Privacy Policy
Effective date: 5 July 2026
Canonical URL: https://dajno.app/privacy
This Privacy Policy explains how dajno ("dajno", "the app", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use the dajno mobile application and related services. dajno is a gym-agnostic social indoor-bouldering app: climbers photograph routes, log sends, follow friends, and post sessions.
1. Who we are and how to contact us
dajno is operated by a solo developer (the "operator").
- Legal entity / operator name: Julian Guttmann
- Postal address: Zygmunta Krasińskiego 34A/22, 01-769 Warszawa, Poland
- Domain: dajno.app
- Privacy contact: privacy@dajno.app
- General support and abuse reports: support@dajno.app
For the purposes of the EU/UK General Data Protection Regulation (GDPR), the operator is the data controller for the personal data described in this policy.
- Data Protection Officer (if appointed): Not appointed; not required
- EU/UK representative (if applicable): Not applicable
If you have questions about this policy or how we handle your data, email privacy@dajno.app.
2. What data we collect and why
We collect only the data we need to run dajno. The table below summarizes what we collect, why, and the lawful basis (see Section 3 for more on lawful bases).
| Data | Source | Purpose | Lawful basis |
|---|---|---|---|
| Account email | You, at sign-up | Authentication, account recovery, essential service notices | Performance of a contract |
| Username | You | Public identity within the app | Performance of a contract |
| Display name | You | Public identity within the app | Performance of a contract |
| Bio | You (optional) | Public profile content | Performance of a contract |
| Avatar photo | You (optional) | Public profile image | Performance of a contract |
| Route photos | You | Public app content (photographs of climbing routes) | Performance of a contract |
| Climbing activity — sends, sessions, ratings | You | Core app functionality; public social content | Performance of a contract |
| Coarse device location | Device OS, at runtime only | Nearby-gym search | Consent (OS prompt) |
2.1 Public content
The following are public within the app and visible to other users (and may be visible to anyone who can view the app's content): your username, display name, bio, avatar, route photos, and climbing activity (sends, sessions, and ratings). Do not upload anything you are not comfortable sharing publicly.
2.2 What we do not collect
- We do not use third-party tracking SDKs.
- We do not serve advertising.
- We do not currently run any analytics.
- We do not sell your personal data, and we do not share it for cross-context behavioral advertising.
3. Lawful basis for each purpose (GDPR Article 6)
We rely on the following lawful bases:
- Performance of a contract (Art. 6(1)(b)) — creating and operating your account, and providing the core service (profile, photos, climbing activity, social features). Without this data we cannot provide the app.
- Consent (Art. 6(1)(a)) — coarse device location for nearby-gym search. You grant this through your device's operating-system permission prompt and can withdraw it at any time in your device settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
- Consent or legitimate interest with opt-out (Art. 6(1)(a) or 6(1)(f)) — any future crash-reporting or analytics (see Section 5). We do not run these today; if we add them, we will update this policy and, where required, obtain your consent or provide an opt-out before processing.
4. Location handling — runtime only, not stored
dajno can use your device's coarse (approximate) location to help you find nearby gyms.
- Location is accessed at runtime only, while you are using the nearby-gym feature.
- Your location is not stored by the app and is not transmitted to our backend. It is used on your device, in the moment, to surface nearby gyms, and then discarded.
- Location access requires your permission via the operating-system prompt. You can grant or revoke it at any time in your device settings. If you decline, you can still use the rest of the app; only nearby-gym convenience is affected.
5. Processors and sub-processors; international transfers
We use the following service providers to operate dajno:
5.1 Supabase (backend platform)
We use Supabase (PostgreSQL database, authentication, and file storage) to host the app's backend. Supabase acts as a data processor on our behalf, processing data only under our instructions and a data processing agreement.
- Hosting region / international transfers: EU (Frankfurt, Germany); data is processed within the EU/EEA. If data is processed outside the EU/EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).
