Back to StackDaily

Privacy Policy

Last updated: April 26, 2026

1. Introduction

StackDaily ("StackDaily," "we," "our," or "us") is a health and productivity app available on the web and on iOS through the Apple App Store. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

By creating an account or using StackDaily, you agree to the practices described in this policy. If you do not agree, please do not use the app.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, name, and authentication credentials. If you sign in with Google, we receive your basic Google profile (name, email, profile picture) via OAuth.
  • Profile information: age, height, weight, biological sex, activity level, and health goals you share during onboarding.
  • Health and fitness data: nutrition logs, calories, steps, workouts, weight entries, habits, sleep notes, and any related notes you enter manually or capture via photo.
  • Productivity data: tasks, notes, calendar events, meeting notes, and CRM contacts you create inside the app.
  • Support communications: messages, attachments, and metadata when you email us or report a problem from the app.

2.2 Information from Third-Party Services You Connect

When you choose to connect an integration, we receive data from that service:

  • Apple HealthKit (iOS): the specific metrics you authorize, such as steps, active energy, weight, sleep, heart rate, and workouts. HealthKit data stays on your device unless you grant StackDaily permission to read it, and we never share HealthKit data with advertisers.
  • Fitbit: steps, calories burned, heart rate, sleep, weight, and activity metrics you authorize through Fitbit's OAuth flow.
  • Google: basic profile information for sign-in, plus calendar events if you connect Google Calendar.

You control which data is synced through Settings > Integrations, and you can disconnect any service at any time.

2.3 Information Collected Automatically

  • Device information (model, OS version, app version, language, time zone).
  • Device identifiers used by the iOS app, including the Apple Identifier for Vendors (IDFV) and the Apple Push Notification service (APNs) token used to deliver push notifications you opt in to.
  • Usage events and feature interactions used for product analytics and debugging.
  • Error logs and performance data (crash reports, latency, failed requests).
  • IP address and approximate location at the country / region level.

2.4 Payment Information

Subscription purchases on the web are processed by Stripe, and subscription purchases on iOS are processed by Apple and reconciled through RevenueCat. StackDaily does not receive or store your full payment card number, CVC, or bank account details. We retain only the information needed to manage your subscription (plan, status, renewal date, last four digits, country, and a processor identifier).

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the StackDaily app and related services.
  • Calculate health metrics such as BMR, TDEE, calorie targets, macro splits, and habit streaks.
  • Personalize dashboards, reminders, and insights for your goals.
  • Sync data between StackDaily and the third-party services you connect.
  • Power AI features you choose to use, including meal photo analysis, food parsing, workout coaching, and natural-language quick-add. The relevant prompt and any image you submit are sent to our AI provider for processing (see Section 5).
  • Send you account, billing, security, and service notifications.
  • Send optional product communications (such as the weekly digest, daily brief, and trial-ending reminders) that you can disable in Settings.
  • Respond to support requests.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with our legal obligations.

4. Data Sharing and Disclosure

We do not sell your personal information, and we do not share it with advertisers. We share information only in the following situations:

  • With service providers (subprocessors): the vendors listed in Section 5 who process data on our behalf under written contracts.
  • With your consent: when you explicitly authorize a connection or share.
  • For legal reasons: when required by law, subpoena, or other valid legal process, or to protect the rights, safety, or property of StackDaily, our users, or the public.
  • In a corporate transaction: in connection with a merger, acquisition, financing, or sale of assets, in which case we will notify you and continue to honor this policy.

5. Third-Party Processors

The following providers process StackDaily data on our behalf. Each is bound by a data processing agreement and only handles the data needed for its role.

  • Supabase: primary database, authentication, and file storage. All account, health, and productivity data is stored here under row-level security.
  • Google (OAuth): sign-in and, if you connect it, Google Calendar access.
  • Apple: App Store purchase processing, Sign in with Apple (where used), and delivery of push notifications via APNs.
  • RevenueCat: management and reconciliation of in-app subscription purchases.
  • Stripe: processing of web subscription payments.
  • Fitbit: retrieval of activity, sleep, and body metrics that you authorize.
  • Resend: delivery of transactional and product emails (account, billing, digests).
  • OpenAI: AI features such as meal photo analysis, food parsing, and natural- language quick-add. Prompts and images you submit are sent to OpenAI for inference. Per our agreement, OpenAI does not use this data to train its models.

Each provider has its own privacy policy. We encourage you to review them if you would like more detail on how they handle data.

6. Third-Party Integrations You Control

When you connect Apple HealthKit, Fitbit, or Google Calendar:

  • We only access the data you authorize through the integration's permission screen.
  • Data is synced according to the preferences you set in Settings > Integrations.
  • You can change permissions or disconnect at any time.
  • Disconnecting stops future syncing. You may also delete data that was previously synced from your StackDaily history.

7. Data Security

We use industry-standard safeguards to protect your information, including:

  • Encryption in transit using HTTPS / TLS.
  • Encryption at rest for the database and file storage.
  • Row-level security so each account can only read and write its own data.
  • Scoped service credentials, audit logging, and least-privilege access for our team.
  • Support for OAuth and biometric unlock on supported devices.

No system is perfectly secure. If we ever become aware of a security incident affecting your information, we will notify you as required by applicable law.

8. Data Retention

We keep your information for as long as your account is active and as needed to provide the service.

  • Account and profile data: retained until you delete your account.
  • Health, habit, and productivity data: retained until you delete the individual entries or your account.
  • Audit and security logs: retained for up to 90 days for security and debugging.
  • Billing records: retained as required by tax and accounting laws (typically up to 7 years).

You can delete individual entries (logs, weight, notes, contacts) at any time. Deleting your account removes your personal data from our active systems and from Supabase storage. Backups are purged on their normal rotation, generally within 30 days.

9. Your Rights and Choices

You have the right to:

  • Access: view and export your data from Settings.
  • Correction: update inaccurate information in your profile and logs.
  • Deletion: delete specific entries or your entire account from Settings.
  • Portability: request a copy of your data in a machine-readable format.
  • Withdraw consent: disconnect integrations or revoke push and HealthKit permissions at any time.
  • Opt out: turn off non-essential emails and push notifications in Settings.

Depending on where you live, you may also have additional rights under laws such as the GDPR (EEA / UK), CCPA / CPRA (California), or similar state laws. To exercise any right, use Settings or contact us at privacy@stackdaily.ai. We will respond within the timeframes required by applicable law.

10. Children's Privacy

StackDaily is not directed to children. You must be at least 13 years old to use StackDaily, or 16 if you are in the European Economic Area or the United Kingdom. We do not knowingly collect personal information from children below these ages. If we learn that we have, we will delete the data and the associated account.

11. International Data Transfers

StackDaily and its processors operate primarily in the United States. If you use the app from outside the U.S., your information will be transferred to and processed in the U.S. and other countries that may have different data protection laws than yours. We rely on appropriate safeguards (such as Standard Contractual Clauses, where applicable) to protect your information during these transfers.

12. Changes to This Policy

We may update this Privacy Policy as our app evolves. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the app or by email. Your continued use of StackDaily after the changes take effect means you accept the updated policy.

13. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact us at: