Daily Connect
Privacy Policy
Daily Connect is a platform for deep listening practice. We take the privacy of our members and participants seriously. This policy explains what personal data we collect, why we collect it, how we store it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable German data protection law.
We collect the minimum data necessary to operate the practice — nothing more.
1. Who is Responsible for Your Data
Daily Connect is operated by:
Monika Jiang
Writer · Gewerbetreibende
Berlin, Germany
contact@dailyconnect.co
Monika Jiang is the Data Controller under Article 4(7) GDPR. All data protection questions and requests can be directed to the contact address above.
2. What Data We Collect and Why
2.1 Application to Join
When you apply to participate in Daily Connect, we collect:
Your name
Your email address
Any information you voluntarily share in the application form
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — to assess suitability for the practice community.
Retention: Application data is deleted within 30 days of a decision being made. If your application is accepted, only your name and email are retained for membership purposes. If declined, all data is deleted.
2.2 Membership & Payments
Membership payments are processed by Creem (creem.io), which acts as the Merchant of Record. When you subscribe:
Creem collects and processes your payment information directly — we never see or store your card or bank details
We receive only your name, email address, membership tier, and subscription status
VAT collection and remittance is handled automatically by Creem
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
Retention: Membership records are retained for the duration of your active membership. Upon cancellation or non-renewal, your data is deleted within 30 days, unless retention is required by law (e.g. tax records, which are kept for 10 years under German law — HGB §257, AO §147).
Creem's privacy policy is available at creem.io/privacy. They are a separate data processor under a Data Processing Agreement.
2.3 Account Access
Daily Connect does not use passwords. Access to the platform is granted via a secure magic link sent to your registered email address. This means:
No passwords are stored or transmitted
Each login link is single-use and time-limited
Your identity is verified through your email address alone
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
2.4 In-App Messaging
Daily Connect may include a messaging feature for coordination between participants. You should be aware that:
Messages are not stored on our servers beyond what is technically necessary to deliver them
We do not monitor, read, or analyse message content
Message history is not retained after a session or conversation ends
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
2.5 Video Calls and Practice Sessions
Daily Connect practice sessions take place via video call within the Daily Connect app. You should be aware that:
Sessions are never recorded by Daily Connect
We do not store or archive any audio or video from practice sessions
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
2.6 Technical & Usage Data
When you use the Daily Connect website or app, standard technical data may be collected automatically, including:
IP address (anonymised where possible)
Browser type and version
Device type (mobile, desktop, tablet)
Pages visited and session duration
This data is used solely to maintain and improve the platform. It is not used for advertising or profiling.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
3. Security and Encryption
We take the security of your data seriously. Our technical measures include:
All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
Backend infrastructure uses two-way encryption to protect data in transit and at rest
Login is passwordless — reducing the risk of credential-based attacks
Access to member data is restricted to authorised team members only
No system is entirely immune to risk. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
4. Cookies and Tracking
Daily Connect uses two categories of cookies:
Strictly Necessary Cookies (no consent required)
Session cookies — to keep you logged in during your visit
Security cookies — to prevent unauthorised access
Analytics Cookies (consent required)
Google Analytics cookies (_ga, gid, gat) — used to understand how visitors use the site. These are only set after you accept analytics cookies via our consent banner.
You can change your cookie preferences at any time by clicking the cookie settings link in the footer of our website. Refusing analytics cookies has no effect on your ability to use Daily Connect.
5. Third-Party Services
We use the following third-party services to operate Daily Connect. Each is bound by their own privacy policy and, where applicable, a Data Processing Agreement with us. Services marked (US) process data on US servers under Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Chapter V.
Website & App Infrastructure
Squarespace (US) — website hosting for dailyconnect.co. Squarespace may collect visitor IP addresses, browser data, and usage statistics as part of standard hosting. See squarespace.com/privacy
Vercel (US) — hosting infrastructure for the Daily Connect app (PWA and future native versions). Processes server requests including IP addresses. See vercel.com/legal/privacy-policy
Firebase (Google LLC, US) — app backend services including authentication, database, and real-time infrastructure. Data may be stored on Google servers. See firebase.google.com/support/privacy
Daily.co (Daily.co Inc., US) — video and audio infrastructure for in-app practice sessions. Daily.co processes connection data and audio/video streams to deliver real-time sessions. Sessions are never recorded by Daily Connect. See daily.co/privacy
Payments & Membership
Creem (creem.io) — membership payment processing, acting as Merchant of Record. Handles all payment data directly; we receive only name, email, and subscription status. See creem.io/privacy
Communications & Events
Zoom (US) — video call infrastructure for info sessions. Zoom processes connection metadata. Sessions are never recorded by Daily Connect. See zoom.us/privacy
Luma — event registration for public info sessions. See lu.ma/privacy
Email provider (TBD — e.g. Brevo) — transactional emails and magic login link
Internal Operations
Google Drive (Google LLC, US) — used internally by the Daily Connect team for document storage, shared resources, and operational files. Member data is not stored in Google Drive. Data is processed on Google servers in the US under Standard Contractual Clauses. See policies.google.com/privacy
Analytics
Google Analytics (Google LLC, US) — we use Google Analytics to understand how visitors use our website (page views, session duration, general traffic patterns). Google Analytics uses cookies and may process your IP address. Data is transferred to Google servers in the US under Standard Contractual Clauses. You can opt out via browser cookie settings or the Google Analytics opt-out add-on at tools.google.com/dlpage/gaoptout
Google Analytics is only activated after you accept analytics cookies via our cookie consent banner. You can withdraw consent at any time.
We do not sell your data to third parties. We do not use your data for advertising targeting.
6. Data Retention
We only keep your data for as long as it is needed:
Active members: data is retained for the duration of membership
Cancelled or inactive members: data deleted within 30 days of cancellation
Applicants (not accepted): data deleted within 30 days of the decision
Payment records: retained for 10 years under German commercial and tax law
Technical logs: retained for a maximum of 90 days, then automatically deleted
You can request earlier deletion at any time (see Section 7).
7. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights:
Right of access (Art. 15) — You can request a copy of all personal data we hold about you.
Right to rectification (Art. 16) — You can ask us to correct inaccurate or incomplete data.
Right to erasure (Art. 17) — You can ask us to delete your data. We will comply unless retention is legally required.
Right to restriction (Art. 18) — You can ask us to pause processing of your data in certain circumstances.
Right to data portability (Art. 20) — You can request your data in a machine-readable format.
Right to object (Art. 21) — You can object to processing based on legitimate interest.
Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at hello@dailyconnect.co. We will respond within 30 days.
You also have the right to lodge a complaint with the supervisory authority responsible for Daily Connect:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin
mailbox@datenschutz-berlin.de
www.datenschutz-berlin.de
8. Children's Data
Daily Connect is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal data, we will delete it promptly.
9. Changes to This Policy
We may update this policy to reflect changes to our practices or legal obligations. When we do, we will update the date at the top of this document and, for material changes, notify active members by email at least 14 days before the changes take effect.
Continued use of Daily Connect after notification constitutes acceptance of the updated policy.
10. Contact
For any questions about this privacy policy or how we handle your data:
Daily Connect · Berlin, Germany
This policy was last reviewed and updated on 10 March 2026. It covers dailyconnect.co, the Daily Connect PWA, and any future native app versions published on the Apple App Store or Google Play Store.