← Back to Home
Privacy Policy
Last updated: February 6, 2026
At Dawn ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"), available on the Apple App Store.
Privacy by Design: Dawn is built around anonymity. We do not collect your name, email address, phone number, or any other personally identifiable information. Your identity in Dawn is a random, anonymous identifier generated on your device.
1. Information We Collect
1.1 Information You Provide
- Journal Entries: The short text entries (up to 140 characters) and mood selections ("Happy" or "Sad") you input into the App. Important: Your raw journal entries are never displayed publicly. Only the AI-generated prayers derived from your entries appear on the Global Prayer Feed.
- Reactions: When you "like" a prayer on the Global Prayer Feed, we record that reaction.
- Support Inquiries: If you contact us via email, we collect your email address and message content solely to respond to your inquiry.
1.2 Automatically Collected Information
- Anonymous Device Identifier: When you first open Dawn, the App generates a random UUID (Universally Unique Identifier) on your device. This anonymous identifier is used to associate your entries, preferences, and subscription status — without requiring a login or any personal information. This is not Apple's Identifier for Advertisers (IDFA).
- Subscription & Purchase Data: We store subscription status, plan type, expiration dates, and purchase receipts to manage your Premium access.
- Approximate Location: We may infer your general location (city/country level) from your IP address to display your anonymous prayer on the Global Feed map. We do not collect precise GPS coordinates or request location permissions.
1.3 Advertising & Tracking (Free Tier Only)
- Apple App Tracking Transparency (ATT): Before any tracking occurs, Dawn requests your permission via Apple's ATT prompt. If you decline, you will still see ads, but they will be non-personalized.
- Advertising Identifiers: If you grant ATT consent, your Apple IDFA (Identifier for Advertisers) may be shared with Google AdMob to serve personalized advertisements. If you deny consent, no IDFA is shared.
- GDPR Consent: If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we will request your explicit consent before serving personalized advertisements, in compliance with GDPR and ePrivacy regulations.
2. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|
| Generate personalized AI prayers and reflections from your journal entry | Contract performance |
| Display AI-generated prayers on the Global Prayer Feed | Contract performance |
| Manage your account, preferences, and Premium subscription | Contract performance |
| Serve personalized advertisements (free tier, with ATT/GDPR consent) | Consent |
| Detect and prevent fraudulent, abusive, or harmful activity | Legitimate interest |
| Improve App functionality and fix bugs | Legitimate interest |
3. Data Storage & Security
- Private Cloud Infrastructure: Your data is stored on secure, private servers hosted by DigitalOcean with SSL-encrypted database connections. We maintain full control over this infrastructure and do not rely on shared backend-as-a-service platforms for core data storage.
- Encryption in Transit: All communication between the App and our servers is encrypted using TLS (Transport Layer Security).
- Encryption at Rest: Sensitive data, including authentication tokens and privacy consent preferences, is stored on your device using Apple's encrypted Keychain (via Expo SecureStore).
- Rate Limiting: We employ server-side rate limiting to protect against abuse and unauthorized access attempts.
4. Third-Party Data Processors
We share the minimum data necessary with trusted third-party providers solely to operate the App. We do not sell your personal data.
| Provider | Purpose | Data Shared |
|---|
| OpenAI |
AI prayer generation & content moderation |
Your journal entry text (max 140 characters). We have opted out of data training — your entries are not used to train OpenAI's public models. |
| RevenueCat |
Subscription management & App Store receipt validation |
Anonymous device identifier, purchase receipts, subscription status. |
| Google AdMob |
Advertisements in the free version of the App |
IDFA (only with your ATT consent), device type, ad interaction data. Subject to Google's Privacy Policy. |
| DigitalOcean |
Cloud hosting infrastructure |
All server-side data is hosted on DigitalOcean's infrastructure. |
5. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (where OpenAI and Google are headquartered) and data center regions operated by DigitalOcean. When we transfer personal data internationally, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- The service provider's compliance frameworks (e.g., EU-U.S. Data Privacy Framework);
- Your explicit consent, where applicable.
6. Data Retention & Deletion
- Journal Entries & Prayers: Retained for the lifetime of your account, so you can access your personal archive at any time.
- Subscription Data: Retained for the duration of your subscription plus up to 90 days after expiration for billing dispute resolution.
- Support Emails: Retained for up to 12 months after your inquiry is resolved.
- Complete Data Deletion: You can request a complete, irreversible data wipe at any time by using the "Delete Account" button in the App's Settings screen. This permanently removes all your data — journal entries, prayers, reactions, and subscription records — from our live production servers.
7. Your Data Rights
7.1 Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your personal data (available via the in-app "Delete Account" button or by contacting us).
- Right to Restriction: Request that we limit how we process your data.
- Right to Data Portability: Request your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent (e.g., personalized ads), you may withdraw consent at any time via the App's privacy settings or your device's ATT settings.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
7.2 Rights Under CCPA/CPRA (California, USA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Delete your personal information.
- Opt-Out of Sale/Sharing: We do not sell your personal information. You may opt out of cross-context behavioral advertising (personalized ads) via your device's ATT settings or the in-app consent manager.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
7.3 How to Exercise Your Rights
To exercise any of the above rights, you may:
- Use the "Delete Account" button in the App's Settings for immediate data deletion.
- Adjust your advertising preferences in the App's privacy settings or your device's Settings > Privacy > Tracking.
- Contact us at support@dawnjournal.app. We will respond to your request within 30 days.
8. Children's Privacy
The App is rated 13+ and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have inadvertently collected information from a child under 13, we will delete it immediately. If you believe a child has provided us with personal data, please contact us at support@dawnjournal.app.
9. Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR).
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also provide notice within the App. You are advised to review this Privacy Policy periodically.
11. Contact Us
If you have any privacy questions, concerns, or requests, please contact us at:
Email: support@dawnjournal.app