Privacy Policy

1. Introduction & Scope

This Privacy Policy ("Policy") explains how Sithumina Konara ("Developer," "we," "us," or "our") collects, uses, stores, and protects your information when you use DailyHi (the "App") on Android devices via the Google Play Store.

By installing, creating an account, or using the App, you agree to the practices described in this Policy. If you do not agree, please uninstall the App and do not use it. For questions, contact us at support@sithuminakonara.com.

2. Information We Collect

2.1 — Information You Provide Directly

Data	How Collected	Purpose
Name, Gender, email address, profile photo	Google Sign-In	Account creation, identification, and cloud sync, Personalization
Habit names and completion records	Created by you in the app	Core habit tracking functionality
Streak counts, XP, levels, achievements	Generated by usage	Gamified progression system
Gratitude journal entries	Typed by you	Evening reflection feature
Mood tracking selections	Selected by you	Mood logging and insights
Journal photos	Uploaded from your device (Premium)	Photo journaling feature
Goal data	Created by you (Premium)	Goal tracking feature
App settings and preferences	Configured by you	Personalising your experience

2.2 — Information Collected Automatically

We may automatically collect limited technical data to maintain and improve the App:

• Device information: Device model, operating system version, app version number.
• Crash reports: Anonymised stack traces when the app crashes, used solely to fix bugs.
• Usage analytics: Anonymised feature interaction events (e.g., how often the habit-check screen is opened) to understand which features are most valuable. This data does not include any personally identifiable information and cannot be traced back to you.

We do not use tracking SDKs, behaviour profiling, or advertising identifiers of any kind.

3. Authentication - Google Sign-In

DailyHi uses Google Sign-In as its sole authentication method. When you sign in, Google shares your name, email address, and profile photo with us. We do not receive your Google password.

We use this information exclusively to create and identify your account and to enable cloud sync of your app data. We do not use it for marketing, advertising, or data brokering.

Our use of information received from Google APIs complies fully with the Google API Services User Data Policy, including the Limited Use requirements. Your Google account information is never shared with third parties for advertising purposes.

You may revoke DailyHi's access to your Google account at any time via myaccount.google.com/permissions. Revoking access will prevent sign-in and cloud sync but will not automatically delete your stored data.

4. How We Use Your Information

We use the data we collect exclusively for the following purposes:

• Providing and operating all features of the App as described
• Authenticating your identity and maintaining your account securely
• Syncing your data across your devices via Firebase cloud storage
• Computing XP, streak counts, level progression, and achievement data
• Displaying personalised daily motivational messages
• Diagnosing technical issues and improving App stability through crash reports
• Understanding aggregate feature usage to improve the product (anonymised analytics only)
• Processing and verifying your subscription status through Google Play Billing
• Communicating with you about your account or subscription when necessary
• Complying with applicable legal obligations

We do not use your data for: advertising targeting, sale to third parties, profiling for commercial purposes, or any purpose not listed above.

5. Device Permissions

DailyHi requests the following Android permissions. Each permission is used only for the stated purpose and is not used to collect data beyond what is described.

Permission	Why It's Required	When Requested
INTERNET	Required for Google Sign-In, cloud sync and backup (Premium), and fetching daily motivational messages. Not used for advertising or tracking.	Always (app startup)
READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE	Allows you to select a photo from your gallery to attach to journal entries. The app reads only the specific image you select — it does not scan, index, or upload your entire photo library.	When you tap "Add Photo" in journal (Premium)
POST_NOTIFICATIONS	Allows DailyHi to send optional daily reminder notifications to check in on your habits. You can disable these at any time in the App settings or device notification settings.	First time notifications are enabled
RECEIVE_BOOT_COMPLETED	Allows the App to reschedule your daily habit reminders after a device restart, so notifications continue to work reliably.	Automatically on device restart
VIBRATE	Allows the App to use device vibration for habit completion feedback and notification alerts.	On habit completion / notification
BILLING	Required by Google Play Billing to process Premium subscription purchases. We never see or store your payment details — all payment processing is handled entirely by Google.	When you upgrade to Premium

6. Subscriptions & Payment Processing

6.1 - Subscription Plans

DailyHi offers a freemium model:

• Free tier: Core habit tracking features, available permanently at no charge.
• DailyHi Premium: A paid subscription (monthly or annual) that unlocks the full feature set, including photo journaling, and unlimited habits.

