Privacy Policy

1. Introduction

Welcome to ADHDaily, a product of HULORA STUDIO ("we", "us", or "our"), an indie studio based in Poland. We are deeply committed to protecting your privacy and ensuring that your personal data is handled responsibly, transparently, and in full compliance with the European Union's General Data Protection Regulation (GDPR), the Polish Act on the Protection of Personal Data, and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the ADHDaily mobile application ("the App") and visit our website. By using our services, you acknowledge that you have read and understood this policy.

2. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or our data practices, you can reach us at the email address above.

3. What Data We Collect

We believe in data minimization — we only collect what is strictly necessary to provide our services. Here's what we may collect:

3.1 Data You Provide Voluntarily

• Contact Information: When you reach out via our contact form, we collect your name, email address, and message content so we can respond to your inquiry.
• Account Data: If you create an account within the App, we may collect your display name and email address for authentication purposes.
• User-Generated Content: Tasks, thoughts, focus session notes, and daily plans you create within the App. This data is stored locally on your device by default.

3.2 Data Collected Automatically

• Usage Analytics: Anonymous, aggregated usage data such as feature usage frequency, session duration, and app performance metrics. We use this to improve the App experience.
• Device Information: Operating system version, device model, screen resolution, and language settings — collected for compatibility and optimization purposes.
• Crash Reports: Anonymous crash logs that help us identify and fix bugs quickly.

3.3 Data We Do NOT Collect

• We do not collect your precise GPS location.
• We do not access your contacts, calendar, camera, or microphone.
• We do not collect health or biometric data.
• We do not sell, trade, or share your data with third-party advertisers.

4. How We Use Your Data

We process your data based on the following legal grounds and purposes:

• To provide and maintain the App: Processing your tasks, focus sessions, and thoughts to deliver core functionality (legal basis: contract performance).
• To respond to your inquiries: Using contact form data to reply to your messages (legal basis: legitimate interest).
• To improve our services: Analyzing aggregated, anonymized usage data to understand how features are used and identify areas for improvement (legal basis: legitimate interest).
• To send important updates: Notifying you about significant changes to the App, security alerts, or policy updates (legal basis: legitimate interest).
• To ensure security: Detecting and preventing fraud, abuse, or security incidents (legal basis: legitimate interest).

We will never use your data for automated decision-making or profiling that produces legal effects.

5. Data Storage and Security

5.1 Local-First Architecture

ADHDaily follows a local-first approach. Your tasks, thoughts, and personal data are stored primarily on your device. This means your most sensitive data never leaves your phone unless you explicitly choose cloud sync features (available in Pro).

5.2 Cloud Storage (Pro Users)

If you opt into cloud sync, your data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 encryption. Cloud data is stored on servers within the European Economic Area (EEA) to ensure GDPR compliance.

5.3 Security Measures

We implement industry-standard security measures including:

• End-to-end encryption for synced data
• Regular security audits and vulnerability assessments
• Strict access controls — only authorized personnel can access backend systems
• Secure coding practices following OWASP guidelines
• Automatic session timeouts and secure authentication mechanisms

6. Data Sharing and Third Parties

We do not sell your data. Period. We may share limited data with the following categories of service providers, strictly for operational purposes:

• Analytics Providers: We use privacy-focused analytics tools to collect anonymized usage data. No personally identifiable information is shared.
• Cloud Infrastructure: If you use cloud sync, your encrypted data is stored with trusted cloud providers within the EEA.
• Email Service (EmailJS): Contact form submissions are processed through EmailJS. Only the data you provide in the form (name, email, message) is transmitted.

We require all third-party service providers to comply with GDPR and maintain appropriate data protection measures. We do not transfer data outside the EEA unless adequate safeguards (such as Standard Contractual Clauses) are in place.

7. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

• Right of Access (Art. 15): You can request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
• Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): You can ask us to temporarily restrict processing of your data.
• Right to Data Portability (Art. 20): You can request your data in a structured, machine-readable format.
• Right to Object (Art. 21): You can object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at hulora.studio@gmail.com. We will respond within 30 days, as required by law.

8. Cookies and Tracking

Our website uses minimal cookies strictly necessary for functionality:

• Theme Preference: A local storage item that remembers your dark/light mode preference. This is not a tracking cookie.
• No Third-Party Cookies: We do not use advertising cookies, social media trackers, or any third-party tracking cookies on our website.

The ADHDaily mobile app does not use cookies.

9. Children's Privacy

ADHDaily is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal data, please contact us immediately at hulora.studio@gmail.com.

10. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• App Data (Local): Stored on your device until you delete it or uninstall the App.
• Cloud Sync Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Contact Form Data: Retained for up to 12 months, then permanently deleted.
• Analytics Data: Anonymized and aggregated — retained indefinitely as it cannot be linked back to individuals.

11. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). In cases where data must be transferred outside the EEA (e.g., certain cloud infrastructure or email services), we ensure that appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Additional technical and organizational measures as recommended by the EDPB

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you through the App or via email for significant changes
• Provide a summary of key changes

We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Poland, the relevant authority is:

We kindly ask that you contact us first so we can try to resolve any concerns directly.

14. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out to us: