Sign Up

Privacy Policy

How we protect your data

Last updated: 17 May 2026

Daily Wayfinder is a private journaling app. You write your reflections, and we generate a Bible passage, prayer, and short pastoral response. Because what you write is personal and often spiritual, this notice explains plainly what happens to your data.

Questions? Email dailywayfinder@gmail.com.

1. Who is responsible

Daily Wayfinder is operated by Niklas Wibelius, based in Gothenburg, Sweden, and is the controller of your personal data. Reach us at dailywayfinder@gmail.com.

2. What we collect and why

  • Account — your email address and password. Needed to give you an account.
  • Journal entries and the AI responses we generate — the content of your private journal. Stored so you can read it again later.
  • Basic operational logs — request times, errors, and the IP address at the time of a request. Used to keep the service running and investigate abuse.
  • Support emails — if you write to us, we keep your message and our reply.
  • Payment data — only if we add paid features and you choose to use them. In that case payments are handled by Stripe; we never see card details.

We do not run advertising trackers, do not sell data, and do not buy data about you.

Legal bases (GDPR). Running your account, storing entries, and generating AI responses: performance of our agreement with you (Art. 6(1)(b)). Logs and abuse prevention: our legitimate interest in a safe service (Art. 6(1)(f)). Replies to your support emails: performance of our agreement.

3. Religious and spiritual content (Article 9)

Journal entries about faith, prayer, and doubt qualify as special category data under Article 9 GDPR. We process this content only on the basis of your explicit consent, which you give when you create an account and write an entry. You can withdraw consent at any time by deleting your account; that erases your entries as described below. Withdrawing consent does not affect lawful processing that already happened.

4. How AI works in Daily Wayfinder

When you write an entry, the text is sent to a third-party AI provider (currently based in the United States) which generates the Scripture reference, prayer, and reflection you see in the app. The response is saved in your account.

Under our provider's API terms:

  • Your entries are not used to train public AI models.
  • The provider retains the text only briefly for abuse monitoring before deletion.

We do not read your entries as part of normal operations.

AI responses can be wrong or miss context. Treat them as a starting point for reflection, not as pastoral counsel, mental health care, medical advice, or theological authority.

5. Sub-processors and transfers

We use a small set of providers to run the service. Each is bound by a data processing agreement, and transfers outside the EU/EEA rely on the European Commission's Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

  • Supabase — database, authentication, file storage.
  • AI provider — generating the Scripture, prayer, and reflection responses (United States).
  • Resend — sending account and transactional emails.
  • Vercel — hosting and CDN for the website and app.
  • Stripe — only if we introduce paid features and you choose to use them.

6. How long we keep your data

  • Account and journal entries — kept while your account is active. When you delete your account, entries and account data are removed from primary systems within 30 days and from encrypted backups within 90 days.
  • Operational logs — up to 90 days, then deleted.
  • Support emails — up to 24 months after the conversation ends.
  • Billing records (if you ever make a payment) — 7 years, as required by Swedish bookkeeping law.

7. Cookies

We use only the cookies needed to run the service: a session cookie so you stay signed in, and local storage for your theme preference. No advertising or analytics cookies.

8. Your rights

Under the GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct data that is wrong or incomplete.
  • Delete your account and your entries.
  • Export your journal entries in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent at any time.
  • Complain to your local data protection authority. In Sweden this is the Swedish Authority for Privacy Protection (IMY) at imy.se.

Most rights can be exercised from your account settings. For anything else, email dailywayfinder@gmail.com.

9. Security, children, and changes

Your data is encrypted in transit and at rest, and access to production data is limited to the founder. No system is perfectly secure; if a breach affects you, we will notify you and the relevant authorities within the timeframes required by law.

The service is not intended for children under 16. Between 13 and 16, use it only with a parent or guardian's consent.

We may update this notice. When we make material changes we will update the date above and, where appropriate, notify you in the app or by email.