6.2 - Google Play Billing

All subscription purchases and renewals are processed entirely through Google Play Billing. This means:

• We never receive, process, or store your credit card number, bank details, or any payment credentials.
• All payment transactions are governed by Google's Payments Privacy Notice.
• We receive only a confirmation token from Google confirming whether your subscription is active or not, your subscription tier (monthly/annual), and when it expires.
• Your Google Play account and payment method are managed entirely through Google.

6.3 - Subscription Management & Cancellation

You can manage, pause, or cancel your Premium subscription at any time through your Google Play account:

• Google Play Store app → Profile icon → Payments & subscriptions → Subscriptions → DailyHi
• Or visit: play.google.com/store/account/subscriptions

Cancelling prevents future charges. You retain Premium access until the end of your current billing period. Refunds are subject to Google Play's refund policy. We do not issue refunds outside of Google Play's standard process.

6.4 - Free Trial

DailyHi Premium may offer a free trial period. The trial period and terms are clearly stated in the Google Play listing before you subscribe. If you do not cancel before the trial ends, your Google Play account will be charged the subscription price automatically. No charge is made without your explicit action to initiate the trial.

7. Cloud Storage & Data Hosting

When you are signed in, your app data is stored in Firebase Firestore and Firebase Storage (Google LLC), which provides secure, redundant cloud infrastructure. This powers the following features:

• Automatic real-time backup of your habits, streaks, journal entries, and progress
• Seamless access to your data across multiple devices with the same Google account
• Data recovery if you reinstall the app or switch Android devices

All data stored in Firebase is:

• Encrypted at rest using AES-256
• Transmitted over TLS-encrypted connections
• Accessible only through your authenticated account - not visible to other users
• Stored in Google Cloud data centers, primarily in the United States (see Section 14 on international transfers)

Firebase security rules ensure that each user can only read and write their own data. The Developer has administrative access to the Firebase console for maintenance and support purposes only, and does not routinely access individual user data.

8. Third-Party Services

DailyHi integrates the following third-party services. No other third-party SDKs, analytics platforms, or advertising networks are integrated in the App.

Service	Provider	Purpose	Privacy Policy
Firebase Authentication	Google LLC	Google Sign-In and secure session management	firebase.google.com/support/privacy
Firebase Firestore	Google LLC	Cloud database storing habits, progress, and journal data	firebase.google.com/support/privacy
Firebase Storage	Google LLC	Storing journal photos uploaded by Premium users	firebase.google.com/support/privacy
Firebase Crashlytics	Google LLC	Anonymised crash reporting for bug diagnosis. No PII is transmitted.	firebase.google.com/support/privacy
Google Play Billing	Google LLC	Processing Premium subscription purchases and renewals	policies.google.com/privacy
Google Sign-In (OAuth 2.0)	Google LLC	User authentication	policies.google.com/privacy

All third-party providers above are bound by their own privacy policies and applicable data processing agreements. Google LLC processes data as described in Google's Privacy Policy and Firebase's Data Processing and Security Terms.

9. Data Sharing

We do not sell, rent, lease, or otherwise share your personal information with any third party for their own commercial purposes.

We share data only in the following limited circumstances:

• Service providers: Data is shared with Google LLC (Firebase) solely as necessary to operate the App's cloud features, as described in Section 8. Google processes this data on our behalf and is contractually prohibited from using it for their own purposes.
• Legal requirements: We may disclose your information if required to do so by law, regulation, valid court order, or to protect the rights, property, or safety of DailyHi users or the public.
• Business transfer: In the unlikely event that DailyHi is sold or transferred to another entity, your data may be transferred as part of that transaction. We will notify you in advance of any such transfer and give you the option to delete your account.
• With your explicit consent: In any other situation, we will only share your data if you have given clear, informed consent.

