policy

DaisyAI Privacy Policy

Effective Date: 01.09.2025

Introduction
At DaisyAI, we are committed to protecting our users’ privacy. This Privacy Policy explains what data we collect when you use the DaisyAI application (“App”), how we use and disclose that data, and what measures we take to protect it. By using the App, you agree to the terms of this Privacy Policy. If you do not agree with any provisions, please discontinue using the App.
We have drafted this Policy in line with the requirements of major app distribution platforms (Apple App Store and Google Play) and applicable data protection laws. In particular, we comply with the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the United States, as well as similar regulations in other jurisdictions, including the laws of the UAE and CIS countries (e.g., the Russian Federal Law No. 152-FZ on Personal Data) (secureprivacy.ai). Our goal is to transparently inform you about how and why we collect activity data and to ensure your confidence in the security of that data.

Data We Collect

We collect only the data necessary for the App to function and to provide you with personalized services. The data falls into two main categories: activity data and personal data.
Activity data – information about your physical activity and health that you choose to provide to us or synchronize with the App. This includes:

Steps, distance, and activity levels – number of steps, distance covered, activity time, etc.
Heart rate and pulse – heart rate data (e.g., from a fitness tracker or smartwatch).
Sleep – information on sleep duration and quality (e.g., sleep time, sleep stages, interruptions).
Workouts and events – data about your workouts, physical exercises, competitions, or other related events (e.g., type of activity, duration, intensity).
Calories, weight, and health indicators – information on calories burned, body weight, indices or health assessments (e.g., stress level, energy level, activity indicators, and other well-being metrics).

We use this activity data exclusively to visualize your lifestyle balance within DaisyAI and to provide you with personalized analytical recommendations regarding health and lifestyle. This data is not used for any purposes outside the App’s functionality—we do not share your activity data with advertisers and do not use it for targeted advertising.
Personal data – information that identifies you as a user of the App. We request a minimal set of personal datanecessary to create and manage your account:

Name – your name or a nickname to be displayed in the App.
Email address – used for account registration, sign-in, account recovery, and feedback.
Avatar (optional) – a photo or profile image you may upload at your discretion for account personalization.
Profile settings – user preferences in the App (e.g., interface language, units of measurement, and other settings).

Please note: we do not collect geolocation data (location). The DaisyAI App does not request GPS access and does not track your location explicitly or in the background. We also do not collect data not listed above without your explicit permission. If, in the future, we need to collect additional categories of data, we will update this Privacy Policy in advance and request your consent.

Use of Collected Data

We process your data exclusively for the purposes for which it was collected and rely on lawful bases for processing (e.g., your explicit consent or necessity for the performance of our services). The main uses of information are:

Providing App features: Activity data is used to build charts, statistics, and other visualizations of your lifestyle balance within DaisyAI, as well as to generate personalized recommendations. For example, by analyzing your steps, sleep, and heart rate, DaisyAI algorithms can provide suggestions to improve your daily routine or physical activity.
Account management: Your personal data (name, email, etc.) is used to register and authenticate you in the system, to synchronize your data across devices, and to communicate with you regarding the operation of the App. For example, we may use your email to send important account security notices or service update information.
Service improvement and support: We may analyze aggregated (de-identified) data about user interaction with the App to improve our service, user interface, and features. Such analytics is performed only on aggregated data that cannot identify a specific user. We do not sell or disclose your personal or activity data to third parties for their own marketing or advertising purposes (healthsourceri.com, healthsourceri.com).
User communications: With your consent, we may send you push notifications or emails containing informational messages about new features, tips for using DaisyAI, or satisfaction surveys. You can change your notification settings at any time in your profile. We will not overuse such communications and will always provide the option to opt out of marketing messages.

We do not use collected data for any purposes unrelated to the App’s core functionality. In particular, we do not make automated decisions that significantly affect you based on your data without human involvement. If, in the future, new purposes arise that are incompatible with the original purposes of collection, we will seek your additional consent.

Third-Party Services and Data Disclosure

To ensure the operation of the DaisyAI App, we use certain third-party services. We carefully select such partners, ensuring they adequately protect data and comply with privacy requirements.

