Privacy Policy

UNIISLABS (“the Company”) values the personal data of daly (“the Service”) users and complies with the Personal Information Protection Act (PIPA) and related laws. This policy explains what data we collect, how we use and store it, and what rights you have.

daly brings together routines (action), self-observation (records), and an AI companion (discovery). Its purpose is to help you discover your own rhythm as small daily data accumulates — and that data is always yours.

1. Information We Collect

Required

• Email address (magic-link login) or Apple/Google login identifier (sub)
• User ID (UUID), signup date/time

Optional

• Nickname, profile image

Generated while using the Service

• Routine data: routine names, steps, start times, repeat days, execution records
• Evening condition check-in: mood score (1–5), one-line memo
• Notification settings and delivery status

Collected automatically

• Device information, app version, IP address, access/usage logs
• Usage event analytics (PostHog, pseudonymized/anonymized)
• Error logs (Sentry, with personal identifiers scrubbed)

Information handled with care

• Mood scores and one-line memos may relate to your state of mind. They are protected as described in Article 7.

2. Purposes of Collection and Use

• Member identification and login
• Service delivery, including routine execution support and statistics/self-observation
• Your own review of evening condition check-in records
• AI companion (daily, weekly, and monthly insights) generation — created by sending anonymized statistical summaries to the Anthropic API
• Service improvement through pseudonymized/anonymized usage analytics
• Stability improvement through error tracking
• Subscription billing and subscription status management

3. Retention Period

The Company destroys personal data without delay once its purpose is achieved.

• Member data: retained from signup until account deletion; linked data is destroyed immediately upon withdrawal.
• Items retained for a set period under applicable law:
  • Records of contracts, withdrawal of subscription, payment, and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce)
  • Records of consumer complaints or dispute handling: 3 years (E-Commerce Act)
  • Login (access) records: 3 months (Protection of Communications Secrets Act / Network Act)
• After withdrawal, one-way hashes of identifiers and the AI-preview consumption flag are retained for 1 year to prevent re-signup abuse (Article 8). Raw values are not retained.
• When downgrading from Pro to Free, past insights and statistics are not deleted but locked. One-line memos are not locked and remain accessible.

4. Third-Party Provision and Processing Delegation

The Company does not provide your personal data to third parties without your consent. To operate the Service, we delegate processing as follows.

When generating the AI companion, user identifiers are anonymized via sha256 hashing; the plaintext user ID is not transmitted. We also apply an opt-out so that Anthropic does not use input data for model training.

5. Cross-Border Transfer

All processors above are located in the USA, so using the Service involves transferring your personal data to the USA.

• Recipients: the processors in Article 4
• Destination country: USA
• Timing and method: transmitted over the network at the time of use (with transport-layer encryption)
• Items transferred: the items in Article 1, to the extent needed for each delegated task
• Retention: until termination of the delegation contract or account deletion
• Right to refuse: you may refuse cross-border transfer. However, these items are essential to the Service, so refusal may limit your use of the Service.

Consent for cross-border transfer is obtained separately at signup.

6. Security Measures

• Transport-layer encryption (TLS)
• Access control: Row Level Security ensures each user can access only their own data.
• Privilege separation: server-only keys and API keys are never exposed to the client and are used only on the server (Edge Functions).
• Personal identifiers scrubbed from error/analytics logs

7. How Condition Data Is Protected

• Mood scores are accessible only to the owner via Row Level Security, and identifiers are anonymized (sha256) when sent externally for AI companion generation.
• One-line memos in evening check-ins are stored with application-level encryption (pgcrypto, AES-256); the key is held only on the server (Supabase Vault). They are accessible only to the owner under Row Level Security.

8. Information Retained to Prevent Re-Signup Abuse

To prevent abuse through re-signup after withdrawal (e.g., repeatedly claiming free benefits), the following is retained for 1 year.

• One-way hashes of identifiers: sha256(salt + normalized email / Apple sub / Google sub) (raw values not retained, not recoverable)
• AI-preview consumption flag: whether the one-time-per-account AI preview was used at the time of withdrawal
• Re-signup cooldown: 15 days after withdrawal

9. Notice on Automated Decisions (AI Insights)

daly’s AI companion (daily, weekly, and monthly insights) is generated by automatically analyzing your routine and condition data, which may constitute automated processing.

• Basis: a statistical summary of your routine execution records and condition check-ins
• Method: anonymized statistical summaries are sent to an AI model to generate short, observation-focused text. It does not diagnose or advise; it gently surfaces patterns visible in your data.
• Effect: insights are reference information and have no legal effect on your rights or obligations.
• Your controls:
  • Turn analysis off: daily, weekly, and monthly insights can each be turned off.
  • Delete insight data only: you can delete generated insight data without deleting your account.
  • Object / request explanation: contact hello@trydaly.app to object to or ask about AI processing.

10. Mental Health Resources

The Service does not diagnose or treat your state of mind. However, if low condition persists for a period or expressions that look like crisis signals are detected, the Service pauses analysis and quietly shares resources where you can get help.

• Suicide Prevention Hotline (Korea): 1393 (24 hours)
• Mental Health Crisis Counseling (Korea): 1577-0199
• If you are outside Korea, please reach out to your local crisis or emergency services.

This is informational only and does not replace medical or psychological diagnosis or treatment.

11. Your Rights and How to Exercise Them

You may exercise the following rights at any time.

• Access your personal data
• Correction / deletion
• Suspension of processing
• Withdrawal of consent (effective immediately upon account deletion)

How to exercise:

• View and edit directly in the app’s settings, or withdraw via Settings → My info → Delete account (1–2 actions).
• Or contact hello@trydaly.app. The Company will respond diligently within the periods set by law.

12. Children Under 14

The Service does not accept signups from children under 14 years of age.

13. Data Protection Officer

• Data Protection Officer: Hoyoon Kim
• Contact: hello@trydaly.app

You may direct privacy-related inquiries, complaints, or remedy requests to the contact above, and the Company will respond promptly.

14. Remedies for Rights Infringement

If you need help with a privacy infringement, you may contact the following Korean agencies.

• Personal Information Dispute Mediation Committee: www.kopico.go.kr / +82-1833-6972
• Privacy Infringement Report Center: privacy.kisa.or.kr / 118
• Supreme Prosecutors’ Office: www.spo.go.kr / 1301
• National Police Agency: ecrm.police.go.kr / 182

15. Changes to This Policy

If this policy changes, the changes will be announced in-app at least 7 days before they take effect. For changes unfavorable to users, at least 30 days in advance.

16. Business Information

Effective date: (set at publication)