10. Data Retention

We retain your personal data for as long as your account remains active. Specifically:

• Active accounts: All data is retained while you have an account and the App installed.
• Account deletion: When you delete your account through the App (Profile → Settings → Delete Account), all associated personal data - habits, journal entries, photos, progress, mood data, and account credentials - is permanently and irreversibly deleted from our Firebase database within 30 days of the request.
• Anonymised analytics: Aggregated, non-identifiable usage statistics may be retained indefinitely, as they cannot be linked to any individual user.
• Legal retention: We may retain certain data for longer periods where required by law (e.g., transaction records may be retained for accounting purposes for up to 7 years, as required in some jurisdictions).

You may also delete individual journal entries, habits, or other data at any time from within the App without deleting your entire account.

11. Your Rights & Data Controls

You have the following rights regarding your data at all times:

• Access: View all your data within the App at any time.
• Correction: Edit or update any of your habits, journal entries, or personal information within the App.
• Deletion: Delete individual items within the App, or delete your entire account and all associated data via Profile →Settings → Delete Account.
• Portability: Contact us to request an export of your personal data in a machine-readable format (JSON). We will respond within 30 days.
• Restriction: Contact us to request that we restrict processing of your data in certain circumstances.
• Objection: You may object to certain types of data processing (e.g., analytics) by contacting us.
• Revoke Google access: Revoke DailyHi's Google Sign-In permissions at any time via myaccount.google.com/permissions.
• Notification opt-out: Disable push notifications at any time through your device's notification settings.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific privacy laws (such as GDPR or UK GDPR), you have additional rights including the right to lodge a complaint with your local data protection authority. If you are located in California (USA), you have rights under the California Consumer Privacy Act (CCPA), including the right to know what data we collect and the right to opt out of the sale of personal information (which we do not engage in).

To exercise any of these rights, contact us at support@sithuminakonara.com. We will respond within 30 days.

12. Children's Privacy

DailyHi is not designed for or directed at children under the age of 13 (or 16 in the EEA/UK where applicable). We do not knowingly collect personal information from children. Google Sign-In is used for all accounts, which provides an additional layer of age verification via Google's own account policies.

If you believe a child under 13 has created an account in DailyHi, please contact us immediately at support@sithuminakonara.com. We will promptly investigate and delete the account and all associated data if confirmed.

13. Data Security

We implement industry-standard technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction:

• Encryption in transit: All data exchanged between the App and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Data stored in Firebase Firestore and Firebase Storage is encrypted at rest using AES-256.
• Authentication: Secure Google Sign-In with OAuth 2.0 - no passwords are stored by us.
• Database security rules: Firebase security rules enforce strict per-user data isolation - no user can access another user's data.
• Access controls: Administrative access to the Firebase console is limited to the Developer and is protected by multi-factor authentication.
• Crash reporting: Crash data collected via Crashlytics is anonymised and does not include personal information or journal content.

While we take all reasonable precautions, no system is 100% immune from security incidents. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities as required by applicable law, without undue delay.

14. International Data Transfers

DailyHi uses Firebase services operated by Google LLC, headquartered in the United States. If you are located outside the United States, your personal data may be transferred to and processed in data centers located in the United States or other countries.

For users in the EEA, UK, or Switzerland, such transfers are made under Google's standard contractual clauses and adequacy decisions where applicable, as described in Google's Firebase data processing terms. By using the App, you acknowledge and consent to the transfer of your data as described in this Policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App, our practices, or applicable laws. When we make changes, we will:

• Revise the "Last Updated" date at the top of this page.
• Display a notice within the App if the changes are significant.
• For material changes affecting your rights, seek renewed consent where required by applicable law.

We encourage you to review this Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated Policy. Previous versions of this Policy are available on request.

16. Contact Us