Legal

Privacy policy

Last updated: July 13, 2026

What Dayfile is

Dayfile ("the Service") is a personal memory and calendar service for AI assistants. It stores a private profile of your life — memories about you and the people who matter to you, organized into contexts — connects to your Google Calendar, and serves that information to AI clients you explicitly authorize (such as Claude, ChatGPT, or Cursor) over the Model Context Protocol (MCP). You can also connect with other Dayfile users to find mutual free time.

This policy explains exactly what we store, what leaves our servers and why, what your connected AI clients can access, and how to see, export, or delete everything.

The short version

Data we store

Account data. Your email address, display name, and — if you sign up with a password — a bcrypt hash of it (never the password itself). If you sign in with Google, your Google email and display name.

Memories. The text of each memory you or your connected AI clients save (up to 2,000 characters), along with its category, tags, the name of a person it's about (if any), the context it belongs to (if any), its source (web or MCP), and timestamps. Memories are stored until you delete them.

Memories about other people. Memories can describe people in your life ("Ana's birthday is June 15"). This information is treated as your private content: it is visible only to you and the AI clients you authorize, and it is never shown to the person it describes or to your connections. You are responsible for what you choose to record about others.

Search embeddings. For each memory, a numerical embedding (a 1,024-dimension vector) used for semantic search. Embeddings are generated by sending the memory text to Cohere (see Subprocessors) and are stored in our database alongside the memory. Embeddings are deleted when the memory is deleted.

Contexts. The names, briefs (pinned instruction paragraphs), and archived status of the life contexts you create.

Calendar data. When you connect a Google account, we store your OAuth tokens encrypted at rest with AES-256 (Fernet) and your per-calendar visibility preferences. Calendar events are fetched from Google's API in real time when you or an authorized client requests them and are not permanently stored. Scopes requested: calendar.events, calendar.calendarlist.readonly, userinfo.email, userinfo.profile.

Connections and invitations. The email addresses you invite, connection status, and each side's per-feature sharing preferences (calendar, interests, location). Invitation tokens are stored only as SHA-256 hashes.

Connected AI clients. Records of each OAuth client you've authorized, the scopes and context allowlists you've granted it, and its tokens — stored only as SHA-256 hashes. Access tokens expire after 1 hour, refresh tokens after 30 days, and authorization codes after 10 minutes.

Usage metering. A daily count of semantic searches, used to enforce plan limits. Resets daily.

Billing. If you subscribe to Pro, payment is processed by Lemon Squeezy. We never see or store your card details; we store your subscription status and a reference to your Lemon Squeezy customer record.

Technical data. Standard server logs and error reports (see Sentry under Subprocessors). We do not deliberately send your memory content to our error tracker, and we do not enable its optional collection of personally identifying request data.

How we use your data

Exclusively to provide and improve Dayfile's user-facing features: storing and retrieving your memories, generating your daily briefing, answering your authorized AI clients' requests, computing shared availability with your connections, and operating your account and subscription.

We do not:

What your connected AI clients can access

This is the part of Dayfile most policies don't have, so we want it to be precise.

Nothing by default. No AI client can access anything until you complete an OAuth 2.1 authorization for it and approve its requested scopes on our consent screen.

Scopes. A client only receives the capabilities you approve: reading your calendar, writing to it, reading memory, writing memory, and reading connections are separate permissions.

Context boundaries. You can restrict any client to specific contexts from Settings. A restricted client can only read and write memories inside its allowed contexts — it cannot see your other contexts, and it cannot see memories that aren't assigned to any context. A client with no restriction set can access your full profile within its scopes, so we recommend setting boundaries for work or special-purpose tools.

Free/busy only for connections. When a connected friend's AI (or yours) asks for mutual availability, Dayfile returns only free/busy windows — never event titles, locations, attendees, or descriptions, in either direction.

After delivery, their policy applies. When Dayfile returns information to an AI client you connected — for example, your briefing into Claude or ChatGPT — that information becomes part of your conversation with that provider and is governed by their privacy policy and retention practices, not ours. Choose the clients you connect the way you'd choose what to tell them directly.

Revocation. You can disconnect any client from Settings at any time, which invalidates its tokens immediately. Reuse of an expired authorization code triggers revocation of the entire token chain.

Subprocessors

We share data with the following providers, only as needed to run the service:

ProviderPurposeWhat they receive
Google Calendar access, sign-in OAuth flows; calendar API requests for your enabled calendars
Cohere Search embeddings The text of each memory, at save time, to generate its embedding. See Cohere's privacy terms for how they handle API inputs.
Railway Hosting and database All service data, encrypted in transit; infrastructure-level encryption at rest
Lemon Squeezy Payments and subscriptions Your email and payment details (provided by you to them directly); they send us signed subscription status webhooks
Sentry Error tracking Error reports and request metadata, with the optional collection of personally identifying request data disabled
Resend Transactional email (invitations, password resets) Recipient email addresses and message content

We do not transfer your data to any third party beyond this list, except as required by applicable law.

Security

Retention and deletion

Your rights

Regardless of where you live, you can: access everything we hold about you (it's visible in the app), export it as one document, correct or edit any memory, delete any memory or your whole account, disconnect any Google account, and revoke any AI client. If you are in a jurisdiction with statutory data rights (such as the EU/EEA, UK, or Canada under PIPEDA), those rights apply and you can exercise them by contacting us.

Google API Services User Data Policy

Dayfile's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Children

Dayfile is not directed at children and may not be used by anyone under 18.

Changes to this policy

We'll communicate material changes through the application interface, and this page always shows the date of the last revision.

Contact

Questions, concerns, or data requests: hello@cristiano.io