Firebase (Google LLC): We use Firebase in various modules of the App, including Firebase Authentication for simplified registration and sign-in, Firebase Cloud Messaging for push notifications, and Firebase Crashlytics/Analytics for crash reporting and high-level usage analysis (in aggregated form). These services may access certain data (e.g., device identifier, push notification token, technical session information). Firebase acts as a processor on our behalf and does not use your information for its own purposes. For more details on Firebase security, please see Google’s documentation. We ensure that data transmitted to Firebase is anonymized where possible and limited to what is necessary.
Integration with wearables and platforms: If you choose to connect DaisyAI with other services or devices such as Garmin, Apple HealthKit, or Google Fit, we will receive activity data from these sources only with your explicit permission. Such integrations are fully optional and require your separate consent to data access. When you connect, for example, a Garmin Connect account, the App can import your activity metrics (steps, heart rate, workouts, etc.) for display and analysis in DaisyAI. We use this data in the same way as other activity data—solely to provide App services. Note that each third-party service has its own privacy policy, and we recommend reviewing it (e.g., Garmin’s Privacy Policy is available on their official website). We do not transmit your data back to these services unless required for the integration to function and you have explicitly approved such exchange.
Disclosure to third parties: As a rule, we do not disclose or transfer your personal data to external organizations, individuals, or advertising partners. Exceptions are possible only in limited situations:
Legal requirements: We may provide user information to competent authorities if required by applicable laws, a court order, or other binding legal process. In such cases, we will disclose only the information necessary for the specific request.
Protection of rights and safety: If necessary to detect, prevent, or respond to fraud, violations of the App’s Terms of Use, threats to DaisyAI’s technical or information security, or infringement of other users’ rights, we may share data (e.g., with law enforcement or advisors) to the extent necessary to protect legitimate interests.
With your consent: In some cases, you may ask or allow us to transfer your data to a third party—for example, participation in a research project, sharing data with your personal trainer or physician. In such cases, we transfer data only with your explicit consent and inform you about the scope of use by the recipient.

We guarantee that we do not sell users’ personal data and do not transfer it for commercial gain. All third-party processors (e.g., Firebase) operate under contracts obligating them to protect your information and use it only to provide services to us, not for their own purposes.

Data Storage and Security

We take necessary measures to ensure your data is stored securely and protected against unauthorized access or leaks. Our storage and protection practices include:

Servers and infrastructure: The main volume of user data is stored on our secure servers. For hosting and processing, we use modern cloud platforms such as Amazon Web Services (AWS) or Google Cloud Platform, which provide a high level of physical and network security. (Here and below, “our servers” refers to dedicated capacities in the cloud owned by us or our storage service providers.) Server access is restricted and controlled; data is protected with authentication and encryption mechanisms.
Local storage: Some activity data may be temporarily cached locally on your device. This ensures quick access to recent metrics and offline App functionality. For example, recent steps or the latest workout can be stored in the App’s memory so you can view them without an internet connection. Such local information is stored only within the App’s sandbox on your device and is protected by the standard security mechanisms of your phone’s operating system.
Data transmission: All data between the DaisyAI App and our servers is transmitted in encrypted form. We use secure HTTPS connections (with TLS 1.2 or higher) for all network requests. This means your activity and personal data are encrypted before being sent and decrypted only on our server (or on your device when receiving a response). This level of encryption prevents interception and reading of your data by third parties during transmission.
Security measures: We implement administrative, organizational, and technical measures to protect your data. These include limiting the number of employees with access to personal information (only authorized personnel servicing the system), regularly updating server software and the App to fix vulnerabilities, encrypting sensitive data in the database, backups, and monitoring systems for suspicious activity. We also conduct periodic security assessments and testing (e.g., penetration testing) to enhance our safeguards.
Despite these measures, it is important to understand that no method of transmission over the internet or electronic storage is absolutely secure. We continually improve our security protocols; however, we cannot guarantee 100% security under all circumstances. You also play a role in protecting your data: please use a strong password for your account, do not share it with third parties, and update the App in a timely manner.
Retention periods: We retain your personal data for as long as you have an active account or as necessary to provide the App’s services. Activity data is retained so you can view your history and lifestyle trends. If you decide to delete your account or ask us to delete certain data, we will do so (see Your Rights below). In some cases, we may need to retain certain information after account deletion if required by law or to substantiate our legal obligations, resolve disputes, or prevent fraud. In any case, if the data is no longer needed for any purpose, we will securely destroy or anonymize it.

Users’ Rights and Legal Bases
We recognize the importance of your privacy rights and aim to provide you with control over your personal data. DaisyAI complies with data protection laws, including GDPR and CCPA, and similar regulations in other countries, offering you the following options:

