Privacy Policy

Last updated: February 2026

1. Introduction

DayOne is operated by NxtStop LLC, a New Jersey limited liability company ("DayOne," "we," "us," or "our"). We are committed to protecting your privacy and safeguarding your personal and financial information.

This Privacy Policy explains how we collect, use, store, and share information when you use our mobile application and related services (the "Service").

By using DayOne, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

Important: The Service is intended for U.S. residents only.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Authentication method (email/password or Apple Sign-In)
  • Password (stored using industry-standard hashing and security practices)

2.2 Financial Data

Through our integration with Plaid Inc., we collect financial information from accounts you choose to connect, including:

  • Account balances
  • Transaction data (amounts, merchants, dates)
  • Subscription and recurring charge information

We do not receive or store your bank login credentials. Plaid securely handles account authentication and provides us with read-only financial data.

Your use of Plaid is subject to Plaid's own privacy policy.

2.3 Device and Usage Information

We collect certain information automatically, including:

  • Device type, model, operating system
  • Unique device identifiers
  • IP address (used for approximate location)
  • App interaction data (features accessed, screens viewed)
  • Crash reports and performance diagnostics (via Firebase)

2.4 User-Provided Information

You may provide additional data within the app, such as:

  • Categories you set
  • Budgets you create
  • Notes or labels applied to transactions

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Operation

  • Provide and maintain the Service
  • Retrieve and display your financial data
  • Categorize transactions
  • Track budgets and subscriptions
  • Sync user data across devices

3.2 Security and Fraud Prevention

  • Authenticate users
  • Detect unauthorized access
  • Protect the integrity of the Service

3.3 Analytics and Improvement

  • Understand how users interact with the app
  • Improve features, performance, and user experience
  • Monitor system usage and troubleshoot issues

3.4 Communication

  • Send transactional emails (account updates, security alerts)
  • Provide customer support

3.5 Legal and Compliance

  • Comply with applicable laws and regulations
  • Respond to lawful requests for information

We do not:

  • Sell your personal or financial information
  • Use your financial data for advertising
  • Share your personal information except as described in this policy

4. Data Security

We use industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS)
  • Secure storage within Firestore/Cloud Storage
  • Restricted internal access based on role
  • Monitoring for unauthorized access

While we work to protect your information, no storage system or transmission method is completely secure, and we cannot guarantee absolute security.

5. Third-Party Service Providers

We use third-party providers to operate and improve the Service. These providers access only the data necessary for their specific functions:

  • Plaid Inc. — Connects to your financial institutions and provides read-only transaction and balance data.
  • Firebase (Google) — Authentication, analytics, crash and performance monitoring, Firestore database and cloud storage.
  • BrandFetch — Retrieves merchant logos and brand imagery for display within the app.

All third-party providers are contractually required to protect your information and use it only for authorized purposes.

6. Data Sharing

We do not sell or rent your personal information. We may share information only in the following circumstances:

6.1 With Service Providers

To operate the Service (see Section 5).

6.2 With Your Consent

When you explicitly authorize data sharing.

6.3 Legal Compliance

To comply with applicable laws, regulations, court orders, or government requests.

6.4 Protection of Rights

To protect the rights, property, or safety of DayOne, our users, or others.

6.5 Business Transfers

If NxtStop LLC is involved in a merger, acquisition, or asset sale, we may transfer your information as part of that transaction. You will be notified before your personal data becomes subject to a different privacy policy.

6.6 Aggregated or Anonymized Data

We may share aggregated data that cannot identify any individual user.

7. Your Privacy Rights

7.1 General Rights

You may request:

  • Access to personal information we hold
  • Correction of inaccurate information
  • Deletion of your account and associated data
  • Export of your data in a machine-readable format
  • Opt-out of marketing communications (we currently do not send marketing emails)

To exercise these rights, email: [email protected]

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights, including:

  • The right to know what categories of personal information we collect
  • The right to request deletion of personal information
  • The right to non-discrimination for exercising privacy rights

We do not sell or share personal information as defined under the CCPA.

7.3 Users Outside the United States

The Service is intended only for users located in the United States. We do not offer the Service to individuals in the European Economic Area (EEA), United Kingdom, or other regions with separate privacy requirements.

8. Data Retention

We retain personal information only as long as necessary to:

  • Operate the Service
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

When you delete your account, we delete or anonymize your personal information within a reasonable period, except where retention is legally required.

9. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from children under 18.

10. Location of Data

All data is processed and stored in the United States.

11. Tracking Technologies

We use limited tracking technologies for Service functionality and analytics:

  • Firebase Analytics
  • Device-level identifiers

We do not use advertising trackers or sell tracking data. Users may manage permissions through device settings, but disabling analytics may affect app performance monitoring.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When changes are made:

  • We update the "Last updated" date
  • We notify users of material changes via email or in-app notification

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or requests related to this Privacy Policy, contact us at:

[email protected]

We will respond within a reasonable timeframe.