Last Updated: Apr 4, 2026

Privacy Policy

Last updated: April 4, 2026

This Privacy Policy explains how Smarter Day (“Smarter Day,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our applications, website at https://smarter.day, and related services (collectively, the “Service”).

By using the Service, you acknowledge this Policy. If you do not agree, please do not use the Service. For terms governing your use, see our Terms of Service.

1) Who we are & contact

Entity: Smarter Day

Email (privacy requests): privacy@smarter.day

Email (legal notices): legal@smarter.day

Email (support): support@smarter.day

If you are in the EEA/UK and wish to contact our EU/UK representative (if/when appointed), use privacy@smarter.day and we will route your request appropriately.

2) Scope & key points

  • The app works offline by default. Your Content (tasks, habits, events, notes, attachments) stays on your device unless you sign in to enable cloud sync, or you explicitly share items with others.

  • We offer optional, anonymous analytics and crash reporting. In certain regions (e.g., EEA/UK), these are off by default and only activate if you turn them on in the app.
  • We do not use the device advertising identifier (IDFA) and we do not engage in cross-app behavioral advertising.
  • You can request “Delete my account” and “Get my data.”
  • We act as data controller for your personal data in the Service and use reputable service providers as processors.

3) Information we collect

We collect different categories of information depending on how you use the Service.

3.1 Offline use (no sign-in)

  • On-device Content (local only): tasks, habits, events, notes, attachments, and settings you create and store on your device. Not transmitted to us unless you sign in or share.

  • Optional diagnostics/analytics (if you enable): anonymous event metrics (feature usage, performance) and crash/exception data without personal identifiers or Content bodies.

3.2 When you sign in (cloud sync & collaboration)

  • Account identifiers: authentication data from your chosen sign-in provider (e.g., a user ID, and if provided by you via the provider, your display name and avatar).

  • Cloud Content: items you choose to sync (tasks, habits, events, notes, attachments, metadata like timestamps, labels, project/folder membership).
  • Sharing data: connections/contacts you approve, and the permissions you set (e.g., who can view item titles, names/avatars of connected users).
  • Device & technical logs: device model/OS, app version, timestamps, IP addresses, and networking metadata necessary for secure sync, abuse prevention, and troubleshooting.
  • AI processing inputs/outputs (if you use AI features): when you use optional AI-assisted features (e.g., suggestions, prioritization, icon generation), your prompts and the AI-generated outputs may be processed by third-party AI service providers as described in Section 8.

3.2.A AI Icon Suggestions

AI Icon Suggestions (optional): if you enable AI Icon Suggestions, we send the title of your task or other entity ("task title") to our server and share it with our AI provider (OpenAI) to generate icon suggestions for that item.

  • Purpose limitation: we use this data only to provide the AI Icon Suggestions feature, unless we clearly disclose and obtain any additional consent required by law for another purpose.
  • User control: AI Icon Suggestions are off by default until you enable them. You can turn this feature off at any time in Settings → Privacy & Data.
  • Retention: task titles submitted for AI Icon Suggestions and related outputs are retained only for the time needed to process the request and return the result, except for short-lived technical, security, and abuse-prevention logs where necessary.
  • Outputs: we may temporarily process and store the AI-generated icon suggestions returned for your request as needed to display the result in the app and support the feature.

3.3 Purchases & subscriptions

  • Subscription status: marketplace receipts/tokens and verification state (through our subscription management provider) to recognize your plan across devices.

  • Identifiers used by subscription management: anonymous identifiers to link your device with your subscription without linking to your personal identity.

3.4 Support communications

  • Support messages: email content, attachments, and contact details you send to support@smarter.day or via in-app forms.

We do not knowingly collect: government IDs, precise geolocation, contact lists, SMS/phone logs, health data, or financial account numbers. We do not collect Content bodies for analytics or crash reports.

4) How we use information (purposes)

  • Provide the Service: enable offline features, sign-in, cloud sync, collaboration, device-level notifications, AI-assisted features (optional), and customer support.

