Privacy Policy
Last updated: May 18, 2026
Your privacy matters. This policy explains what data we collect, why, on which legal bases, and what rights you have under Brazil's LGPD (Law 13.709/2018) and equivalent regulations.
1. Controller and DPO
The controller of your personal data is the legal operator of DailyAnima. Full controller identification (legal name, tax ID, and address) is available on request at privacidade@dailyanima.com. Our Data Protection Officer (DPO) under LGPD Art. 41 can be reached at the same address. General questions: hello@dailyanima.com.
2. Data we collect
Account data: email, name, and profile picture (if you sign in with Google). Notebook data: generated reflections, mood you share, spiritual tradition, optional name, language and font preferences. Technical data: error logs (Sentry), IP address and user agent on sign-in attempts (email stored only as an irreversible hash for abuse prevention). Audience measurement (Google Analytics) only if you consent in the cookie banner.
3. Legal bases and purposes
Contract performance (LGPD Art. 7(V)): authentication, generating and storing devotionals, credits, and history. Consent (Art. 7(I) and Art. 11(I)): sensitive notebook data and analytics cookies. Legitimate interest (Art. 7(IX)): security, fraud prevention, and technical improvement, with minimal privacy impact. We do not sell your data or use your reflections to train AI models.
4. Processors (sub-processors)
We share data only with operators that help us deliver the service, under contract or equivalent terms: Neon (database, USA), Render (API, USA), Google Cloud Run (web app, USA), Google (OAuth and Gemini API for text generation, USA), Resend (transactional email, USA), Sentry (error monitoring, USA), and Google Analytics (audience measurement, if consented, USA). We do not allow these operators to use your data for their own marketing.
5. International transfers
Some operators process data outside Brazil, mainly in the United States. In those cases we rely on LGPD Art. 33 safeguards such as standard contractual clauses or equivalent mechanisms offered by vendors. Text sent to the Gemini API (including mood, tradition, and optional name) is processed in the USA only to generate your reflection at that moment.
6. Retention
We keep notebook and account data while your account is active. Security logs (sign-in attempts) are kept for up to 90 days. After account deletion, we remove or anonymize personal data within 30 days unless a longer retention period is required by law.
7. Your rights
You may request confirmation of processing, access, correction, portability, anonymization, blocking, deletion, information on sharing, and withdrawal of consent. Contact privacidade@dailyanima.com. We respond within 15 days, extendable by another 15 with justification, as per LGPD Art. 18(5).
8. Cookies and similar technologies
Necessary (no consent): authentication session cookie and language cookie (NEXT_LOCALE). Analytics (consent required via banner): Google Analytics. Error monitoring: Sentry (legitimate interest in security and stability), with automatic redaction of devotional content before upload. You can change analytics cookies anytime via the "Manage cookies" link in the site footer or at the end of this policy.
9. Security and incidents
We apply technical and organizational measures proportionate to the risk (encryption in transit, access controls, secrets in managed vaults). If a security incident is likely to pose relevant risk or harm to data subjects, we will notify Brazil's ANPD and affected users as required by LGPD Art. 48.
10. Children
DailyAnima is not intended for anyone under 18. If we learn that an account was created in breach of this rule, we will delete the associated data.
11. Changes
We may update this policy as the product evolves. The date of the last update will always appear at the top of this page. For material changes, we may ask you to confirm acceptance the next time you sign in.