do not use the App.

3. What data we collect

At sign-up:

• your email — used to send a one-time login code (OTP); authentication is not possible without it.

In your profile (optional, editable):

• display name — may be a pseudonym; encrypted on the server with a per-account key;
• age cohort (range), gender;
• preferences for matching partners in ephemeral chats.

Content you create:

• journal entries — stored encrypted on the server with a per-account key;
• photos — stored in a private S3-compatible bucket; no direct public URLs are issued;
• “mood” for each post;
• optional: place / coordinates and weather captured at the moment of writing — only if you have granted location access;
• optional: your comments and AI-generated comments on posts;
• optional: AI “memory” — short notes the service collects to maintain context; you can delete any note in the app.

Ephemeral chats (if you opt in): partner nickname, temporary session identifiers, availability status. Messages are kept for up to 60 seconds; sessions for up to 60 minutes, after which they are deleted automatically.

Public share links: if you create a public link to a post, the fields you selected (text, photo, place, mood) are stored as a public snapshot accessible via a short URL until you revoke the link. After revocation the page returns HTTP 410 Gone and drops out of search indices.

Technical data: IP address, device type, session identifier, request timestamps. Logs are kept for up to 90 days and used only for security and abuse prevention.

On-device only (we do not receive): PIN code, duress PIN, biometric data — stored in the device’s secure enclave and never sent to us.

4. Why we process this data

• to provide the App: journaling, AI commentary, partner matching, sharing;
• to identify you when you sign in;
• to protect you and others (anti-spam, fraud and abuse prevention);
• to improve the service based on aggregated, de-identified usage data.

5. Legal basis (for EU/UK users)

• your informed consent (GDPR Art. 6(1)(a)) — for optional features (location, AI commentary on your content, AI memory, ephemeral chats);
• performance of a contract — the Terms of Service (GDPR Art. 6(1)(b)) — for the core service;
• legitimate interest of the controller in abuse prevention (GDPR Art. 6(1)(f)) — for security logs.

6. Recipients (sub-processors)

AI features (AI comments, recap summaries, ephemeral AI chat, voice and text AI interview) rely on third-party AI services. Data is transmitted to these services only after you give explicit in-app consent on the “AI assistant” screen at first launch; you can revoke it at any time in Settings. Before consent, AI features are unavailable in the app.

• Anthropic, PBC (USA) — provider of the Claude AI models. What is sent: the text of your entries, metadata (mood, time, place — no precise coordinates), conversation history with AI, AI memory entries about you. Purpose: generate AI comments, recap summaries, AI chat replies and the next interview question. Retention / training: per the Anthropic API policy data is not used to train the models; the provider offers a level of protection comparable to this Policy.
• Nexara LLC (Russia) — speech-to-text provider (Whisper). What is sent: the audio of your voice answer during an AI interview or voice dictation. Purpose: transcribe speech and return text. Retention: audio is not stored on our server; the provider offers a level of protection comparable to this Policy.
• Hosting and database provider (reg.ru) — for the server and database.
• S3-compatible object storage — for photos and video circles.
• Apple, Google — for push-notification delivery (device token + notification text only).

We do not sell your data, do not share it with advertising networks, and do not use it for off-app profiling.

7. International transfers

The infrastructure that serves international users may be located in the United States, the European Union, or other jurisdictions where our sub-processors operate. When required by law (e.g., EU → US transfers), we rely on Standard Contractual Clauses or comparable safeguards published by our sub-processors.

8. Retention

• account, posts, photos, AI memory — until you delete them or delete the account;
• messages in ephemeral chats — up to 60 seconds;
• ephemeral chat sessions — up to 60 minutes;
• technical logs — up to 90 days.

When you delete your account, the associated data (including photos) is erased. Backups may retain de-identified residues for up to 30 days, after which they are deleted as well.

9. Security

• transport between the app and the server — TLS 1.2+;
• post bodies, names and metadata — encrypted on the server with a per-account key (envelope encryption);
• access to the production database — limited to a small group with 2FA.

Server-side encryption means that technically the controller can access your content — we do not do so in normal operations, but we cannot claim full end-to-end encryption. If that matters to you, please factor it into your risk assessment.

10. Your rights

You may at any time:

• request a copy of your data — by emailing the controller;
• correct inaccurate data — through in-app settings;
• delete individual posts, photos, or AI-memory notes — in the app;
• delete your account in full — Settings → Delete account (or at onemy.day/delete-account); this is irreversible;
• withdraw consent (equivalent to deleting your account);
• restrict processing or object to processing (EU/UK users);
• opt out of any “sale” or “sharing” of personal information (California users — none currently occurs);
• lodge a complaint with your supervisory authority (EU/UK) or your state Attorney General (US).

11. Cookies and analytics

The onemy.day landing page does not use tracking cookies. The App does not include third-party analytics SDKs (Google Analytics, Firebase Analytics, etc.). If we add minimal in-house analytics, we will update this section.

12. Children

The Service is not directed to children under 18. We do not knowingly collect personal data from children under 18. If you believe a minor has provided us with personal data, please contact us at support@onemyday.com and we will delete it.

13. Changes to this policy

We may update this policy. If changes affect your rights or the categories of processed data, we will notify you in the app or on the landing page and update the date at the top. Continued use of the Service after such notice constitutes acceptance of the new version.

14. Contact

For any data-protection question: support@onemyday.com.
Mail: OPSoft Inc., 30 N Gould St Ste R, Sheridan, WY 82801, USA.