Privacy Policy

Effective: 2026-07-08 · Version 2026-07-08

This policy explains what personal data PhriniDailies (part of the Phriniverse project, "the Service") processes, why, and the rights you have over it. We honor the EU General Data Protection Regulation (GDPR) for all users, wherever you are.

1. Who is responsible

The data controller is the Phriniverse project, operated by an individual entrepreneur registered in Georgia. Contact for anything privacy-related: sevenwallsfallgreat@gmail.com.

Your data is stored on servers located in Germany (EU) — see section 5.

2. What we process and why

Category Data Purpose / lawful basis (GDPR Art. 6)
Account & sign-in Email address, hashed password (never the password itself), Google account link if you use Google sign-in, active sessions with browser user-agent Providing your account and keeping it secure — contract (6(1)(b)); security — legitimate interest (6(1)(f))
Profile Username, display name, bio, avatar, timezone, day-start hour Your public handle and correct day boundaries — contract
Tasks & history Task titles, notes, checklists, schedules, and your completion history The core habit-tracking functionality — contract
Progress Points, XP, level, streaks, freeze tokens, badges Gamification features — contract
Consent records Which version of the Terms and this policy you accepted, when, from which IP address and browser Proof of acceptance — legal obligation (6(1)(c))
Technical logs Short-lived request logs Reliability and abuse prevention — legitimate interest

Public visibility is opt-in per item: only your username, display name, bio, avatar and the things you explicitly set to "public" appear on your public profile. We do not sell your data, we do not use it for advertising, and we do not profile you.

3. Cookies

We set only strictly necessary cookies — the ones required to log you in and keep the Service secure. None of them are used for analytics, advertising or cross-site tracking, so no cookie consent banner is required; this notice is provided for transparency.

Cookie Purpose
phrini_access Keeps you signed in (short-lived access token)
phrini_refresh Renews your session without re-entering your password
phrini_csrf Protects forms against cross-site request forgery
phrini_onboarding Carries your Google sign-up through the username step
phrini_oauth_state Secures the Google sign-in handshake

If we ever introduce analytics, we will use a cookieless tool or ask for your consent first.

4. Who processes data for us

We use these providers (sub-processors):

If this list changes, this policy gets a new version (see section 8).

5. Where your data lives

Application data is stored in Germany (EU). We do not transfer your personal data to third parties outside the arrangements listed in section 4. The operator may access the data from outside the EU for administering the Service; such access is protected by the same technical safeguards as the Service itself.

6. How long we keep data

7. Your rights

You can, at any time and free of charge:

The Service is not directed at children under 16.

8. Changes to this policy

This policy is versioned by its effective date. Material changes will be shown to you for review and acceptance the next time you use the Service, and your acceptance is recorded.


Questions: sevenwallsfallgreat@gmail.com