  • Maintain & secure the Service: prevent abuse, ensure integrity and availability, resolve incidents, keep reliable backups, and investigate suspected illegal or unauthorized use.
  • Optional analytics: understand feature adoption and performance to improve the app (anonymous/aggregated; user-controlled).
  • Optional crash reporting: identify and fix defects (anonymous; user-controlled).
  • Subscription management: verify entitlements, prevent fraud, reconcile marketplace receipts.
  • Legal compliance: comply with court orders, enforce Terms, handle disputes, and retain data as required by law or regulatory obligations.
  • AI-assisted features (optional): process your inputs through third-party AI providers to generate suggestions, recommendations, or other outputs as described in the Terms of Service.
  • AI Icon Suggestions (optional): if you enable this feature, process your task title through our server and AI provider to generate icon suggestions for the relevant task or entity.

5) Legal bases (EEA/UK)

  • Where GDPR/UK GDPR applies, our processing relies on:

  • Performance of a contract (Art. 6(1)(b)): to provide core functionality, sign-in, sync, collaboration, and support.
  • Consent (Art. 6(1)(a)): optional analytics and crash reporting (off by default in EEA/UK; you can withdraw anytime in Settings).
  • Legitimate interests (Art. 6(1)(f)): basic security, abuse prevention, and service reliability (balanced against your rights).
  • AI Icon Suggestions (Art. 6(1)(b) and, where required by applicable law, Art. 6(1)(a)): to provide the optional AI Icon Suggestions feature that you choose to enable and use. Where consent is required, you may withdraw it at any time in Settings.
  • Legal obligation (Art. 6(1)(c)): to meet recordkeeping or regulatory duties where applicable.

6) “Sale” / “Share” (U.S. CPRA) and advertising

  • We do not “sell” personal information and do not “share” it for cross-context behavioral advertising as defined by CPRA.

  • We do not use IDFA or third-party ad networks inside the Service.
  • If this changes, we will update this Policy and provide required opt-outs.

7) Cookies, SDK storage & consent

Our mobile apps may use local storage or SDK-level identifiers to operate the Service. In EEA/UK, optional analytics/crash SDKs remain disabled until you enable them in Settings (or via a lightweight prompt). You can change your choices at any time. In all regions, you can turn these features off in the app.

8) Service providers (processors)

  • We use service providers under data-processing agreements. They process data only per our instructions and only for the purposes listed here.

  • Identity & backend platform: Firebase Authentication and related platform services (account, secure sync, reliability).
  • Anonymous analytics (optional): Firebase Analytics and Mixpanel (no IDFA; no user identity when disabled; opt-in in EEA/UK).
  • Crash monitoring (optional): Sentry (anonymous; opt-in in EEA/UK).
  • Subscription management: RevenueCat (subscription status verification across devices using anonymous identifiers).
  • AI service provider for AI Icon Suggestions (optional): OpenAI may process task titles or similar user-provided text that you submit when you use AI Icon Suggestions, solely to generate icon suggestions for that feature. Processing by OpenAI is subject to our contractual arrangements with that provider and, where applicable, the provider's own terms and privacy commitments.
  • Hosting & infrastructure: reputable cloud providers for compute, storage, and backups.
  • Support tooling: email and ticketing systems for handling your support requests.

We may update providers as our architecture evolves; material changes will be reflected here. You can request a current list at privacy@smarter.day.

9) Data sharing & disclosures

  • We do not sell your personal information. We disclose data only to:

  • Service providers (Section 8) to operate the Service;
  • Other users only when you choose to share (e.g., collaborators see your name/avatar and shared item metadata per permissions you set);
  • Authorities or third parties when required by law, subpoena, court order, or to protect rights, safety, security, prevent fraud, investigate suspected illegal activity, or enforce our Terms;
  • Successors in a merger, acquisition, or asset sale (subject to this Policy and applicable law).

We do not monitor, review, or take responsibility for the legality, accuracy, or appropriateness of your Content. You are solely responsible for ensuring your Content and use of the Service complies with applicable laws. We reserve the right to access, preserve, and disclose data (including Content) if we believe in good faith that it is necessary to comply with legal obligations, protect rights or safety, or investigate suspected violations of our Terms.

10) International transfers

We may process and store data in countries other than where you reside. Where required, we implement appropriate safeguards for international transfers (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) and adopt technical/organizational measures (encryption in transit/at rest, access controls, least-privilege).

11) Retention

  • We keep data only as long as necessary for the purposes described, subject to legal and regulatory requirements.

  • Account & profile: retained while your account is active.
  • Cloud Content: retained while stored in your account; deleted on your request or account deletion (with reasonable backup delay of up to 30–90 days).
  • Backups: encrypted backups roll on scheduled cycles (e.g., 30–90 days) and are purged automatically.
  • Anonymous analytics: typically up to 14 months (or shorter where configured).
  • Crash data: typically 90 days (or shorter where configured).
  • Server logs & security events: typically 30–180 days depending on purpose.
  • Support tickets: typically up to 24 months after closure (or longer if legally required).
  • Billing/receipt metadata: retained as required by applicable tax, audit, and financial recordkeeping laws (typically 7–10 years in many jurisdictions).
  • AI Icon Suggestions data: task titles submitted for AI Icon Suggestions and related outputs are retained only for the time needed to process the request and return the result, except for short-lived technical, security, and abuse-prevention logs where necessary.
  • Data related to legal matters: data subject to legal hold, investigation, litigation, regulatory inquiry, or required for fraud prevention may be retained beyond standard retention periods until the matter is resolved and applicable legal obligations are satisfied.

Actual durations may vary by system and jurisdiction; contact us at privacy@smarter.day if you need specifics.

12) Your rights

12.1 EEA/UK (GDPR/UK GDPR)

You have the right to access, rectify, erase, restrict, object, and data portability, as well as the right to withdraw consent (for optional analytics/crash reporting) at any time. You also have the right to lodge a complaint with your supervisory authority.

12.2 U.S. (CPRA/other state laws)

Depending on your state, you may have rights to know/access, correct, delete, data portability, and to opt out of "sale"/"share" (not applicable as we do not sell/share). We do not use or disclose "sensitive personal information" for purposes requiring a "limit use" link.

Authorized agents: You may designate an authorized agent to make requests on your behalf. We will require written authorization from you and may need to verify both your identity and the agent's authority before processing the request.

Non-discrimination: We will not discriminate against you for exercising your privacy rights under applicable law. However, we may offer different pricing, services, or features based on your subscription tier or other legitimate business factors unrelated to your privacy rights exercise.

12.3 Exercising your rights

  • In-app: Settings → Privacy & Data (toggle analytics/crash reporting; toggle AI Icon Suggestions; export data; delete account).

Identity verification: We will need to verify your identity before fulfilling rights requests to protect against unauthorized access. We may request additional information to confirm you are the account holder.

Limitations: Your rights may be limited by applicable law. We may deny or limit requests if: (i) we cannot verify your identity; (ii) the request is manifestly unfounded, excessive, or repetitive; (iii) disclosure would adversely affect others' rights; (iv) we are legally required to retain the data; or (v) the data is necessary for legal claims, fraud prevention, or regulatory compliance.

We will respond within timeframes required by law (typically 30 days for GDPR requests; 45 days for CPRA requests, with possible extensions where permitted).

13) Security

We use administrative, technical, and physical safeguards designed to protect data, including encryption in transit and at rest, access controls, audit logging, and vulnerability management.

