← Back to Kindle
Data Safety Effective: 1 May 2026

Data Safety

A plain-language summary of what Kindle collects, why, and how to control it. Required by the Google Play Store; useful for everyone.

1. Data we collect

Kindle collects only what is needed to deliver the product. The full breakdown:

Personal info

  • Name & email — for account and authentication. Required.
  • Profile photo — optional, displayed only in your workspace.

Contacts

  • Contacts you save (names, titles, companies, emails, phone numbers, notes) — to deliver the core relationship intelligence feature.
  • Address book sync — optional. We read names and emails to suggest matches inside Kindle. Disabled by default.

Audio & photos

  • Voice recordings — captured only when you tap record. Microphone permission requested at that moment.
  • Photos — captured only when you scan a business card. Camera permission requested at that moment.

Files & docs

  • Notes & transcripts — content you create, or AI-generated from your audio. Encrypted at rest.

Calendar

  • Events — read only when you connect Outlook or Google. Used to power Whisper Brief.

App activity & performance

  • Crash reports — anonymised, used to fix bugs.
  • Diagnostics — anonymised performance telemetry.

What we do NOT collect

  • Precise GPS location
  • Health, fitness, or biometric data
  • Financial account numbers
  • Browsing history outside the app
  • Advertising IDs (IDFA, GAID) for tracking
  • Race, religion, sexual orientation, political opinions, or other sensitive categories

2. Data shared with third parties

We do not sell, rent, or share your personal data for advertising. Data is shared only with infrastructure providers under contract (sub-processors), only as needed to run the service.

ProviderPurposeData shared
AWSEncrypted storageEncrypted content (we hold the keys)
Auth0Sign-in & SSOEmail, hashed credentials
StripePayments (direct subs)Billing details only
Apple / GoogleApp Store billingPer their policies
SendGridTransactional emailEmail + message content

The full sub-processor list is in our Privacy Policy.

3. Security practices

  • Encryption in transit — TLS 1.3 for all network traffic.
  • Encryption at rest — AES-256 for all stored content.
  • On-device processing — audio recording and transcription happen on your device.
  • Enterprise infrastructure — Team and Enterprise customers can run AI on their own servers.
  • Multi-factor authentication — available for all accounts.
  • SOC 2 Type II — audit in progress.

4. Request data deletion

You can delete data at three levels:

  • Single item — delete a contact, meeting, or transcript inside the app. Goes to a 30-day trash bin, then permanently erased.
  • All your content — Profile → Privacy → Erase All Content. Permanent within 24 hours.
  • Your entire account — Profile → Delete Account. Permanent within 24 hours, including backups within 30 days.

If you cannot access the app, email privacy@dayko.ai with your registered email and we will process the request within 30 days.

5. Read the full policy

This page is a summary. The complete Privacy Policy covers legal basis, data residency, retention schedules, your full rights, and international transfers in detail.

Privacy Policy

Read in full →

Privacy questions

privacy@dayko.ai