Privacy Policy
Last updated: 18 May 2026
7daily is built by MVCS ApS ("we", "us"). This policy describes what information the 7daily mobile and web applications (the "app") collect, how it's used, and the rights you have over it.
Short version. 7daily is local-first. If you never sign in, nothing you write leaves your device, ever. If you do sign in, your seven-item daily lists sync to a private space that only you can read. We don't run analytics, don't show ads, don't track you across apps or sites, and don't sell or share your data. Voice dictation never leaves your phone.
1. What we collect
If you don't sign in
Nothing. Your items live in a local database on your device (Room on Android, SwiftData on iOS, IndexedDB on the web). The app makes no network calls related to your content.
If you sign in
Sign-in is optional and only enables cross-device sync. Identity is provided by a third party (Google on Android, Apple on iOS, either on the web). We receive from them a stable user ID, your email address, and optionally your display name and avatar URL.
Once signed in, the items you create sync to our backend (Supabase). Each row is stamped with your user ID and protected by row-level security so only you can read or modify it. We, MVCS ApS, can technically reach the database for operational purposes (debugging, backups, abuse response), but we do not read user content as a matter of course and never share it with third parties.
What we never collect
- No analytics or telemetry SDKs.
- No advertising or tracking identifiers.
- No crash reporting to third parties.
- No contact uploads, no address-book scans.
- No voice recordings. Press-and-hold dictation uses on-device speech recognition only — audio never leaves your phone, and we never receive a transcript on the server unless you save the resulting item and you're signed in.
- No email lists, no newsletters.
2. Third parties
7daily relies on a small, deliberately short list of service providers:
- Google — identity provider for Google sign-in. Processed under Google's privacy policy.
- Apple — identity provider for Sign in with Apple. Processed under Apple's privacy policy.
- Supabase — hosts the Postgres database and authentication records when you sign in. Processed under Supabase's privacy policy. Data is stored in the EU.
- Apple App Store and Google Play — distribute the app and handle the one-time purchase. We see aggregate, anonymised sales reports in App Store Connect and Google Play Console, never individual customer data.
3. Permissions the app requests
The app asks for the following device permissions, each only when you use the related feature:
- Microphone: to dictate items by voice. Recognition runs on-device; audio is not transmitted.
- Notifications: to deliver the optional morning ritual reminder. Reminders are scheduled locally on your device.
You can revoke either at any time in your device's Settings. The app gracefully degrades without them.
4. How your data is stored
- Locally on your device, in the app's sandboxed database.
- If you sign in, on Supabase's managed Postgres infrastructure, hosted in the EU. Row-level security policies enforce that each row is only readable and writable by its owner.
- Soft-deleted items are retained as tombstones (a row
with a
deleted_attimestamp and no content) so deletions propagate to your other devices. These tombstones contain no item text.
5. Payments
7daily is a one-time purchase processed by Apple through the App Store (iOS) or by Google through Google Play (Android), under their respective standard billing rules. We never see your payment details.
6. Children's privacy
7daily is not designed for children under 13. We do not knowingly collect information about children.
7. Your rights
Under applicable data-protection law (including the EU General Data Protection Regulation), you have the right to access, correct, export, and delete personal data we hold about you.
- Access and export: if signed in, you can request an export of your items by emailing hello@7daily.app. We will respond within 30 days.
- Delete: you can delete individual items in the app at any time. To delete everything tied to your account, sign out (which wipes your synced items from local storage) and email us to remove the corresponding server-side records and authentication record. We will delete within 30 days.
- Complaints: you have the right to lodge a complaint with your local data-protection authority.
8. Changes to this policy
We may update this policy to reflect new features or legal requirements. Material changes will be announced on this page. The "Last updated" date at the top of this page always reflects the current version.
9. Contact
MVCS ApS
hello@7daily.app