Access and data portability: You have the right to request confirmation of whether we process your personal data and to obtain a copy of all data we store about you in a structured electronic format. Upon your request, we will provide information about activity and personal data associated with your account (learn.microsoft.com). Where technically feasible, you may also request portability—i.e., to receive your data in a format suitable for transfer to another service.
Data rectification: If any information about you is incorrect or outdated (e.g., you changed your email or found an error in activity data), you may request correction or update it yourself through profile settings. We will promptly update inaccurate information to ensure accuracy and relevance.
Data deletion (“right to be forgotten”): You may delete your account or specific categories of data at any time. The DaisyAI App may provide an in-App profile deletion feature; you can also contact support to request data deletion. Upon receiving such a request, we will delete (or anonymize) your personal and activity data from our systems, except where retention is required by law. Note that account deletion is irreversible—your activity history and settings will be lost.
Restriction of processing: In certain situations (e.g., if you contest the accuracy of data or object to processing), you have the right to request temporary restriction of processing your personal data. This means we will mark stored data and temporarily suspend operations on it except storage. The restriction may be lifted after your request is resolved.
Withdrawal of consent: Where processing is based on your consent (e.g., connecting a Garmin account or accessing Apple HealthKit data), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal but may make certain App features unavailable (e.g., if you disable access to wearable activity data, we will not be able to display current metrics from that device). We will clearly explain the consequences of each consent and how to withdraw it in the App settings.
Right to object: Where we process your data based on our legitimate interests, you have the right to object. If you object, we will stop processing your data for the relevant purposes unless we have compelling legitimate grounds to continue (e.g., the necessity to protect legal claims).
California rights (CCPA/CPRA): If you are a California resident, in addition to the above, you have the right to know what categories of personal information have been collected about you over the past 12 months, the purposes of collection, sources of data, and the categories of third parties to whom this information is disclosed (if any). You also have the right to request deletion of your personal data and opt out of its “sale” (note that we do not sell users’ personal data, so by default your data is not transferred to third parties in the sense of a “sale” under the CCPA) (learn.microsoft.com). We will not discriminate against you for exercising your privacy rights guaranteed by the CCPA. If California laws are updated (e.g., CPRA amendments to CCPA), we also account for their requirements.
Rights of residents of other regions: We strive to respect similar rights in other jurisdictions. If you are in the European Economic Area (EEA) or the United Kingdom, you have data subject rights under the GDPR as described above. If you are in the UAE, Russia, Kazakhstan, Uzbekistan, or another country with specific personal data laws, we will comply with applicable requirements. For example, for users in Russia, we will ensure rights under Federal Law No. 152-FZ, including the right to obtain information about where their personal data is stored and the right to withdraw consent. We also take into account local data localization requirements: where required by law, the data of citizens of a particular country may be stored on servers located within that country (e.g., data of users from Russia may be stored in Russia if needed to comply with the law).

To exercise any of the above rights, please contact us (see Contacts below). We will review your request and respond within the time limits set by law (e.g., within 30 days under the GDPR, with a possible extension if necessary). For your security, we may request identity verification before fulfilling access or deletion requests.

Children’s Privacy

The DaisyAI App is not intended for use by children without adult supervision. We do not knowingly collect personal data from individuals under the age of 16 (or the applicable minimum age in your jurisdiction, e.g., 13 in some countries). If you are under 16, please do not register in the App or provide us with your information.
Parents and legal guardians: if you discover that your child has provided us with personal data without your consent, please contact us. We will promptly delete such information and, if necessary, delete the minor’s account to comply with legal requirements (e.g., COPPA in the U.S. or GDPR provisions regarding parental consent for children below the set age).
International Data Transfers

Because our App is available worldwide, your data may be processed and stored outside your country. In particular, our primary servers may be located in countries outside the EEA (e.g., in the United States if using AWS/Firebase). Nonetheless, we take all necessary measures to ensure adequate protection of your data during cross-border transfers.
If you are in the European Union, we ensure that when transferring your data outside the EEA, GDPR requirements for international transfers are met. This may include the use of Standard Contractual Clauses (SCCs) or transfers to countries recognized as providing an adequate level of protection. Similar measures are taken for users from other countries: we comply with local requirements so that your information is protected in accordance with this Policy regardless of where it is processed.

Updates to This Privacy Policy
We may update this Privacy Policy from time to time—for example, when adding new App features, integrating new services, or when legal requirements change. When making material changes, we will notify you by posting a prominent notice in the App (e.g., a pop-up) or by sending an email, and will update the effective date at the beginning of this Policy.
We recommend reviewing this Policy periodically to stay informed about what information we collect and how we use it. Your continued use of DaisyAI after changes take effect constitutes your acceptance of the updated Policy. If you do not agree with the changes, you may stop using the App and, if desired, delete your account by notifying us.

Contacts
If you have any questions, comments, or requests regarding this Privacy Policy or our data processing, please contact us. We welcome your feedback and are ready to help.
Privacy Contact Information:
Email: info@aurumsmart.ae

We will strive to respond as quickly as possible, usually within a few business days. If you believe we have processed your data in violation of the law or your rights, you also have the right to file a complaint with your country’s data protection authority.
Thank you for trusting DaisyAI. We value your privacy and make every effort to ensure the security and transparency of our data practices.