Privacy Policy — Stillday

1. Introduction

Stillday ("we", "our", or "the app") is a privacy-first journaling app for tracking symptoms and daily reflections. This policy explains how we handle your information when you use Stillday on Apple devices.

2. Data we collect and store

Journal and tracking data: Entries, symptom logs, flare events, and any notes you enter are stored on your device. If you enable iCloud sync, this data is also stored in your personal iCloud account (Apple's infrastructure) so you can access it from your other devices. We do not have access to the content of your journal or symptom data.

Account and purchases: If you subscribe, Apple processes the payment. We do not receive your payment details. We only receive information necessary to provide your subscription (e.g. that your subscription is active), in line with Apple's StoreKit and App Store policies.

Technical data: To provide the app (e.g. sync, purchases), the app may use standard system services. We do not collect or use your data for advertising or selling to third parties.

3. Where your data is stored

• On device: All journal and symptom data is stored locally on your iPhone, iPad, or Apple Watch (as applicable).
• iCloud: If you turn on "Sync with iCloud", your data is stored in your private iCloud account. Only you (and devices signed into your Apple ID) can access it. We do not have access to your iCloud data.
• Our systems: We do not operate servers that store your journal or symptom content. Any minimal data we might receive (e.g. subscription status from Apple) is handled in line with this policy and applicable law.

4. How we use your data

• To provide the app: storing and syncing your entries, generating summaries and exports when you use those features, and managing your subscription.
• We do not use your journal or symptom content for advertising, profiling, or selling to third parties.
• We do not share your journal or symptom content with anyone unless you explicitly share it yourself (e.g. by exporting a file and sending it).

5. Sharing and disclosure

We do not sell or rent your personal data. We may disclose data only: (a) if required by law or legal process; (b) to protect our rights or safety; or (c) with your consent. Export and sharing of reports or files are done by you, from your device; we do not send that data to our servers.

6. Data retention and deletion

• On your device: Data remains until you delete it in the app or uninstall the app. Deleting entries or the app removes that data from the device.
• iCloud: If you use iCloud sync, data in your iCloud account is subject to Apple's iCloud terms and your account settings. Turning off sync in the app does not delete data already in iCloud; you can manage or delete it via your iCloud settings.
• Subscriptions: Subscription and purchase records are held by Apple in line with their policies.

7. Security

We rely on your device's security (e.g. passcode, Face ID) and Apple's security (e.g. iCloud encryption) to protect your data. Data in transit to iCloud is encrypted. We do not store your journal content on our own servers.

8. Children

Stillday is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, please contact us at support@cocoacorn.com.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will change when we do. Continued use of the app after changes means you accept the updated policy. For material changes, we may notify you in the app or by email where possible.

10. Contact

For privacy-related questions or requests, contact us at support@cocoacorn.com.