Privacy Policy for ShineDay

This Privacy Policy explains how ShineDay ("ShineDay", "we", "us", "our") collects, uses, discloses, and protects personal information when you use the ShineDay Android application and related features.

This policy applies globally and includes disclosures relevant to users in the EEA/UK (GDPR) and California (CCPA/CPRA).

We collect information from three main sources: information you provide, information generated by your use of the app, and information provided by integrated services.

2.1 Information You Provide or Create in the App

• Habit and check-in data (for example: habits, records, check-in status, check-in notes, counters).
• Productivity and planning data (for example: tasks, wish list, redemption history, reminders).
• Card-related data (for example: collected cards, card notes).
• User profile data stored locally (for example: nickname, avatar URL, linked account status).
• App settings and preferences stored locally through mechanisms such as Room, DataStore, and SharedPreferences.
• Optional exported data when you export CSV files (saved to a location you select).
• Feedback content you send via your email app. The in-app feedback email template may prefill technical context such as Android version and app version information.

2.2 Account and Sign-In Information

If you use Google Sign-In / Firebase Authentication, we may process:

• Google/Firebase user ID (uid).
• Display name.
• Profile photo URL.

These fields are used to update local account linkage fields such as openId, openNickname, and avatarUrl.

2.3 Cloud Backup Information

If you are logged in and eligible for cloud backup, and you choose to use backup features, ShineDay may back up selected app data to your Google Drive appDataFolder, including:

• Habits.
• Periods/contexts.
• Records.
• Cards.

2.4 Purchase and Subscription Information

For membership purchase and restoration, ShineDay uses Google Play Billing. We may process billing-related status information such as purchase state, product identifiers, and purchase tokens as provided by Google Play Billing APIs.

2.5 Technical and Usage Information from Service Providers

We integrate Firebase services (including Analytics, Crashlytics, Performance Monitoring, Remote Config). These services may process technical and usage data, including crash diagnostics, performance metrics, app instance/installation identifiers, and device/app metadata, according to their own privacy terms.

2.6 Network Requests

To load daily card content, ShineDay sends requests to our backend endpoint /v1/common/card with fields such as cardDate and request timestamp (gmtRequest).

2.7 Permissions

ShineDay currently requests:

• INTERNET (network communication).
• POST_NOTIFICATIONS (daily reminders and notification delivery).

We use information to:

• Provide core app features (habit tracking, reminders, tasks, cards, statistics).
• Authenticate users and maintain account linkage status.
• Enable cloud backup and data recovery through Google Drive.
• Process purchases, restore membership status, and manage premium access.
• Generate exports requested by you (for example, CSV).
• Improve app quality, reliability, and performance (including crash and performance analysis).
• Respond to support or feedback requests.
• Maintain security, prevent abuse, and comply with legal obligations.

For users in the EEA/UK, we rely on one or more of the following legal bases:

• Contract: To provide requested app functions (account sign-in, backup/recovery, paid membership features).
• Legitimate Interests: To maintain service reliability, security, product diagnostics, and improvement.
• Consent: Where required by law, including notification permission and certain optional processing choices.
• Legal Obligation: To comply with applicable laws, regulations, and legal requests.

We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.

We may share information with:

• Google Firebase (authentication, analytics, crash, performance, remote config functions).
• Google Play (billing and purchase validation/restore functions).
• Google Drive (user-initiated or user-enabled cloud backup/recovery).
• Our backend service provider for card content delivery (/v1/common/card).
• Email providers/apps when you choose to send feedback email.
• Legal or regulatory authorities when required by law.

Because ShineDay uses global service providers (such as Google services), your information may be processed in countries outside your place of residence. Where required, such transfers are handled under applicable legal safeguards provided by those service providers.

We retain data for as long as needed for the purposes described in this policy, including:

• Local app data: Retained on your device until you delete data, clear app data, or uninstall.
• Cloud backups (Google Drive appDataFolder): Retained until deleted from your Google Drive storage.
• Account linkage/profile fields: Retained until unlinked/reset or otherwise removed.
• Billing, diagnostics, and analytics data: Retained according to applicable provider retention settings and legal requirements.
• Feedback emails: Retained according to normal support handling needs.

Depending on your jurisdiction, you may have rights to:

• Access personal information.
• Know categories/sources/purposes of processing and disclosure.
• Request correction of inaccurate information.
• Request deletion of personal information (subject to legal exceptions).
• Object to or restrict certain processing (GDPR contexts).
• Request data portability (GDPR contexts).
• Withdraw consent where processing is based on consent.
• Non-discrimination for exercising privacy rights.

For California users, ShineDay does not sell personal information and does not share personal information for cross-context behavioral advertising.

To exercise rights, contact us at: myshineday@gmail.com.

ShineDay provides in-app account deletion/unlinking controls.

• If you delete your linked account in-app, we will process account deletion/reset actions available through integrated authentication services and local profile linkage.
• Local content data and cloud backup files may require separate user actions to remove, depending on where the data is stored (device storage or Google Drive).
• You may also request assistance by contacting myshineday@gmail.com.

ShineDay is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us and we will take appropriate steps.

We use reasonable technical and organizational measures to protect personal information. For example, network communications with service endpoints are designed to use secure transport where supported. However, no method of transmission or storage is completely secure.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" and may provide additional notice in-app where appropriate.

If you have questions, requests, or concerns about this Privacy Policy or ShineDay privacy practices, contact:

• ShineDay Team
• Email: myshineday@gmail.com