Last updated: 22 June 2026

1. Who We Are

Daibrief is operated by Martin Bjørn (“we,” “us,” or “our”). We are the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Martin Bjørn / Daibrief Address: Elmehøj 7, Brøndby 2605, Denmark Email: support@daibrief.com Phone: +45 31 37 98 68

2. What This Policy Covers

This Privacy Policy explains what personal data we collect when you use the Daibrief app (“App”), why we collect it, how we use and protect it, and what rights you have over it.

Daibrief is an AI-powered productivity briefing app. To generate your personalised daily briefing, your work data is processed by an AI system. This policy explains clearly what data is involved, who processes it, and on what basis.

We are committed to handling your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish data protection law.

This Privacy Policy should be read together with our Terms of Use, which govern your use of the App. Terms of Use

3. Is It Mandatory to Share Your Data With Us?

As a general rule, you are not obliged to share your personal data with us. However, if you choose not to provide certain data, we may in some cases be unable to fulfil our obligations or provide you with the services you have requested.

Where the provision of data is required — whether as a legal or contractual requirement, or a requirement necessary in order to enter into a contract — we will inform you separately of this, specify which data we require from you, and explain the consequences of not providing it.

4. What Data We Collect

We collect the following categories of personal data:

Account data

• Your name and email address, provided when you create an account

Work and productivity data

• Time check-ins: when you start and end work sessions

• Project tags and work tags: labels you apply to categorise your work

• Work hours and working day configuration: your scheduled hours and working days

• Free-text notes or descriptions you enter within the App

Notification data

• Your device’s push notification token, used solely to deliver your daily briefing at the time you configure

Usage and analytics data

• Anonymised event data about how you interact with the App (e.g. screens visited, features used, session length)

• Crash reports and error logs, used to identify and fix technical issues

Subscription and payment data

• Your subscription status and tier (e.g. free, monthly, annual)

• Transaction identifiers provided by Apple and RevenueCat

• We do not collect or store your payment card details — these are handled entirely by Apple

Where you use voice to enter notes or descriptions, text is captured using your device’s built-in (Apple) dictation feature. The App does not record, access, or store any audio — it receives only the transcribed text, which is then handled as described in this policy. Voice processing is performed by Apple and is governed by Apple’s own privacy policy.

We do not collect your precise location, contacts, camera, microphone, or any sensitive personal data as defined by GDPR Article 9.

5. How We Use AI to Generate Your Briefing

Daibrief uses OpenAI’s API to generate your personalised daily productivity briefing. This is a core function of the Service.

What data is sent to OpenAI: When you request or receive a daily briefing, the following data is transmitted to OpenAI’s API to generate your summary:

• Your time check-in data

• Your project and work tags

• Your configured work hours and schedule

• Any free-text notes or descriptions you have entered

What OpenAI does with this data: OpenAI processes this data solely to generate your briefing and return the result to the App. We use the OpenAI API under terms that opt your data out of being used to train OpenAI’s models. OpenAI does not use your data to improve their AI systems.

OpenAI is a US-based company. Data sent to OpenAI is transferred to the United States. This transfer is covered by Standard Contractual Clauses under GDPR Article 46(2)(c), and OpenAI provides a Data Processing Addendum for API customers.

OpenAI Privacy Policy: https://openai.com/privacy OpenAI API data usage: https://openai.com/policies/api-data-usage-policies

6. Why We Collect Your Data and Our Legal Basis

Under GDPR, we must have a lawful basis for each type of processing we carry out:

Purpose Data used Legal basis Creating and managing your account Name, email Performance of a contract (Art. 6(1)(b)) Delivering your AI-powered briefing Work data, tags, free-text notes Performance of a contract (Art. 6(1)(b)) Sending your daily briefing notification Notification token Performance of a contract / consent (Art. 6(1)(b)/(a)) Processing your subscription Subscription status, transaction IDs Performance of a contract (Art. 6(1)(b)) Improving App performance and fixing bugs Anonymised analytics, crash logs Legitimate interests (Art. 6(1)(f)) Complying with legal obligations Any data as required Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have assessed that our interest in improving the App does not override your rights or interests, given that the data used is anonymised before analysis.

Where we rely on consent (push notifications), you can withdraw your consent at any time by disabling notifications in your device settings. Withdrawal of consent does not affect the lawfulness of prior processing.

7. How We Share Your Data

We do not sell your personal data. We do not share it with advertisers.

We share data only with the following third-party service providers, and only to the extent necessary for them to provide their services:

OpenAI

Used to generate your daily productivity briefings. See section 5 for a full explanation of what data is sent, how it is used, and the legal basis for the transfer.

OpenAI Privacy Policy: https://openai.com/privacy

Supabase

We use Supabase to host our database and manage user authentication. Your account data and work data are stored on Supabase infrastructure.

Current data location: EU West (Frankfurt, Germany)

Supabase Privacy Policy: https://supabase.com/privacy

PostHog

We use PostHog to collect anonymised analytics data about how users interact with the App. Data sent to PostHog does not include your name, email address, or any work content, and cannot be used to directly identify you. We use PostHog EU (eu.posthog.com) — data is stored within the EU.

Current data location: EU (eu.posthog.com)

PostHog Privacy Policy: https://posthog.com/privacy

RevenueCat

We use RevenueCat to manage in-app subscription logic, including validating purchases and tracking subscription status. RevenueCat receives your App Store transaction identifiers and subscription status.

RevenueCat is a US-based company. Data transfers to RevenueCat are covered by Standard Contractual Clauses.

