Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Effective Date: August 1, 2025 | Last Updated: August 1, 2025

Nokoridays ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy describes how we collect, use, and share your personal data when you use the Nokoridays application ("Service") in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for the Service is:

Joel Martinez

Smaragdweg 8, 64287 Darmstadt, Germany

Email: martinez@joelesli.com

2. What Personal Data We Collect

We collect and process the following types of personal data:

Identification Data

Name, email address, and date of birth (to personalize your experience and support the "days of life" feature)

Authentication Data

Email and encrypted password

User-Generated Content

Personal reflexions submitted voluntarily in journal entries and counts, as well as the title of counters and your date of birth are encrypted.

πŸ”’ All of the above data is encrypted before it's written to our database using industry-standard AES-256-GCM via Ruby on Rails’ Active Record Encryption.

Engagement Statistics

Usage frequency and entry counts, aggregated to improve product experience

Technical Data

Cookies necessary for the operation of the application

We do not collect or process special categories of personal data unless you choose to include such data in your entries.

3. Legal Bases for Processing

We process your personal data on the following legal bases:

  • β€’
    Performance of a contract (Art. 6(1)(b) GDPR): to provide and maintain the Service
  • β€’
    Consent (Art. 6(1)(a) GDPR): for optional features such as monthly summaries and email notifications
  • β€’
    Legitimate interest (Art. 6(1)(f) GDPR): to analyze user engagement and improve the Service, with minimal privacy impact
  • β€’
    Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable laws and regulations

You can withdraw consent at any time via your profile settings for some features or by deleting your account.

4. Use of Artificial Intelligence (OpenAI API)

If enabled, your journal entries and counters are sent to the OpenAI ChatGPT API to generate monthly summaries. These summaries are:

  • βœ“ Stored in your account for future reference
  • βœ“ Sent to you via email
  • βœ“ Not shared with third parties

Only the content you submit is sent to OpenAI; your name and email are not included in these requests.

5. Cookies

We use only essential cookies required to provide the Service (e.g. session management, authentication). These cookies do not track behavior for advertising or analytics purposes.

6. Data Sharing

We do not sell or share your personal data with third parties for marketing purposes.

We share data only with:

  • β€’ OpenAI, LLC (USA) β€” to generate summaries, when enabled
  • β€’ Email provider β€” to deliver emails such as summaries and reminders

Each provider is subject to appropriate data protection safeguards.

7. Data Retention

  • β€’ Your data is retained for as long as your account is active
  • β€’ You can delete individual entries or your entire account at any time
  • β€’ Deleted accounts are fully purged from our systems, except for backup copies (retained for 21 days max)

Backups are encrypted and stored securely.

8. Data Security

We implement technical and organizational measures to protect your personal data, including:

πŸ”’ HTTPS encryption in transit
πŸ‘€ Role-based access control
πŸ›‘οΈ
Encryption at rest

Used on: date of birth, counter titles, journal entries, and count notes

9. International Transfers

Your data may be transferred to the United States when using the OpenAI API and email provider. We ensure that appropriate safeguards (e.g. Standard Contractual Clauses) are in place in accordance with GDPR.

10. Your Rights

As a data subject, you have the following rights:

Right to Access (Art. 15)
Access your personal data
Right to Rectification (Art. 16)
Correct inaccurate data
Right to Erasure (Art. 17)
"Right to be forgotten"
Right to Restrict (Art. 18)
Restrict processing
Right to Portability (Art. 20)
Export your data
Right to Object (Art. 21)
Object to processing

To exercise your rights, please contact: martinez@joelesli.com

11. Children's Privacy

The Service is intended for users aged 18 and older. We do not knowingly collect data from children under 18. If you are a parent or guardian and believe your child has used the Service, please contact us to request deletion.

12. Changes to This Policy

We may update this Privacy Policy from time to time. You will be notified of significant changes via email or through the Service.

Questions About This Policy?

We're here to help. If you have any questions about this privacy policy or how we handle your data, please don't hesitate to reach out.

Contact Us