Privacy Policy

Last updated: June 5, 2026

This policy describes how the DailyPull mobile app collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR, EU 2016/679) and the French Data Protection Act.

1. Data controller

The data controller is:

• JIXTER (sole proprietorship - SACHOT Yoann)
• SIRET: 520 833 658 00021
• Address: 4 rue Gabriel Pierné, 57000 Metz, France
• Contact and exercise of rights: contact@jixter.fr

2. Data collected

DailyPull may collect the following categories of data:

• Authentication data: email address and display name (when you create an account via Google, Facebook or email).
• Usage data: collected cards, unlocked themes, progress and in-app statistics.
• Purchase data: status of in-app purchases and subscriptions (managed via RevenueCat and the app stores), without any banking data (payment is handled exclusively by Apple or Google).
• Technical and diagnostic data: device type, operating system version, technical identifiers and usage diagnostic data.
• Advertising identifier: the device advertising identifier, used only with your consent for advertising.

3. Purposes and legal bases

Each processing operation relies on a specific legal basis under Article 6 of the GDPR:

• Account management and service delivery (authentication, saving progress) - legal basis: performance of the contract (terms of use accepted at sign-up).
• In-app purchases and subscriptions (managing access rights via RevenueCat) - legal basis: performance of the contract.
• Personalized advertising (via Google AdMob) - legal basis: your consent, collected via the consent banner (CMP) and revocable at any time.
• Audience measurement and analytics (via Firebase Analytics / Google Analytics) - legal basis: your consent.
• Security, fraud and abuse prevention, technical stability (server logs, diagnostic data) - legal basis: legitimate interest of the controller in ensuring a reliable and secure service.
• Compliance with legal obligations (notably accounting and tax obligations for purchases) - legal basis: legal obligation.

Where processing relies on consent, you may withdraw it at any time via the app settings (advertising consent management) or by contacting us, without affecting the lawfulness of prior processing.

4. Recipients and processors

We do not sell your personal data. It may be processed by the following processors and recipients, only as far as necessary for each purpose:

• Google (Firebase Authentication, Firebase Analytics, Google AdMob) - authentication, audience measurement and advertising.
• RevenueCat, Inc. - subscription and in-app purchase management.
• Apple App Store / Google Play - processing of in-app purchase payments.
• Facebook (Meta) - authentication only, when you choose to sign in via Facebook.
• Infrastructure hosts (OVH SAS - France, and Amazon Web Services - AWS) - hosting and operation of backend services.

This list is indicative and may evolve; each processor is bound by contractual commitments compliant with Article 28 of the GDPR.

5. Retention periods

• Account and progress data: kept while your account is active, then deleted after account deletion, subject to applicable legal retention periods.
• Analytics data (Firebase / Google Analytics): kept for a maximum of 14 months, in line with the Google Analytics retention setting.
• Purchase-related data: kept for as long as needed to manage the contractual relationship, then archived according to accounting and tax obligations (up to 10 years).
• Technical logs and diagnostic data: kept for a limited period (generally from a few days to 12 months) for security and debugging purposes.

6. Transfers outside the European Union

Some of our processors (notably Google, RevenueCat and AWS) are based in the United States or may process data outside the European Economic Area. These transfers are governed by appropriate safeguards under Chapter V of the GDPR:

• the Standard Contractual Clauses (SCCs) adopted by the European Commission;
• where applicable, membership of the Data Privacy Framework (EU-U.S. DPF) for certified US processors;
• additional technical and organizational measures designed to protect your data.

7. Your rights

Under the GDPR, you have the following rights over your personal data:

• Right of access: obtain a copy of the data concerning you.
• Right to rectification: correct inaccurate or incomplete data.
• Right to erasure: you can delete your account and all associated data directly from the app (built-in account deletion feature), or by requesting it from us.
• Right to restriction of processing.
• Right to object to processing based on legitimate interest, and to processing for marketing purposes.
• Right to data portability. To exercise it, contact contact@jixter.fr; your request will be handled within 30 days.
• Right to withdraw your consent at any time, notably for personalized advertising and analytics.
• Right to lodge a complaint with the CNIL (www.cnil.fr), the supervisory authority in France.

To exercise these rights, contact us at contact@jixter.fr. We respond within one month of receiving your request.

8. Cookies and similar technologies

DailyPull uses Firebase Analytics and Google AdMob, which may store identifiers or similar technologies for audience measurement and advertising. These trackers are only enabled after your consent is collected via the consent banner, which you can change or withdraw at any time.

9. Security

We implement appropriate technical and organizational measures (encryption of communications, access controls, secure hosting) to protect your data against any unauthorized access, alteration, disclosure or destruction.

10. Changes

This policy may be updated. Changes will be published on this page with the update date.