Privacy Policy
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use ThisDayWithYou and related services, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
1. Data Controller
The Data Controller responsible for processing your personal data is:
ThisDayWithYou
Email: privacy@thisdaywithyou.com
As Data Controller, we determine the purposes and means of processing personal data and ensure compliance with applicable data protection laws.
2. Data We Collect
We collect and process the following categories of personal data:
2.1 Account and Identity Data
| Data | Purpose |
|---|---|
| Email address | Account creation, login, and communications |
| Display name | Personalization and identification within the app |
| Profile photo | Visual identification in the interface |
| Password (hashed) | Secure authentication |
| Timezone | Correct scheduling of reminders and notifications |
| Language preference | Display content in your preferred language |
2.2 User-Generated Content
| Data | Purpose |
|---|---|
| Daily memories (text, images) | Core service functionality |
| Memory albums and photos | Long-term memory preservation |
| Person directory (names, relationships, photos, phone numbers) | Help users remember important people |
2.3 Health-Related Data
Important: Medication data is considered health data under GDPR and receives enhanced protection. We process this data only with your explicit consent.
| Data | Purpose |
|---|---|
| Medication names and dosages | Medication tracking and reminders |
| Medication schedules | Automated reminder notifications |
| Dose adherence records | Track medication taken/missed |
| Medication stock levels | Low stock alerts |
| Medication notes | Additional medication information |
2.4 Technical and Device Data
| Data | Purpose |
|---|---|
| IP address | Security, fraud prevention, and audit logging |
| Browser and device information (User Agent) | Service optimization and security |
| Push notification tokens | Deliver notifications to your device |
| Session data | Keep you logged in securely |
2.5 Payment and Subscription Data
| Data | Purpose |
|---|---|
| Subscription status and history | Manage your subscription |
| Payment transaction records | Billing and accounting |
| PayPal payer email (from PayPal) | Payment processing and support |
Note: We do not store credit card numbers or bank account details. All payment processing is handled securely by PayPal.
2.6 Marketing Attribution Data
| Data | Purpose |
|---|---|
| Referrer URL | Understand how users find us |
| UTM parameters (source, medium, campaign) | Marketing campaign effectiveness |
| Affiliate codes | Partner attribution |
2.7 Third-Party Personal Data
When you add people to your Person Directory, you provide us with information about third parties (names, relationships, photos, phone numbers). You confirm that you have the right to share this information and, where necessary, have obtained consent from those individuals.
2.8 Audit and Compliance Data
| Data | Purpose |
|---|---|
| Audit logs (who, what, when) | Security, accountability, and legal compliance |
| Consent records | Demonstrate GDPR compliance |
| Consent change history | Track consent over time |
3. Purposes of Processing
We process your personal data for the following purposes:
3.1 Service Provision
- Create and manage your account
- Provide core app functionality (memories, reminders, person directory)
- Manage medication schedules and send reminders
- Send notifications you have subscribed to
- Synchronize data across your devices
3.2 Security and Fraud Prevention
- Authenticate users and prevent unauthorized access
- Detect and prevent fraudulent activity
- Maintain security audit logs
- Protect the integrity of our systems
3.3 Payment Processing
- Process subscription payments via PayPal
- Manage subscription lifecycle (trials, renewals, cancellations)
- Generate invoices and payment receipts
3.4 Communication
- Send service-related emails (password reset, account verification)
- Respond to support requests
- Notify you of important service changes
3.5 Service Improvement
- Analyze usage patterns to improve the service
- Debug technical issues
- Develop new features
3.6 Legal Compliance
- Comply with legal obligations (tax, accounting)
- Respond to lawful requests from authorities
- Enforce our Terms of Service
- Protect our legal rights
4. Legal Basis for Processing
Under GDPR, we must have a valid legal basis for processing your personal data. The legal bases we rely on are:
4.1 Contract Performance (Art. 6(1)(b) GDPR)
Processing necessary to provide the service you requested:
- Account creation and management
- Core service functionality
- Payment processing
- Customer support
4.2 Consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)
Processing based on your explicit consent:
- Health data (medication information) - requires explicit consent
- Push notifications
- Marketing communications (if applicable)
- Non-essential cookies and analytics
You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
4.3 Legitimate Interest (Art. 6(1)(f) GDPR)
Processing necessary for our legitimate interests, balanced against your rights:
- Security and fraud prevention
- Service improvement and analytics
- Enforcing our Terms of Service
4.4 Legal Obligation (Art. 6(1)(c) GDPR)
Processing necessary to comply with legal obligations:
- Tax and accounting records
- Responding to lawful requests from authorities
- Data retention requirements
5. Data Recipients
We may share your personal data with the following categories of recipients:
5.1 Service Providers
| Provider | Purpose | Location |
|---|---|---|
| PayPal | Payment processing | EU/US |
| Cloud hosting provider | Infrastructure and data storage | EU |
| Email delivery service | Transactional emails | EU |
| Analytics provider (if enabled) | Usage analytics | EU |
5.2 Caregivers (Family Members)
If you are a primary user, your caregivers (family members you have authorized) can access your memories, medication schedules, and related data. This sharing is based on your consent and the nature of the care relationship.
