Privacy Policy
Last updated: July 14, 2026
Conversations with a companion are intimate. This policy explains exactly what hidaisy.app collects, why, who touches it, and how to make it disappear.
1. What we collect
- Email address — if you join the waitlist or subscribe. It is your account identity.
- Your conversations — messages you send and Daisy's replies, plus memory the Service derives from them (facts and conversation summaries) so Daisy can remember you between sessions.
- Technical basics — IP address (for rate limiting and abuse prevention), rough request metadata, and operational logs.
- Payment status — our payment providers tell us whether a payment succeeded. We never see or store your card number, bank details, or wallet keys.
2. What we do NOT do
- We do not sell your data. Ever.
- We do not use your conversations for advertising.
- We do not use ad-tracking cookies. The only cookie the companion sets is the one that keeps your device signed in.
3. Who processes it (subprocessors)
We use a small set of infrastructure providers, each receiving only what its job requires:
- Cloudflare — hosting, networking, and bot protection.
- Supabase — encrypted database where your email, conversations, and memory live, locked down so only the Service can read them.
- AI model providers — your conversation text is sent to our model provider to generate Daisy's replies; it is not used to train their models under our configuration.
- Resend — sends transactional email (welcome, access links).
- Payment providers (e.g., NOWPayments) — handle payment itself; they have their own privacy policies.
4. Retention and deletion
Conversations and memory are kept while your account is active so Daisy can remember you. You may request complete deletion of your data (conversations, memory, and account records) at any time by emailing support@hidaisy.app from your account email. We honor verified requests within 30 days, except records we are legally required to keep (e.g., payment and abuse-report records).
5. Security
Data in transit is encrypted (HTTPS everywhere). Database access is locked to server-side keys with row-level security; public API credentials can neither read nor write your data. Moderation and abuse events are logged for legal compliance.
6. Your rights
Depending on where you live (GDPR, CCPA, and similar laws), you may have rights to access, correct, export, or delete your personal data, and to object to processing. Exercise any of them via support@hidaisy.app. We do not discriminate against you for exercising your rights.
7. Children
The Service is for adults 18+ only. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it and terminate the account.
8. Changes
Material changes to this policy will be posted here with a new "Last updated" date.
9. Contact
support@hidaisy.app — see the Contact page.