Privacy Policy

1. Introduction

Welcome to Daily Flow ("we," "our," or "us"). Daily Flow is a day-first task management application that helps you focus on today's tasks while maintaining a complete history of your work.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at daily.devity.in (the "Service"). Please read this privacy policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Task Data

When you use Daily Flow, we collect and store:

• Task titles and descriptions
• Task priorities (high, medium, low)
• Task statuses (No Status, In Progress, On Hold, Blocked, Finished)
• Task creation and update timestamps
• Task order and organization

2.2 Authentication Data (Optional)

If you choose to sign in with Google for cloud sync, we collect:

• Google account email address
• Google account name
• Google account profile picture (if available)
• OAuth access and refresh tokens (stored securely in httpOnly cookies)

2.3 Subscription Data (Optional)

If you subscribe to Google Drive sync, we collect:

• Email address (for subscription verification)
• Razorpay subscription ID
• Subscription status and payment information (processed by Razorpay)

2.4 Usage Data

We may collect information about how you access and use the Service, including:

• Date and time of access
• Browser type and version
• Device information
• IP address (for security and rate limiting)

3. How We Store Your Data

3.1 Guest Mode (LocalStorage)

If you use Daily Flow without signing in, all your task data is stored locally in your browser's localStorage. This data:

• Never leaves your device
• Is not transmitted to our servers
• Can be cleared by clearing your browser data
• Is stored as a JSON file in your browser

3.2 Authenticated Mode (Google Drive)

If you sign in with Google and subscribe to Drive sync, your data is:

• Stored in your Google Drive account as a JSON file
• Synchronized across your devices
• Subject to Google's privacy policy and terms
• Accessible only through your Google account

We use Google Drive API with the drive.file scope, which only allows us to access files created by Daily Flow, not your entire Drive.

4. Cookies and Session Management

We use secure, httpOnly cookies to manage your authentication session:

• Purpose: To maintain your login session and store OAuth tokens securely
• Duration: 30 days (configurable)
• Security: Cookies are httpOnly, secure (HTTPS only), and same-site
• No Tracking: We do not use cookies for advertising or tracking purposes

You can clear cookies by logging out or clearing your browser data. This will sign you out but will not delete your task data stored in localStorage or Google Drive.

5. Third-Party Services

5.1 Google Services

We use Google OAuth and Google Drive API for authentication and cloud storage:

• Google OAuth: For user authentication
• Google Drive API: For storing your task data in your Drive account
• Data Sharing: We only access files created by Daily Flow
• Privacy: Your use of Google services is subject to Google's Privacy Policy

5.2 Razorpay

We use Razorpay for subscription payments:

• Purpose: Processing subscription payments (₹99/month)
• Data Collected: Email address, payment information (handled by Razorpay)
• Privacy: Payment data is processed by Razorpay and subject to Razorpay's Privacy Policy
• Security: We never store your payment card details

6. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Sync your tasks across devices (if subscribed)
• Process subscription payments
• Authenticate your identity
• Prevent abuse and enforce rate limits
• Respond to your requests and support needs

We do NOT:

• Sell your data to third parties
• Use your data for advertising
• Share your task data with other users
• Analyze your tasks for marketing purposes

7. Data Security

We implement security measures to protect your data:

• Encryption: All data transmission uses HTTPS/TLS encryption
• Secure Storage: OAuth tokens stored in httpOnly cookies
• Rate Limiting: API endpoints are rate-limited to prevent abuse
• Access Control: Subscription verification required for Drive sync
• No Direct Access: We cannot access your Google Drive files directly

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your data:

• Access: You can view all your task data at any time
• Export: You can export your tasks to Excel format
• Delete: You can delete individual tasks or clear all data
• Account Deletion: You can revoke Google access and cancel subscription
• LocalStorage: You can clear browser data to remove local storage
• Google Drive: You can delete the Daily Flow data file from your Drive

To exercise these rights, you can:

• Use the export feature in the app
• Delete tasks directly in the interface
• Log out to clear session data
• Cancel subscription through Razorpay dashboard
• Revoke Google access through Google Account settings

9. Data Retention

Guest Mode: Your data is stored in localStorage until you clear it or clear your browser data.

Authenticated Mode: Your data is stored in Google Drive until you delete it. We do not automatically delete your data. If you cancel your subscription, your data remains in Google Drive but sync will be disabled.

Session Data: OAuth tokens are stored for 30 days or until you log out.

Subscription Data: Retained as required by law and Razorpay's policies.

10. Children's Privacy

Daily Flow is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: info@devity.in
• Website: devity.in