DAYDUNGEON

Privacy Policy

Your data is your property. Read about how we secure your access credentials and protect your personal workspace.

1. Google Single Sign-On (SSO)

DayDungeon requests OAuth2 authorization to verify your identity. This allows us to personalize your character profile and secure your access credentials without storing sensitive passwords. We do not share your profile details with third parties.

2. Personal & Profile Data

We collect your email address, profile username, and Google avatar image URL to personalize your character profile. No password files are saved on our servers for Google-linked accounts, ensuring robust access credentials security.

3. Local State & Cache Cookies

We use browser local storage and cookies to cache your active dashboard themes, selected modes (Monk Mode, Creative, Balanced), active quest board views, and session authentication tokens to speed up page loads.

4. No Marketing Disclosures

Your focus and quest statistics are private. We do not sell, rent, or trade your productivity statistics or personal data to advertising networks. All data is processed strictly for habit-building calculations.

5. Payment Data & Razorpay Integration

Payment information is processed securely through Razorpay, a certified PCI-DSS compliant payment gateway. We do not store your credit card, debit card, or banking details. Razorpay handles all payment encryption and security protocols independently.

Payment Processing & Security

Subscription payments are processed through Razorpay, an industry-leading PCI-DSS Level 1 certified payment processor. We do not have direct access to your payment card details, bank account information, or other sensitive financial data. Razorpay encrypts and secures all payment transactions independently.

We only store transaction IDs, subscription status, billing dates, and invoice records necessary for service delivery and compliance. No raw payment information is retained on our servers.

Data Deletion & Retention Rights

If you decide to delete your profile, you can trigger a profile deletion from your Account Settings. All local databases, task histories, penatly configurations, and cached Google tokens will be wiped from our database permanently.

You can revoke DayDungeon's account authorization at any time directly through your Google Security console, terminating all access.