Privacy Policy

Last updated: April 2026

1. Introduction

DayOne is operated by NxtStop LLC, a New Jersey limited liability company ("DayOne," "we," "us," or "our"). We are committed to protecting your privacy and safeguarding your personal and wellness-related information.

This Privacy Policy explains how we collect, use, store, and share information when you use our mobile application and related services (the "Service").

By using DayOne, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

Important: The Service is intended for U.S. residents only.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Authentication method (email/password or Apple Sign-In)
  • Password (stored using industry-standard hashing and security practices)

2.2 Health, Fitness, and Wellness Data

When you use DayOne, you may provide or generate information such as:

  • Profile and onboarding details (e.g., name, goals, biometrics you choose to enter, activity preferences)
  • Food and nutrition information, including photos you scan or upload, meal names, estimated calories and macros, ingredients, and timestamps
  • Workout and exercise logs, plans you start or save, and related activity
  • Progress data such as weight entries, progress photos, streaks, and achievements
  • Images or inputs from optional features (e.g., body-related scans) when you choose to use them
  • Optional data from Apple Health (e.g., step counts) if you grant permission in the app or system settings

AI-powered features: If you use AI food photo analysis or the optional AI body scan, the images you submit and related text instructions (prompts) are sent to OpenAI via its API so the app can return nutrition estimates or fitness-oriented insights. This happens only when you start those features. See Section 5.

Subscriptions and in-app purchases (including creator plans) are processed through Apple In-App Purchase. Apple handles payment information; we receive purchase status and identifiers needed to unlock features, not your full card details.

2.3 Device and Usage Information

We collect certain information automatically, including:

  • Device type, model, operating system
  • Unique device identifiers
  • IP address (used for approximate location)
  • App interaction data (features accessed, screens viewed)
  • Crash reports and performance diagnostics (via Firebase)

2.4 User-Provided Information

You may provide additional data within the app, such as:

  • Goals, preferences, and profile fields you edit
  • Text you enter (e.g., captions, meal notes, or community content where those features exist)
  • Creator or community interactions you choose to participate in

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Operation

  • Provide and maintain the Service
  • Store and display your meals, workouts, progress, and related wellness data
  • Power features such as food analysis, plans, challenges, and creator content you access (food analysis and optional body scan use third-party AI as described in Section 5)
  • Process subscriptions and entitlements through Apple’s systems
  • Sync user data across devices when you sign in

3.2 Security and Fraud Prevention

  • Authenticate users
  • Detect unauthorized access
  • Protect the integrity of the Service

3.3 Analytics and Improvement

  • Understand how users interact with the app
  • Improve features, performance, and user experience
  • Monitor system usage and troubleshoot issues

3.4 Communication

  • Send transactional emails (account updates, security alerts)
  • Provide customer support

3.5 Legal and Compliance

  • Comply with applicable laws and regulations
  • Respond to lawful requests for information

We do not:

  • Sell your personal information
  • Use your wellness or health-related data for third-party advertising
  • Share your personal information except as described in this policy

4. Data Security

We use industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS)
  • Secure storage within Firestore/Cloud Storage
  • Restricted internal access based on role
  • Monitoring for unauthorized access

While we work to protect your information, no storage system or transmission method is completely secure, and we cannot guarantee absolute security.

5. Third-Party Service Providers

We use third-party providers to operate and improve the Service. These providers access only the data necessary for their specific functions:

  • Firebase (Google) — Authentication, analytics, crash and performance monitoring, Firestore database, and cloud storage for app data and media you upload.
  • Google — Sign in with Google when you choose that sign-in method.
  • Apple — Sign in with Apple, In-App Purchase and subscription validation, and Apple Health data when you connect it.
  • UXCam — Product analytics and session insights to help us understand how the app is used and fix issues.
  • OpenAI — When you use AI food photo analysis or the optional AI body scan, we send the images you choose and text prompts (instructions to the model) to OpenAI’s API so the app can show you nutrition estimates or body-scan style fitness insights in the app. Processing occurs only when you use those features. OpenAI acts as a subprocessor under its API terms and policies. We do not use this for third-party advertising.

All third-party providers are contractually required to protect your information and use it only for authorized purposes.

6. Data Sharing

We do not sell or rent your personal information. We may share information only in the following circumstances:

6.1 With Service Providers

To operate the Service (see Section 5).

6.2 With Your Consent

When you explicitly authorize data sharing.

6.3 Legal Compliance

To comply with applicable laws, regulations, court orders, or government requests.

6.4 Protection of Rights

To protect the rights, property, or safety of DayOne, our users, or others.

6.5 Business Transfers

If NxtStop LLC is involved in a merger, acquisition, or asset sale, we may transfer your information as part of that transaction. You will be notified before your personal data becomes subject to a different privacy policy.

6.6 Aggregated or Anonymized Data

We may share aggregated data that cannot identify any individual user.

7. Your Privacy Rights

7.1 General Rights

You may request:

  • Access to personal information we hold
  • Correction of inaccurate information
  • Deletion of your account and associated data
  • Export of your data in a machine-readable format
  • Opt-out of marketing communications (we currently do not send marketing emails)

To exercise these rights, email: [email protected]

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights, including:

  • The right to know what categories of personal information we collect
  • The right to request deletion of personal information
  • The right to non-discrimination for exercising privacy rights

We do not sell or share personal information as defined under the CCPA.

7.3 Users Outside the United States

The Service is intended only for users located in the United States. We do not offer the Service to individuals in the European Economic Area (EEA), United Kingdom, or other regions with separate privacy requirements.

8. Data Retention

We retain personal information only as long as necessary to:

  • Operate the Service
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

When you delete your account, we delete or anonymize your personal information within a reasonable period, except where retention is legally required.

9. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect data from children under 18.

10. Location of Data

We primarily store Service data in the United States (e.g., Firebase). Certain features may involve subprocessors (such as OpenAI for optional AI analysis) that process content according to their own terms and infrastructure, which may include processing outside the United States. See Section 5.

11. Tracking Technologies

We use limited tracking technologies for Service functionality and analytics:

  • Firebase Analytics
  • Device-level identifiers

We do not use advertising trackers or sell tracking data. Users may manage permissions through device settings, but disabling analytics may affect app performance monitoring.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When changes are made:

  • We update the "Last updated" date
  • We notify users of material changes via email or in-app notification

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or requests related to this Privacy Policy, contact us at:

[email protected]

We will respond within a reasonable timeframe.