Privacy Policy

Effective Date: 13 May 2026

Last Updated: 13 May 2026

This Privacy Policy describes how DialDay ("the Application", "we", "us", or "our") collects, uses, stores, and shares your personal data. The Application is operated by Petros Chatzianastasiou ("Service Provider"), based in Greece (European Union), and is provided as a Freemium service.

By downloading, installing, or using DialDay, you agree to the practices described in this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

Petros Chatzianastasiou
Greece
Email: support@dialday.app

If you have any questions about this Privacy Policy or wish to exercise your rights under GDPR, you can contact us at the email address above.

Marketing website and beta signup

This section covers personal data collected through our website at dialday.app — separate from the data DialDay processes inside the iOS app. If you only used the website (for example, by joining the TestFlight waitlist), this section is the relevant one.

What we collect when you join the beta

When you submit your email address through the beta signup form on dialday.app, we collect and store:

• Your email address
• The date and time of your submission
• Your IP address (used once to verify you're not a bot, then stored alongside the record)
• The user-agent string sent by your browser
• The exact consent text you saw and a version identifier for that text
• The fact that you checked the consent checkbox

We do not collect your name, location beyond the IP, or any payment information through this form.

Why we collect it

We collect this information for two purposes:

1. To send you an invitation to the TestFlight beta when the next round opens.
2. To notify you on the day DialDay launches on the App Store.

These are the only two emails you will receive as a result of signing up via this form. You will not receive other marketing communications, and your address will not be sold or shared with third parties.

Legal basis

Processing under this section is based on Article 6(1)(a) of the GDPR — consent given by you when you checked the consent checkbox and submitted the form. We store a snapshot of the exact consent text you saw, along with a version identifier and timestamp, as a record of consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Bot prevention

The signup form uses Cloudflare Turnstile to filter automated submissions. Turnstile processes a brief, privacy-preserving challenge in your browser; Cloudflare's Turnstile privacy practices apply to that interaction.

How long we keep it

Your email and the associated metadata are retained for up to two years from the date you submitted the form, or until you ask us to remove it — whichever comes first. After launch, if you do not become an active DialDay user, your record on the marketing list is independent of any in-app data and is governed solely by this section.

Where it's stored

Submissions are stored in Cloudflare's Workers KV, hosted on Cloudflare's edge network. Cloudflare acts as a data processor on our behalf. The website itself is hosted on Cloudflare Pages.

Your rights (marketing list)

At any time you may:

• Request a copy of the data we hold on you (right of access)
• Request that we delete your record (right to erasure)
• Withdraw your consent and unsubscribe

To exercise any of these rights, email support@dialday.app from the address you signed up with. We will respond within 30 days. Unsubscribing also constitutes a deletion request: your record will be removed from the marketing list within 7 days of the request.

2. What Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (for authentication and account recovery)
• Password (stored hashed via Supabase Auth — we never see your plaintext password)
• First name and last name
• Country
• Phone number (optional)
• Company name and role/title (optional)

2.2 CRM Data You Create

The Application is a customer relationship management tool. You provide and we store:

• Contact records (names, phone numbers, email addresses, notes, tags, status, lead source, birthday)
• Call logs (date, duration, outcome, notes)
• Activities and conversions
• Cadences and scheduled tasks
• Daily call goals and progress

This data belongs to you. We process it solely to provide the Application's features.

2.3 Phone Contacts (with your permission)

If you grant the Application permission to access your device contacts, the Application syncs your phone book into your CRM:

• Names, phone numbers, and email addresses from your device contacts
• Internal contact identifiers from your device (used to detect updates and removals)

You can revoke contacts permission at any time through your device settings. Doing so will stop further syncing but will not automatically delete previously synced contacts from the Application — you can delete them manually from within the Application.

2.4 Subscription Information

If you subscribe to DialDay Pro:

• Subscription status and billing period (managed via RevenueCat)
• Anonymous transaction identifiers from Apple App Store or Google Play
• We do not see, store, or process your payment card details. All payment processing is handled by Apple App Store or Google Play.

2.5 Information We Do NOT Collect

For transparency, the Application does NOT collect:

• Your precise device location (no GPS access)
• Your camera, microphone, photos, or videos
• Your web browsing history outside the Application
• Biometric or health data
• Behavioral profiling data for advertising

The Application contains no advertising and does not share your data with advertising networks.

