Privacy Policy

Effective date: 5 July 2026

Canonical URL: https://dajno.app/privacy

This Privacy Policy explains how dajno ("dajno", "the app", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use the dajno mobile application and related services. dajno is a gym-agnostic social indoor-bouldering app: climbers photograph routes, log sends, follow friends, and post sessions.


1. Who we are and how to contact us

dajno is operated by a solo developer (the "operator").

For the purposes of the EU/UK General Data Protection Regulation (GDPR), the operator is the data controller for the personal data described in this policy.

If you have questions about this policy or how we handle your data, email privacy@dajno.app.


2. What data we collect and why

We collect only the data we need to run dajno. The table below summarizes what we collect, why, and the lawful basis (see Section 3 for more on lawful bases).

Data Source Purpose Lawful basis
Account email You, at sign-up Authentication, account recovery, essential service notices Performance of a contract
Username You Public identity within the app Performance of a contract
Display name You Public identity within the app Performance of a contract
Bio You (optional) Public profile content Performance of a contract
Avatar photo You (optional) Public profile image Performance of a contract
Route photos You Public app content (photographs of climbing routes) Performance of a contract
Climbing activity — sends, sessions, ratings You Core app functionality; public social content Performance of a contract
Coarse device location Device OS, at runtime only Nearby-gym search Consent (OS prompt)

2.1 Public content

The following are public within the app and visible to other users (and may be visible to anyone who can view the app's content): your username, display name, bio, avatar, route photos, and climbing activity (sends, sessions, and ratings). Do not upload anything you are not comfortable sharing publicly.

2.2 What we do not collect


3. Lawful basis for each purpose (GDPR Article 6)

We rely on the following lawful bases:

  1. Performance of a contract (Art. 6(1)(b)) — creating and operating your account, and providing the core service (profile, photos, climbing activity, social features). Without this data we cannot provide the app.
  2. Consent (Art. 6(1)(a)) — coarse device location for nearby-gym search. You grant this through your device's operating-system permission prompt and can withdraw it at any time in your device settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
  3. Consent or legitimate interest with opt-out (Art. 6(1)(a) or 6(1)(f)) — any future crash-reporting or analytics (see Section 5). We do not run these today; if we add them, we will update this policy and, where required, obtain your consent or provide an opt-out before processing.

4. Location handling — runtime only, not stored

dajno can use your device's coarse (approximate) location to help you find nearby gyms.


5. Processors and sub-processors; international transfers

We use the following service providers to operate dajno:

5.1 Supabase (backend platform)

We use Supabase (PostgreSQL database, authentication, and file storage) to host the app's backend. Supabase acts as a data processor on our behalf, processing data only under our instructions and a data processing agreement.

5.2 Resend (transactional email)

We use Resend (resend.com) to deliver account emails — the sign-up confirmation code and the password-reset code. Resend processes your email address to send these messages, as a data processor acting under our instructions and a data processing agreement.

5.3 Future crash reporting (not active)

We do not currently use crash-reporting or analytics tooling. We may, in the future, with notice and/or consent, add a crash-reporting tool to improve stability. If we do, we will update this policy to identify the provider, the data processed, the lawful basis, and any opt-out, before it is enabled.

5.4 Sub-processor list

A current list of sub-processors will be maintained at available on request from privacy@dajno.app.


6. Data retention


7. Your rights and how to exercise them (GDPR Articles 15–21)

If you are in the EU/EEA, the UK, or another region with comparable law, you have the following rights:

7.1 How to exercise your rights

We will respond within the timeframe required by law (generally within one month under the GDPR). We may need to verify your identity before acting on a request.

7.2 Account and data deletion

You can delete your account and data:

See Section 6 for what happens to your data on deletion.

7.3 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state, the UK, or other jurisdiction of your habitual residence, place of work, or place of the alleged infringement. Lead supervisory authority (if applicable): President of the Personal Data Protection Office (UODO), Poland. We would, however, appreciate the chance to address your concerns first — please contact privacy@dajno.app.


8. Children (16+)

dajno is intended for users aged 16 and older. The app is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. When you create an account, you must confirm that you are 16 or older.

If you believe a person under 16 has provided us with personal data, please contact privacy@dajno.app and we will take steps to delete it.


9. Security

We take reasonable technical and organizational measures to protect your data, including:

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users as required by law.


10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective date above and, where appropriate, provide notice in the app. The current version is always available at https://dajno.app/privacy. Your continued use of dajno after changes take effect constitutes acceptance of the updated policy, to the extent permitted by law.


11. Contact