Shadow Labs Studios LogoShadow Labs StudiosOur Apps

Privacy Policy | Daily Love Notes

Last updated: April 24, 2026

This Privacy Policy explains how Daily Love Notes ("Service") collects, uses, stores, and protects information when you use the app.

Daily Love Notes is a relationship-focused app where a creator writes a collection (also referred to as an "album") of affectionate cards and a receiver unlocks one card every 24 hours.

Information We Collect

Account and Profile Data

  • Name, email address, and account identifiers.
  • Authentication and security-related metadata.
  • Account and authentication data are stored and managed through Supabase (our backend and database provider).

App Content Data

  • Card collections (albums), messages, and unlock schedule metadata.
  • Card styling settings (solid colors, gradients, local themes).
  • Optional uploaded personal photos used as card backgrounds, stored in Supabase Storage.
  • Invite metadata, including share links and QR invite references.

Subscription and Purchase Data

  • Subscription status, entitlement, and purchase events processed through RevenueCat and the relevant app store (Apple App Store or Google Play).
  • We do not receive or store your full payment card details. Payments are handled by the store.

Usage and Technical Data

  • Device type, app version, OS, session events, and diagnostics.
  • Product analytics events (for example: card opened, invite accepted, collection created) collected through PostHog.

How We Use Data

  • To provide core app functionality and daily unlock behavior.
  • To sync creator/receiver content and preserve unlocked memories.
  • To process subscriptions and in-app purchases, and to unlock premium entitlements (through RevenueCat and the app stores).
  • To keep the Service secure and prevent abuse.
  • To analyze performance, understand feature usage, and improve the product (through PostHog analytics).
  • To respond to support, legal, and account requests.

Daily Unlock Logic

We process unlock timestamps and collection progress to enforce the one-card-per-24-hours rule. Future cards remain locked until their unlock window is reached.

Unlocked cards remain available to the receiver as part of a timeline of memories. Creators are not allowed to edit cards that have already been unlocked.

Legal Bases (EEA/UK, where applicable)

  • Performance of a contract (providing the Service).
  • Legitimate interests (security, reliability, product improvement).
  • Consent (where required, including optional features).
  • Compliance with legal obligations.

Third-Party Services and Subprocessors

We do not sell personal data. To operate the Service, we rely on a small number of trusted providers that act as processors or subprocessors on our behalf. By using Daily Love Notes, you acknowledge that your information may be processed by the providers listed below under their own privacy terms.

Supabase (backend, database, and storage)

  • Hosts authentication, the Postgres database, and file storage for card images.
  • Processes data such as account identifiers, collections, cards, unlock state, invite metadata, and uploaded media.
  • Privacy information: https://supabase.com/privacy.

RevenueCat (subscriptions and in-app purchases)

  • Manages subscription state and entitlements across Apple App Store and Google Play.
  • Receives a pseudonymous user identifier and purchase metadata from the stores (for example, product ID, transaction state, renewal status).
  • Does not receive the content of your cards, messages, or uploaded photos.
  • Privacy information: https://www.revenuecat.com/privacy.

PostHog (product analytics and diagnostics)

  • Collects aggregated product analytics events (for example: card_opened, invite_accepted, collection_created), device/session metadata, and feature flag evaluations.
  • Helps us understand how the app is used and improve features and reliability.
  • Is not used for advertising, and we do not sell analytics data to third parties.
  • Privacy information: https://posthog.com/privacy.

Other Recipients

We may also share data with legal authorities when required by applicable law, or with professional advisors bound by confidentiality obligations.

Data Retention

We retain account and app content data in Supabase while your account is active. When you request deletion, we remove your personal data from our Supabase database and storage, subject to limited retention for legal, fraud prevention, backup, and dispute-resolution purposes.

To support your continued use of the Service, we provide a retention commitment for core account and app content data for up to five (5) years from the date such data is created or last actively associated with an account. This is the retention guarantee we provide to enable normal use of the product. Beyond this five-year period, we do not guarantee continued storage or recoverability of such data.

Subscription records kept by RevenueCat and the app stores may be retained according to their own retention policies, and aggregated analytics events captured in PostHog may persist in a form that does not identify you individually.

Security

We use reasonable administrative, technical, and organizational measures to protect personal data, and we rely on the security controls of our infrastructure providers (such as Supabase). No method of transmission or storage is 100% secure, and absolute security cannot be guaranteed.

Your Rights

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing where legally available.
  • Withdraw consent where processing relies on consent.

You can request account or data deletion by contacting us at the email below.

Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we learn such data was collected, we will take steps to remove it.

International Transfers

Your information may be processed in countries other than your own. Our providers — including Supabase, RevenueCat, and PostHog — may process data outside the European Economic Area and the United Kingdom. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for international transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide notice through the app or website when appropriate.

Contact Us

If you have privacy questions, contact us at:

  • shadowmmastudios@gmail.com