RevenueCat Privacy Policy: https://www.revenuecat.com/privacy

Apple

Your in-app purchases are processed by Apple. Delivery of push notifications is handled via Apple Push Notification Service (APNs). Apple acts as an independent data controller for these transactions.

Apple Privacy Policy: https://www.apple.com/legal/privacy/

Law Enforcement and Public Authorities

Where we consider it to be required by law, or where it is necessary in connection with legal proceedings, we may share your personal data with local or foreign public authorities, supervisory authorities, law enforcement agencies, and courts. We do this where necessary to comply with our legal obligations, and where such sharing is necessary to establish, assert, or defend legal claims. In certain circumstances, for example, we may be required to report incidents to a supervisory authority.

Please note that we may also be required to disclose your personal data upon request of public authorities, including for the purposes of meeting national security or law enforcement requirements.

Business Transfers

If we sell or transfer assets, or are otherwise involved in a merger, acquisition, business transfer, or restructuring, we may share your personal data with one or more third parties in connection with such a transaction or restructuring. Any such sharing will take place where it is necessary to pursue our legitimate interest in the continuity of the business, or on the basis of your consent where required.

Legal Action and Protection of Rights

Your personal data may be used for legal purposes by us in court, or in the stages leading to possible legal action arising from improper use of the App or its related services. We may also share your personal data with third parties where we consider it necessary to pursue our or a third party’s legitimate interests in connection with law enforcement, legal proceedings, criminal investigations, protection of personal safety, or the prevention of death or serious bodily injury — unless we assess that such interests are overridden by your interests or fundamental rights.

8. International Data Transfers

We are based in Denmark and your data is primarily processed within the European Economic Area (EEA). Several of our service providers are based in the United States — specifically OpenAI and RevenueCat, and potentially Supabase. PostHog data is stored in the EU via eu.posthog.com.

For all transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46(2)(c) as the appropriate safeguard. Each of these providers offers a Data Processing Addendum covering SCCs for API and enterprise customers.

9. How Long We Keep Your Data

We retain your personal data for as long as your account is active, or as necessary to provide the Service. Specifically:

• Account data: Retained for the duration of your account. Deleted within 30 days of an account deletion request.

• Work and productivity data: Retained for the duration of your account. Deleted within 30 days of an account deletion request.

• AI briefing inputs: Data sent to OpenAI is not retained by OpenAI beyond the completion of the API request, in accordance with their API data usage policy.

• Analytics data: Anonymised data may be retained for up to 24 months for product improvement purposes. This data cannot be linked back to you.

• Subscription records: Retained for up to 7 years to comply with Danish accounting and tax obligations.

10. Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can ask us to correct inaccurate or incomplete data.

Right to erasure — You can delete your account and associated personal data at any time directly within the App, from the account settings screen. You may also ask us to delete your personal data by contacting us. We will comply unless we are legally required to retain certain records.

Right to restriction — You can ask us to stop actively processing your data while a dispute is resolved.

Right to data portability — You can request your data in a structured, machine-readable format.

Right to object — Where we process your personal data on the basis of a public interest, the exercise of official authority, or our legitimate interests (or those of a third party), you have the right to object to that processing at any time. To do so, you must provide a ground related to your particular situation that justifies the objection. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time and without providing any justification.

Right to withdraw consent — Where processing is based on consent (e.g. push notifications), you can withdraw at any time without affecting prior processing.

Rights in relation to automated decision-making — Your daily briefing is generated using AI. This is not automated decision-making that produces legal or similarly significant effects on you — it is a summarisation tool based on data you provide. However, if you have concerns about AI-generated output, you can contact us at the address below.

To exercise any of these rights, contact us at support@daibrief.com. We will respond free of charge and as early as possible and always within one month. We may ask you to verify your identity before fulfilling a request.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Danish data protection authority:

Datatilsynet Carl Jacobsens Vej 35, 2500 Valby Website: https://www.datatilsynet.dk Email: dt@datatilsynet.dk Phone: +45 33 19 32 00

11. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted data transmission (TLS), access controls, and secure authentication. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Given that your work data is transmitted to OpenAI to generate your briefing, we recommend you do not enter highly sensitive information (such as confidential business data, personal identification numbers, or financial details) in free-text fields within the App.

If you believe your account has been compromised, please contact us immediately at support@daibrief.com.

12. Children’s Privacy

The App is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a child under 16 has provided us with personal data, please contact us and we will take steps to delete it promptly.

13. Third Party Links

The App may contain links to third-party websites, services, or resources that are operated by parties other than us. This privacy policy applies only to the App and does not extend to any third-party websites or services. We have no control over the content, privacy practices, or security measures of any third-party websites or services, and we are not responsible for them.

If you follow a link to a third-party website or service, we recommend that you review the privacy policy and terms of use of that website or service directly. The fact that we link to a third-party website or service does not constitute an endorsement of that website, service, or its privacy practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes — including changes to the data we send to AI systems — we will notify you via email or an in-app notice at least 14 days before the changes take effect. The current version of this Privacy Policy will always be accessible within the App. The “Last updated” date at the top of this page will always reflect the most recent version.

Where any changes affect processing activities that are based on your consent, we will collect new consent from you where required before the changes take effect.

15. System Logs and Maintenance

For operation and maintenance purposes, the App and any third-party services used within it may collect files that record interactions with the App (system logs) and use other data, such as device identifiers, for this purpose. This data is used solely to ensure the proper functioning of the App, diagnose technical issues, and carry out maintenance activities.

16. Contact

For any questions, requests, or concerns about this Privacy Policy or your personal data, please contact:

Martin Bjørn / Daibrief Address: Elmehøj 7, Brøndby 2605, Denmark Email: support@daibrief.com Phone: +45 31 37 98 68