5.2 Resend (transactional email)
We use Resend (resend.com) to deliver account emails — the sign-up confirmation code and the password-reset code. Resend processes your email address to send these messages, as a data processor acting under our instructions and a data processing agreement.
- International transfers: Resend is based in the United States, so your email address is transferred outside the EU/EEA. We rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer safeguard.
5.3 Future crash reporting (not active)
We do not currently use crash-reporting or analytics tooling. We may, in the future, with notice and/or consent, add a crash-reporting tool to improve stability. If we do, we will update this policy to identify the provider, the data processed, the lawful basis, and any opt-out, before it is enabled.
5.4 Sub-processor list
A current list of sub-processors will be maintained at available on request from privacy@dajno.app.
6. Data retention
- While your account is active, we retain your profile data (email, username, display name, bio, avatar) and your climbing activity to provide the service.
- When you delete your account (see Section 7.2), your personally identifying information is anonymized or removed: email, username, display name, bio, and avatar are scrubbed and removed, and your uploaded photos are deleted from storage. Your climbing records are append-only and may be retained in de-identified / detached form (no longer linked to an identifiable person) for service integrity and aggregate statistics.
- Backups: Our current hosting plan does not retain scheduled database backups, so deleted personal data is not preserved in a backup system beyond the deletion itself. If we enable scheduled backups in the future, we will update this policy with the applicable retention window.
7. Your rights and how to exercise them (GDPR Articles 15–21)
If you are in the EU/EEA, the UK, or another region with comparable law, you have the following rights:
- Access (Art. 15) — obtain a copy of the personal data we hold about you.
- Portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format. dajno provides an in-app "Download my data" feature that exports your data as JSON.
- Rectification (Art. 16) — correct inaccurate data. You can edit your profile directly in the app.
- Erasure (Art. 17) — delete your account. The in-app account deletion feature anonymizes your account in place: your email, username, display name, bio, and avatar are scrubbed and removed, your uploaded photos are deleted from storage, and append-only climbing records are retained only in de-identified/detached form.
- Restriction (Art. 18) — ask us to limit processing in certain circumstances.
- Objection (Art. 21) — object to processing based on legitimate interests.
7.1 How to exercise your rights
- In the app: edit your profile (rectification), use "Download my data" (access/portability), and use account deletion (erasure). You can also request deletion at https://dajno.app/delete-account.
- By email: contact privacy@dajno.app for any right, including restriction and objection.
We will respond within the timeframe required by law (generally within one month under the GDPR). We may need to verify your identity before acting on a request.
7.2 Account and data deletion
You can delete your account and data:
- In the app, via the account deletion feature; or
- Online, at https://dajno.app/delete-account.
See Section 6 for what happens to your data on deletion.
7.3 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state, the UK, or other jurisdiction of your habitual residence, place of work, or place of the alleged infringement. Lead supervisory authority (if applicable): President of the Personal Data Protection Office (UODO), Poland. We would, however, appreciate the chance to address your concerns first — please contact privacy@dajno.app.
8. Children (16+)
dajno is intended for users aged 16 and older. The app is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. When you create an account, you must confirm that you are 16 or older.
If you believe a person under 16 has provided us with personal data, please contact privacy@dajno.app and we will take steps to delete it.
9. Security
We take reasonable technical and organizational measures to protect your data, including:
- Row-Level Security (RLS) enforced on every database table, so users can only access data they are authorized to see;
- Encrypted authentication storage on your device;
- HTTPS for all data in transit.
No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users as required by law.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective date above and, where appropriate, provide notice in the app. The current version is always available at https://dajno.app/privacy. Your continued use of dajno after changes take effect constitutes acceptance of the updated policy, to the extent permitted by law.
11. Contact
- Privacy questions and data requests: privacy@dajno.app
- General support and abuse reports: support@dajno.app
- Data deletion request: https://dajno.app/delete-account