Privacy Policy

This Privacy Policy ("Policy") applies to www.idealday.net, and Pinefall Digital, LLC ("Company") and governs data collection and usage. For the purposes of this Policy, unless otherwise noted, all references to the Company include www.idealday.net. The Company website is a Personal journaling and planning site. By using the Company website, you consent to the data practices described in this statement.

I. Collection of Your Personal Information

In order to better provide you with products and services offered, the Company may collect personally identifiable information, such as your:

• First and last name
• Email address
• Account billing status
• "User content" - any text, ratings, or data you enter into the app, including marathon plans, weekly and daily notes, habits, schedule blocks, and reviews. We store this so you can access and review it, and do not inspect or process it for any other purpose.
• All payment transactions are securely processed directly by our third-party payment processor, Stripe. Your payment details are provided directly to Stripe, whose use of your personal information is governed by their privacy policy. We do not store, process, or collect your full credit card details, bank account numbers, or other sensitive payment information.

We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We may also gather additional personal or non-personal information in the future.

II. Use of your Personal Information

The Company collects and uses your personal information in the following ways:

• to operate and deliver the services you have requested.

• to provide you with information, products, or services that you request from us.

• to provide you with notices about your account.

• to carry out the Company's obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

• to notify you about changes to our www.idealday.net or any products or services we offer or provide through it.

• to maintain the security of the Company's services and prevent fraud or misuse.

• to comply with applicable laws, regulations, legal processes, or governmental requests.

• User data (such as name, email address, notes, goals, habits, milestones, actions, and review material) for marathons, weeks, and days is stored so that you may access it to use the application.

• in any other way we may describe when you provide the information.

• for any other purpose with your consent

The Company may also use your personally identifiable information to inform you of other products or services available from the Company and its affiliates.

Legal Basis for Processing (EU/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information only when we have a lawful basis to do so under Article 6 of the General Data Protection Regulation (GDPR). The bases we rely on are:

• Performance of a contract (Art. 6(1)(b)): to create and manage your account, provide the services you have requested, and handle your subscription and billing.
• Legitimate interests (Art. 6(1)(f)): to maintain the security of our services, prevent fraud and abuse, investigate incidents, and improve the service. We balance these interests against your rights and only rely on this basis where your interests do not override ours.
• Consent (Art. 6(1)(a)): to send you marketing or promotional communications. You may withdraw your consent at any time using the unsubscribe mechanism in any marketing email.
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws, respond to lawful requests from public authorities, and retain financial records as required by tax and accounting law.

III. Sharing Information with Third Parties

The Company does not sell, rent, or lease its customer lists to third parties.

The Company does not sell biometric data to third parties.

The Company may share data with trusted partners to help perform statistical analysis, send you email, or provide customer support. All such third parties are prohibited from using your personal information except to provide these services to the Company, and they are required to maintain the confidentiality of your information.

The Company may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the Company or the site; (b) protect and defend the rights or property of the Company; and/or (c) act under exigent circumstances to protect the personal safety of users of the Company, or the public.

IV. Your Rights

California Residents (CCPA/CPRA)

You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), to:

• Know what personal information we collect about you and how we use and share it.
• Request access to, or deletion of, the personal information we hold about you.
• Opt out of the "sale" or "sharing" of your personal information as those terms are defined under California law. We do not sell or share your personal information, but if you wish to make a formal opt-out request, you may do so at www.idealday.net/contact.
• Be free from discrimination for exercising any of your privacy rights.

EU and UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal information. You may exercise these rights free of charge by contacting us at doug@pinefalldigital.com or via the form at www.idealday.net/contact. We will respond within 30 days, as required by applicable law.

• Right of access — you can request a copy of the personal information we hold about you.
• Right to rectification — you can request that we correct inaccurate or incomplete personal information.
• Right to erasure ("right to be forgotten") — you can request that we delete your personal information, subject to the exceptions listed in Section VIII.
• Right to restriction of processing — you can request that we limit how we use your personal information in certain circumstances.
• Right to data portability — you can request that we provide your personal information in a structured, commonly used, machine-readable format, and where technically feasible, transmit it to another service provider.
• Right to object — you can object to our processing of your personal information where we rely on legitimate interests, or at any time for direct marketing purposes.
• Right to withdraw consent — where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right not to be subject to automated decision-making — we do not use your personal information to make decisions that produce legal or similarly significant effects about you.