3. How We Use Your Information

We process your personal data for the following purposes:

• Provide CRM functionality (store and display your contacts, call logs, activities) — Contract performance
• Authenticate your account and prevent unauthorized access — Contract performance
• Sync device contacts when you grant permission — Contract performance and your consent
• Process subscription purchases and manage Pro entitlements — Contract performance
• Send essential service notifications (e.g., account changes, important updates) — Legitimate interest
• Comply with legal obligations — Legal obligation
• Investigate and prevent fraud or abuse — Legitimate interest

We do not use your personal data for marketing communications. We do not sell your personal data to anyone, ever.

4. Where Your Data Is Stored

Your data is stored on infrastructure operated by:

• Supabase, Inc. (Delaware, USA — your data is hosted in the European Union region). Acts as our backend database, authentication, and storage provider. Supabase processes your data on our behalf as a data processor under GDPR. See Supabase's Privacy Policy: https://supabase.com/privacy
• RevenueCat, Inc. (California, USA). Manages subscription state and validates Pro entitlements. Receives only the anonymous transaction identifiers issued by Apple App Store or Google Play, plus your subscription status. Does not receive your name, email, or CRM data. See RevenueCat's Privacy Policy: https://www.revenuecat.com/privacy
• Apple App Store (for iOS subscriptions) or Google Play (for Android subscriptions). Process payments. We do not see your payment card details.

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards under GDPR Articles 44–49, including Standard Contractual Clauses where required.

5. Who Has Access to Your Data

Within the Service Provider's operations:

• Only Petros Chatzianastasiou has access to backend data, and only when necessary for technical support, debugging, or compliance with legal requirements.

We may disclose your information:

• When required by law (e.g., subpoena, court order, regulatory request)
• When necessary to protect rights, safety, or property of the Service Provider or others
• To investigate fraud, security breaches, or violations of our Terms

We do NOT share your data:

• With advertisers
• With data brokers
• With social networks (we do not integrate any social media SDKs)
• For any commercial purpose other than providing the Application's features

6. Data Retention

• Active account data (profile, CRM data): While your account is active
• Account data after deletion request: Deleted within 30 days of your request
• Soft-deleted (archived) contacts: 30-day grace period, then permanently deleted
• Subscription transaction records: As required by tax and accounting law in Greece (typically 5 years)
• Authentication logs: 90 days

When you delete your account, we erase your personal data from our systems within 30 days, except where retention is required by law.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar privacy laws, you have the following rights:

• Right to access — Request a copy of the personal data we hold about you.
• Right to rectification — Correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — Request deletion of your personal data.
• Right to restrict processing — Limit how we use your data.
• Right to data portability — Receive your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interest.
• Right to withdraw consent — Where processing is based on consent, withdraw it at any time.
• Right to lodge a complaint — File a complaint with the Hellenic Data Protection Authority (www.dpa.gr) or your local supervisory authority.

To exercise any of these rights, email support@dialday.app. We will respond within 30 days as required by GDPR.

You can also delete your account at any time from within the Application's Settings (when this feature is available) or by emailing the address above.

8. Permissions Requested by the Application

The Application requests the following device permissions:

• Contacts — Required to sync your phone book into your CRM. You may decline; the Application will function with manually entered contacts only. Permission can be revoked at any time in your device's system settings.
• Notifications (when enabled) — To deliver reminders for scheduled calls and tasks. Optional.

The Application does NOT request access to:

• Location
• Camera or microphone
• Photos or media library
• Calendar (calendar event integration uses internally generated identifiers, not system calendar access)
• Health data
• Bluetooth or local network

9. Children's Privacy

The Application is intended for adult professional users (typically 18+). The Application is not directed to children under 16, and we do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe your child has provided personal data to the Application, please contact us at support@dialday.app. We will delete the data promptly upon verification.

10. Security

We take reasonable measures to protect your data:

• All data transmitted between the Application and our servers is encrypted using TLS.
• Passwords are hashed using industry-standard algorithms (bcrypt/scrypt via Supabase Auth) — never stored in plaintext.
• Database access is restricted to authorized personnel only and audited.
• Row-level security (RLS) is enforced at the database level, ensuring users can only access their own data.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority as required by GDPR Article 33–34.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will post the updated policy at the same URL
• We will update the "Last Updated" date at the top
• For material changes, we will notify users through the Application or via email

We encourage you to review this Privacy Policy periodically. Your continued use of the Application after changes are posted constitutes your acceptance of the updated policy.

12. Third-Party Links

The Application may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing personal data.

13. Contact Us

For questions, concerns, or to exercise your rights under this Privacy Policy:

Email: support@dialday.app

We aim to respond to all inquiries within 5 business days, and to formal GDPR requests within 30 days.

This Privacy Policy is provided in English. In case of conflict between this policy and any translated version, the English version prevails.