Privacy Policy

Last Updated: May 25, 2026

DayStar Diary is designed for children ages 6–14 and is fully committed to complying with the Children's Online Privacy Protection Act (COPPA) and all applicable child privacy laws. Your child's safety and privacy are our highest priorities.

1. Information We Collect

We collect only the minimum information necessary to provide the DayStar Diary experience:

  • Email Address — Used for account registration, login, and parent verification. A parent or guardian email is required to verify the account.
  • Display Name — A self-chosen username (not a real name) used to identify the user within the app.
  • Diary Entries — Titles, text content, and mood selections that the user creates within the app.
  • User ID — An internal identifier used to associate data with the correct account.

We do not collect real names, physical addresses, phone numbers, photos, precise location data, financial information, or any biometric data.

2. How We Use Information

All information collected is used solely for app functionality:

  • To create and manage user accounts
  • To store and display diary entries to the user
  • To enable the friends and sharing features (with parental approval)
  • To send parent verification emails
  • To send safety-related push notifications to verified parents
  • To moderate content for child safety using automated AI screening

We do not use any collected data for advertising, marketing, analytics, tracking, or profiling purposes. We do not sell, rent, or share personal information with any third parties for commercial purposes.

3. Parental Controls & Consent

DayStar Diary requires parental involvement:

  • Parent Verification — A parent or guardian must verify their email address to activate full account features.
  • Parent Dashboard — Verified parents can access a PIN-protected dashboard to review flagged entries, manage sharing permissions, and control account settings.
  • Sharing Approval — By default, diary entries cannot be shared with friends until a parent approves each share request. Parents can optionally enable auto-approval.
  • Account Deletion — Parents can delete their child's account and all associated data at any time through the parent dashboard.

4. Data Storage & Security

All data is stored securely using Supabase, which provides enterprise-grade security with encrypted connections and row-level security policies. Specifically:

  • All data is transmitted over HTTPS/TLS encryption
  • Database access is controlled by row-level security — users can only access their own data
  • Parent PINs are hashed with unique salts before storage
  • Brute-force protection limits PIN entry attempts
  • Authentication tokens are stored securely on-device

5. Friends & Social Features

DayStar Diary includes optional social features that are designed with child safety in mind:

  • Users can search for friends by display name and send friend requests
  • Diary entries are private by default and are never shared automatically
  • Sharing a diary entry requires the user to explicitly choose to share it
  • All shared entries must be approved by a verified parent before they become visible to friends (unless the parent has opted into auto-approval)
  • Users can unfriend or block other users at any time

6. Content Moderation

To help keep children safe, diary entries are screened by an automated AI content moderation system. Entries that are flagged for concerning content (such as references to self-harm, bullying, or other safety concerns) are brought to the attention of the verified parent through the parent dashboard and push notifications. No human at DayStar Diary reviews diary content unless required by law.

7. Third-Party Services

DayStar Diary uses the following third-party services to operate:

  • Supabase — Database, authentication, and serverless functions
  • Expo / EAS — App build and update delivery
  • Resend — Transactional email delivery (parent verification emails only)
  • OpenAI — Content moderation screening (diary text only, no personally identifiable information is sent)

None of these services receive data for advertising or tracking purposes. Data shared with these services is limited to the minimum necessary to provide their respective functions.

8. Data Retention & Deletion

Diary entries and account data are retained as long as the account is active. When a parent deletes a child's account through the parent dashboard, all associated data — including diary entries, friend connections, shared entries, and profile information — is permanently deleted from our systems. Push notification tokens are also removed upon account deletion.

9. Children's Privacy (COPPA Compliance)

We are committed to complying with COPPA. We do not:

  • Collect more information than is reasonably necessary
  • Condition participation on disclosure of unnecessary personal information
  • Share children's personal information with third parties for commercial purposes
  • Display targeted advertising to children

Parents have the right to review their child's personal information, request deletion, and refuse further collection at any time by contacting us or using the in-app parent dashboard.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify users through the app or by email. The "Last Updated" date at the top of this page reflects when the policy was most recently revised.

11. Contact Us

If you have questions about this privacy policy or your child's data, please contact us:

Email: d.spinkstx@gmail.com

Developer: Big Dreams Enterprise