How is my journal data encrypted?

All journal entries are encrypted in transit using industry-standard TLS encryption and at rest using industry-standard encryption. Database backups are also encrypted with limited access controls.

Does Dayora sell my personal data?

No. We never sell your journal entries or personal information to third parties, advertisers, or data brokers.

How does magic link authentication work?

Magic link authentication eliminates passwords by sending a secure, time-limited login link to your email. This reduces the risk of credential theft and password database breaches.

Security

Q: How is AI processing secured?

We use industry-leading AI providers with strong security practices. All API requests are encrypted in transit and processed in secure environments. See our Privacy Policy for details on data usage.

Your journal is personal. We take every measure to keep it private and secure.

Our Security Commitment

Journaling requires trust. You're sharing your most personal thoughts, and we take that responsibility seriously. This page explains exactly how we protect your data, what security measures are in place, and what you can do to keep your journal secure.

Industry-Standard Encryption

All journal entries are encrypted in transit and at rest using bank-level encryption standards.

Secure Authentication

Magic link authentication eliminates password vulnerabilities and reduces the risk of credential theft.

Secure AI Processing

We use OpenAI's API to generate insights. All API requests are encrypted in transit and processed securely.

Regular Security Audits

We conduct regular security reviews and keep all dependencies updated with the latest security patches.

How We Protect Your Data

Data Encryption

In Transit: All data transmitted between your device and our servers uses industry-standard TLS encryption, the same security standard used by banks and financial institutions.

At Rest: Journal entries are stored in an encrypted database using industry-standard encryption.

Backups: Database backups are also encrypted and stored securely with limited access controls.

Authentication & Access Control

Magic Link Login: We use passwordless authentication via email magic links. No passwords means no password databases to breach and no forgotten password vulnerabilities.

Session Management: Sessions expire after a period of inactivity and use secure token-based authentication to prevent unauthorized access.

Account Isolation: Your data is strictly isolated from other users. Our database queries enforce user-level access controls at every layer.

Infrastructure Security

Cloud Provider: We host on Vercel and use Prisma Cloud for database management, both of which maintain SOC 2 compliance and industry-leading security standards.

Network Security: All services run behind firewalls with strict access controls. Only necessary ports are exposed, and all services use the principle of least privilege.

DDoS Protection: Our infrastructure includes DDoS mitigation and rate limiting to prevent service disruption.

AI & Third-Party Security

OpenAI Integration: We use OpenAI's API to generate insights and personalized content. All API requests are encrypted in transit and processed securely.

Limited Data Sharing: We only share the minimum necessary data with third parties (OpenAI for AI features). We never sell or share your journal entries with marketers, advertisers, or data brokers.

Email Service: We use Resend for transactional emails (magic links, summaries). They process emails securely but do not have access to your journal content.

Code & Application Security

Dependency Management: We regularly update all dependencies and monitor for known vulnerabilities using automated security scanners.

Input Validation: All user input is validated and sanitized to prevent SQL injection, XSS, and other common attacks.

Error Handling: Error messages never expose sensitive information or system details that could aid attackers.

What We Don't Do

We never sell your data

Your journal entries are yours. We don't monetize your personal information or share it with advertisers.

Limited data access

Our team may access journal entries for ongoing development, safety monitoring, and customer support. We treat your data with care and respect.

We don't share data without consent

We will never share your information with law enforcement or third parties without your consent, except when legally required (e.g., valid subpoena).

How You Can Stay Secure

While we handle security on our end, here are some best practices to keep your account secure:

Use a secure email: Your email is your login credential. Use a strong, unique password for your email account and enable two-factor authentication if available.
Don't share magic links: Magic link emails are like temporary passwords. Don't forward them or share them with anyone.
Log out on shared devices: If you access Dayora on a public or shared computer, always log out when finished.
Keep your device secure: Use a screen lock on your phone and laptop to prevent unauthorized physical access.
Report suspicious activity: If you notice anything unusual with your account, contact us immediately at human@dayora.ai.

Questions About Security?

We're committed to transparency about our security practices. If you have questions, concerns, or want to report a security issue, please contact us at human@dayora.ai.

For more information about how we handle your data, read our Privacy Policy and Terms of Service.

Security Disclosure

If you discover a security vulnerability, please report it responsibly to human@dayora.ai. We'll work with you to understand and address the issue promptly.

Your journal is safe with us

Start journaling with confidence knowing your data is encrypted, private, and secure.