However, no system is perfectly secure. Despite our efforts, we cannot guarantee absolute security. You acknowledge and accept the inherent security risks of internet and electronic storage. You are solely responsible for:

  • Maintaining the security of your device, operating system, and apps;
  • Safeguarding your sign-in credentials and authentication methods;
  • Using strong passwords and enabling multi-factor authentication where available;
  • Promptly reporting any unauthorized access or security concerns to privacy@smarter.day;
  • Ensuring your Content does not violate laws or contain illegal material.

We are not responsible for unauthorized access, data breaches, or security incidents resulting from your failure to secure your device or credentials, or from your illegal or unauthorized use of the Service.

14) Children’s privacy

The Service is not directed to children under 13 (or the higher age required by local law, up to 16 in some countries). We do not knowingly collect personal data from such children. If you believe a child has provided personal data, contact us at privacy@smarter.day to request deletion.

15) Automated decision-making & profiling

We do not engage in automated decision-making that produces legal or similarly significant effects about you. AI-assisted features (e.g., suggestions, prioritization) are assistive and not determinative; you remain responsible for decisions and verification.

16) Data breach notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and applicable supervisory authorities as required by law, within the timeframes mandated by applicable regulations (e.g., within 72 hours under GDPR where feasible). We will provide information about the nature of the breach, potential consequences, and measures taken or recommended.

17) Third-party links & services

The Service may contain links to third-party websites, apps, or services that are not operated by us. We are not responsible for the privacy practices, content, or security of any third-party sites or services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access.

AI service providers may have their own terms of service and privacy policies that govern how they use data you provide through our AI-assisted features. We do not control these third parties' practices.

18) Do Not Track

Your browser or device may send “Do Not Track” signals. Industry standards are not uniform. We do not respond to DNT signals, but you can control optional analytics and crash reporting directly in the app.

19) Changes to this Policy

We may update this Policy from time to time. Material changes will take effect 30 days after we post the updated Policy or otherwise notify you (e.g., in-app notice or email if available). Your continued use after the effective date constitutes acceptance.

20) How to contact us

For any questions or requests regarding this Policy, contact privacy@smarter.day. For legal notices, contact legal@smarter.day.

Appendix A — Regional consent handling (high level)

  • EEA/UK: optional analytics and crash reporting are off by default and activate only after your explicit choice in Settings (you can withdraw consent at any time). Core features are not conditioned on these options.

  • Rest of world: the same controls are available; defaults may differ as permitted by law. You can turn options on/off in the app at any time.

Appendix B — Data category matrix (summary)

Category Examples Purpose Legal Basis Typical Retention
Account identifiers Auth user ID; display name/avatar (if provided) Sign-in, sync, collaboration Contract Life of account
Cloud Content Tasks, habits, events, notes, attachments, metadata Provide core features; sync; sharing you enable Contract Until deleted; backups roll off (30–90 days)
Subscription status Marketplace receipts/tokens; anonymous entitlement IDs Verify plan, prevent fraud Contract/Legal obligation As required by tax/audit; otherwise active subscription + legal period
AI icon suggestion inputs/outputs Task titles submitted for icon suggestions; AI-generated icon suggestions Provide optional AI icon suggestions Contract and/or Consent where required by law Transient processing only, except short-lived technical/security logs where necessary
Optional analytics Anonymous feature usage, performance metrics Improve product Consent (EEA/UK); Legitimate interests elsewhere where permitted Up to 14 months
Optional crash data Error/exception telemetry (no Content bodies) Fix defects Consent (EEA/UK); Legitimate interests elsewhere where permitted ~90 days
Security & logs IP addresses, timestamps, event logs Abuse prevention, integrity, investigation Legitimate interests/Legal obligation 30–180 days (longer for legal/fraud matters)
Support data Emails, attachments Support, troubleshooting Legitimate interests/Contract ~24 months after closure (longer if legally required)
Legal/regulatory holds Any data relevant to legal matters Compliance, litigation, investigations Legal obligation/Legitimate interests Until matter resolved + applicable legal retention period

If any part of this Policy conflicts with local mandatory law, the mandatory law controls for residents of that jurisdiction.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.