1What Information We Collect
Account Information
To register an account, you must provide one of the following identifiers:
- Email Address: Used for account identification and password retrieval.
- Phone Number: Used for account identification (SMS verification is not currently supported; phone numbers serve purely as usernames).
- Nickname (Optional): Displayed within the application.
- Password: Encrypted using PBKDF2 (120,000 iterations, SHA-256) with a random salt before storage. We cannot read or retrieve your plaintext password.
Journal Content
Any content you actively create within your DayCard, including:
- Written text (diary text and messages)
- Voice recordings (audio files, uploaded directly to private storage)
- Pictures (photo moments, uploaded directly to private storage)
- AI-derived results, including daily summaries, mood tags, todo actions, and financial ledger items (derived from your inputs)
Usage Logs
- API Request Logs: Visited paths, HTTP response status codes, and response latency.
- Audit Logs: Records of account activities (registrations, logins, creation, edits, and deletions of contents).
Device Information
We do not actively collect hardware identifiers (such as UDID, IMEI, etc.). Server HTTP logs store IP addresses and User-Agent headers, which are used purely for security auditing and debugging.
2How We Collect Information
- Provided Directly by You: Information entered during registration and audio, text, or photos recorded/captured while journaling.
- Collected Automatically: Server HTTP request logs (IP, path, status, latency) that do not inspect or record request body parameters.
- Microphone Permission: Only accessed when you actively press and hold the voice recording button. Background listening is strictly prohibited.
- Camera/Photo Library Permissions: Only accessed when you actively select and upload a picture. Photos are uploaded directly to private cloud buckets.
We do not use tracking cookies, advertising SDKs, or behavioral analytics trackers (e.g. Firebase Analytics, Amplitude, etc.).
3How We Use Information
| Data Category | Purpose of Processing |
|---|---|
| Account Information | Authentication, password retrieval, critical service notices |
| Journal Text Content | Display, AI summary/todo/ledger extraction, periodic reports generation |
| Voice Recordings | Asynchronous transcription via Doubao ASR, client playback |
| Pictures | Display within your personal photo timeline (Moments) |
| API Logs | System performance monitoring, debugging, security auditing |
| Audit Logs | Account security tracing, dispute resolution |
4Audio & Microphone Data
Recording & Encrypted Upload
Once recording ends, your audio files are uploaded directly to our private object storage (MinIO) via HTTPS encryption. The upload utilizes a secure presigned PUT URL (valid for 180 seconds). The binary transmission does not pass through or get cached on our main application servers.
Asynchronous Transcription (ASR)
Audio files are securely submitted to Bytedance Doubao ASR (Automatic Speech Recognition) service for transcribing via a temporary, highly-restricted presigned GET URL (valid for 15 minutes). Once transcribed, only the plain text is preserved on our databases. No long-term audio data is stored on third-party speech servers.
Strict Access Control
Audio files are kept in private buckets with no public directory listing or reading permissions. Playback links are generated dynamically with a signed signature (valid for 60 minutes) to prevent malicious URL guessing.
Data Retention
- Audio FilesRetained until you delete the message, or 30 days after account deletion.
- Transcribed TextRetained as part of your DayCard; marked for deletion when you delete the message.
- ASR Processing LogsSubject to Doubao privacy policies; we do not retain third-party speech logs.
5Data Storage & Security
Transmission Encryption
All client-server communications are encrypted using secure HTTPS (TLS 1.2+), encompassing API payloads, voice streaming, and picture transmissions.
Password Protection
Passwords are irreversibly hashed using PBKDF2-SHA256 with 120,000 iterations and a unique salt. Even in the event of a database compromise, your plaintext password remains unreadable.
Object Access Control
Multimedia assets are isolated in secure buckets. All media reads utilize time-limited signed signatures.
Strict Tenant Isolation
Every SQL query incorporates explicit tenant isolation via user-id filtering to prevent unauthorized cross-user access.
Security Incident Response
In the event of a data breach, we will notify affected users within statutory timelines and immediately institute emergency containment procedures.
6Information Sharing & Disclosure
We never sell or lease your personal information or journal content to any third parties.
We may share your information under the following limited circumstances:
Core Service Fulfilment
Submitting temporary, secure audio links to Bytedance Doubao ASR for speech-to-text conversion (see Section 4) and submitting text to LLM endpoints to generate summaries and extract actions (see Section 7).
Legal Compliance
We may disclose your data if required to do so by applicable laws, regulations, or valid, enforceable judicial/administrative subpoenas. Unless legally prohibited, we will attempt to notify you prior to such disclosures.
Business Transfer
In the event of a merger, acquisition, or asset sale, user data may be transferred as a business asset. We will notify you in advance and ensure the acquiring entity assumes identical privacy obligations.
7Third-Party Services
| Service Provider | Purpose | Data Shared | Privacy Terms |
|---|---|---|---|
| Bytedance Doubao ASR | Speech-to-Text | Temporary, signed audio links | Volcengine Privacy Policy |
| LLM Providers (e.g. Gemini, Doubao) | AI summaries & extraction | Plain text diary entries | Provider Privacy Terms |
| Self-Hosted MinIO | Media Storage | Audio and picture assets | Self-hosted locally (No cross-border transfer) |
We mandate that these processors handle your data strictly within the scope required to execute these tasks, and prohibit them from using your personal diary entries for their commercial purposes (such as advertising, or their own LLM training).
8Data Retention & Deletion
| Data Category | Retention Period |
|---|---|
| Account Profile | Permanently deleted after the 30-day account deletion cooling-off period. |
| Journal Text Content | Soft-deleted upon item deletion; permanently wiped upon account deletion. |
| Audio Files | Marked for garbage collection upon item deletion; permanently wiped within 30 days of account deletion. |
| Photo Assets | Same as audio files. |
| AI Derived Metadata | Deleted in cascade with their parent DayCard or message. |
| API Logs | Retained for up to 90 days for security audits. |
| Audit Logs | Retained for up to 1 year, unless legally required to retain longer. |
9Your Privacy Rights
Depending on your jurisdiction (such as GDPR in the EU, CCPA in California), you have several rights regarding your personal information:
- Right to be Informed: Knowing how we collect and process your data (this policy).
- Right of Access: Reviewing your account profile and all journal content.
- Right to Rectification: Modifying or editing your messages directly in the app.
- Right to Erasure (Deletion): Deleting any message or permanently deleting your account.
- Right to Data Portability: Requesting an export of your diaries (contact us below).
- Withdraw Consent: Disabling system permissions (Microphone, Photos, Camera) in your iOS/Android system settings at any time.
To exercise any of these rights, please contact us via the details in Section 12. We will respond to your request within the statutory timeframe (typically within 30 days).
10Children's Privacy
Our services are intended for individuals who are at least 14 years of age. We do not knowingly collect personal data from children under 14. If you are a parent or guardian and discover that your child has registered an account without your consent, please contact us immediately, and we will promptly delete the account and its records.
Minors between 14 and 18 years old should use this service with the knowledge and consent of their parents or legal guardians.
11Policy Changes
We may update this Privacy Policy from time to time. When material updates are made, we will notify you through:
- A prominent pop-up notice or message when you open the application.
- Updating the "Last Updated" date at the top of this webpage.
We encourage you to review this policy periodically to stay informed about how we protect your information.
12Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:
- Email Supportsupport@twjob.cn
- Developer Portalhttps://record.twjob.cn