5.3 Legal Authorities
We may disclose data to law enforcement or regulatory authorities when required by law or to protect our legal rights.
5.4 No Sale of Personal Data
We never sell your personal data to third parties.
6. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Certification mechanisms (e.g., EU-US Data Privacy Framework)
You can request information about specific safeguards by contacting us.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described. Specific retention periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Recovery period |
| Memories and content | Until account deletion | Core service data |
| Medication data | Until deletion or account closure | Health data - user controlled |
| Payment records | 10 years | Tax and legal requirements |
| Audit logs | 2 years | Security and compliance |
| Consent records | 5 years after withdrawal | Demonstrate compliance |
| Session data | 30 days (user) / 10 years (caregiver) | Persistent login functionality |
| Email logs | 90 days | Delivery troubleshooting |
8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
8.1 Right of Access (Art. 15 GDPR)
You can request confirmation of whether we process your personal data and receive a copy of all data we hold about you.
8.2 Right to Rectification (Art. 16 GDPR)
You can request correction of inaccurate personal data or completion of incomplete data.
8.3 Right to Erasure (Art. 17 GDPR)
You can request deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent is the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data was processed unlawfully
8.4 Right to Restriction (Art. 18 GDPR)
You can request limitation of processing while we verify the accuracy of your data or evaluate objection requests.
8.5 Right to Data Portability (Art. 20 GDPR)
You can request your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and have it transmitted to another controller.
8.6 Right to Object (Art. 21 GDPR)
You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
8.7 Right to Withdraw Consent (Art. 7(3) GDPR)
Where processing is based on consent, you can withdraw consent at any time. This includes consent for health data processing.
8.8 Right to Lodge a Complaint
You have the right to file a complaint with a supervisory authority if you believe your data protection rights have been violated. In Italy, the supervisory authority is:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma
www.garanteprivacy.it
8.9 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@thisdaywithyou.com
- Through the app settings (where available)
We will respond within 30 days. This period may be extended by two months for complex requests. We will inform you of any extension within the first 30 days.
9. Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
9.1 Technical Measures
- Encryption in transit (TLS/HTTPS) and at rest
- Password hashing using bcrypt with strong work factors
- Secure token handling (SHA-256 hashing for sensitive tokens)
- Role-based access controls
- Security audit logging
- Regular security backups
- Regular security updates and patches
9.2 Organizational Measures
- Data minimization principles
- Need-to-know access policies
- Regular security reviews
- Incident response procedures
10. Special Categories of Data
10.1 Health Data (Medication Information)
Medication data (names, dosages, schedules, adherence records) constitutes health data under GDPR Article 9. We process this data only with your explicit consent, which you provide when you activate the medication tracking feature.
Health data receives enhanced protection:
- Encrypted storage
- Restricted access controls
- Detailed audit logging
- Right to delete at any time
10.2 Third-Party Personal Data
When you add information about other people (Person Directory), you are providing us with third-party personal data. You confirm that:
- You have the right to share this information
- Where required, you have obtained their consent
- The information is accurate to your knowledge
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Medication reminders and notifications are automated but do not constitute automated decision-making under GDPR Article 22.
12. Cookies and Tracking Technologies
We use cookies and similar technologies for essential service functionality and, with your consent, for analytics. For detailed information, please see our Cookie Policy.
13. Children's Privacy
Our service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us so we can delete it.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:
- We will notify you via email or in-app notification
- The "Last updated" date will be revised
- Previous versions will be archived and available upon request
Continued use of the service after changes constitutes acceptance of the updated policy.
15. Contact Us
For questions about this Privacy Policy or to exercise your rights:
ThisDayWithYou - Privacy
Email: privacy@thisdaywithyou.com
We aim to respond within 30 days.
Last updated: January 2026