Jorna Day Privacy Policy

Last updated: 2026-05-20

Summary

Jorna Day is a personal time-tracking and finance app. Most of your data lives on your device. When you sign in, work-session, finance, family and goal data is synced to your private cloud storage (AWS) so you can access it across your own devices and share it with family members you explicitly invite. We do not sell or share your data with advertisers or analytics brokers.

Data We Collect

On-device only (no sync required)

• Work session check-in / check-out times and segments
• Rate profiles you configure
• Overtime entries
• Weekly schedule
• App settings (currency, daily goal, notification preferences, theme, language)
• Receipt photos you attach (also synced if you sign in — see below)
• Scheduled auto check-in rules (days, times, profile)

All of the above is stored locally using your device’s encrypted storage (Drift / SQLite + Apple Keychain / Android Keystore for tokens).

Synced to your private cloud (only when you sign in)

If you sign in (email/password, Sign in with Apple, or Google), the following is transmitted and stored in our AWS infrastructure under your account:

• Authentication identifiers: email address (or Apple relay email), name (on first sign-in only), profile picture URL (Google only)
• Work sessions, segments, overtime, weekly schedule, rate profiles
• App settings (currency, daily goal, notifications)
• Expenses, incomes, expense categories, budgets
• Financial accounts you create (name, type, opening balance, currency)
• Goals and your goal-contribution history
• Family groups you create or join, family member emails, and goal contributions by family member
• Receipt photos uploaded to your private storage area
• Device push-notification tokens (so we can deliver real-time family invitation notifications)
• A user identifier we use to associate crash reports with your account (see “Crash Reporting” below)

Data is stored encrypted at rest in AWS US-East-1.

Crash reporting (Firebase Crashlytics)

If a crash or non-fatal error occurs we collect:

• A stack trace and the build / OS version
• A custom anonymous user identifier (your account id) so we can correlate crashes with bug reports
• Recent in-app log breadcrumbs (no personal content)

You can disable crash reporting from Settings if you do not want to share these reports.

What We Do NOT Collect

• Precise or coarse location
• Contacts
• Photos or videos other than the receipts you explicitly attach
• Health, fitness, or biometric data
• Device identifiers used for advertising
• Behavioral analytics events sold to third parties

Third Parties We Use

We rely on the following service providers strictly to operate the app. None of them are authorized to use your data for advertising or to resell it.

• Amazon Web Services (AWS) — hosts our backend (DynamoDB for your records, S3 for receipt images, Lambda for processing, Cognito for authentication, Secrets Manager for credentials, SES used only for system-level outbound mail).
• Firebase Cloud Messaging (Google) — delivers push notifications to your device when you receive a family invitation. We send only your account identifier and the notification text; the notification payload is transmitted via Google’s FCM service to APNs (iOS) or FCM (Android).
• Firebase Crashlytics (Google) — receives crash and non-fatal error reports as described above.
• Brevo — sends transactional invitation emails when you invite a family member by email address. We send the recipient address and the invitation body; Brevo’s policy applies to email delivery.
• Apple Sign In — optional authentication. Subject to Apple’s privacy policy: https://www.apple.com/legal/privacy/
• Google Sign In — optional authentication. Subject to Google’s privacy policy: https://policies.google.com/privacy

No advertising SDKs, attribution SDKs, or behavioral-analytics SDKs are integrated.

Family Sharing

When you create a family group and invite members:

• The recipient receives an email at the address you typed in.
• Once they accept inside the app, their email and account id become visible to other group members.
• Records you mark as “Family” scope (accounts, expenses, incomes, goals, goal contributions) become readable by every member of the same group.
• Records you keep as “Personal” remain private to you.

You can leave a family group at any time from Settings → Family.

Push Notifications

We use push notifications for:

• Real-time family invitation alerts
• Scheduled check-in / check-out reminders you set up
• Daily goal completion and bill reminders

You can disable notifications system-wide from iOS / Android settings or via the in-app notifications toggle.

Your Rights

• Access: All synced data is visible inside the app.
• Delete the app: Removes all local data instantly.
• Delete your account: Email the address below with the subject “Delete my account”. We will remove your AWS Cognito record and associated DynamoDB / S3 data within 30 days.
• Export: Settings → Export Backup creates a JSON file with your data.
• Opt out of crash reports: Settings → Notifications (or future Privacy section).

Children

Jorna Day is not directed at children under 13 and does not knowingly collect data from them.

Changes

If we update this policy, the date at the top will change. Material changes will be announced in the App Store release notes.

Contact

Email: victormanuel.1517@hotmail.com

GitHub Issues: https://github.com/victorsdd01/JornaDay/issues