Right to Lodge a Complaint

If you are located in the EEA or the United Kingdom and believe that our processing of your personal information infringes applicable data protection law, you have the right to lodge a complaint with your local supervisory authority. A list of EEA authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may contact the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/.

V. Automatically Collected Information

The Company may automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, access times, and referring website addresses. This information is used for the operation of the service, to maintain the quality of the service, and to provide general statistics regarding the use of the Company website.

VI. Use of Cookies

The Company website may use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize the Company pages, or register with the Company site or services, a cookie helps the Company to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Company website, the information you previously provided can be retrieved, so you can easily use the Company features that you customized.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Company services or websites you visit.

VII. Security of Your Personal Information

The Company secures your personal information from unauthorized access, use, or disclosure. The Company uses the following methods for this purpose:

• TLS Protocol
• Clerk: used for secure authentication, TLS enabled.
• Stripe: used for secure payment processing, TLS enabled.
• Neon: used for database hosting. All data is encrypted at rest. TLS enabled.
• Vercel: used for secure application hosting & serverless functions. TLS enabled.

When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Transport Layer Security (TLS) protocol.

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100 percent secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet that are beyond our control; and (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed.

VIII. Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records; and

• Direct any service providers to delete your personal information from their records.

Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, and provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

• Debug to identify and repair errors that impair existing intended functionality;

• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

• Comply with the California Electronic Communications Privacy Act;

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

• Comply with an existing legal obligation; or

• Otherwise, use your personal information internally in a lawful manner that is compatible with the context in which you provided the information.

IX. Data Retention

We retain your personal information only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

• Account and profile data (name, email, user content): retained for the life of your account, and deleted within 30 days of an account-deletion request, except where retention is required by law.
• Subscription and payment records: retained by our payment processor (Stripe) for as long as required by applicable tax, accounting, and anti-money-laundering law (typically seven years in the United States). We retain the minimum billing-status information in our own database for the same period so that we can respond to billing disputes and regulatory inquiries.
• Contact form submissions: retained for up to 24 months from receipt, after which they are deleted unless an ongoing support or legal matter requires longer retention.
• Technical logs (IP address, request timestamps, error reports): retained for up to 90 days for operational and security purposes, then deleted or anonymized.

If you request deletion of your personal information, we will delete records we are not legally required to retain and anonymize any records we are required to keep.

X. Data Security and Breach Notification

The Company maintains reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, acquisition, disclosure, or use. In the event of a security incident involving personal information, the Company will promptly investigate the incident and provide notice to affected individuals and, where required, to applicable regulatory authorities in accordance with applicable law.

The Company will provide any required notice in the manner and within the timeframes prescribed by applicable law.

XI. Children Under 13

The Company does not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of 13, you must ask your parent or guardian for permission to use this platform.

XII. Email Communications

From time to time, the Company may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication.

If you would like to stop receiving marketing or promotional communications via email from the Company, you may opt out of such communications by Clicking on the unsubscribe button.

XIII. International Data Transfers

The Company is based in the United States, and our third-party service providers — including Clerk, Stripe, Neon, and Vercel — process data in the United States and, in some cases, other jurisdictions. If you access the Services from outside the United States, your personal information will be transferred to and processed in the United States.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the Standard Contractual Clauses approved by the European Commission, or equivalent safeguards, as incorporated into our agreements with our service providers. Where our service providers are certified under the EU-U.S. Data Privacy Framework (or its UK or Swiss equivalents), we may also rely on those frameworks as a lawful transfer mechanism.

The third parties we work with to store and process your data are:

• Neon: used for secure database hosting. Your journal entries and marathon, week, and day data are stored here. This data is encrypted at rest, and encrypted in transit using TLS protocol.
• Vercel: used for application deployment and hosting. Secured via TLS protocol.
• Clerk: used for secure user authorization. Secured via TLS protocol.
• Stripe: used for payment processing. All payment information is provided directly to Stripe and processed directly by Stripe. The application does not store this data. Secured via TLS protocol.

If you have questions about our international data transfer practices, please contact us using the information in Section XV.

XIV. Changes to This Statement

The Company reserves the right to change this Policy from time to time. For example, when there are changes in our services, changes in our data protection practices, or changes in the law. When changes to this Policy are significant, we will inform you. You may receive a notice by sending an email to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating any privacy information. Your continued use of the website and/or services available after such modifications will constitute your: (a) acknowledgment of the modification of this Policy; and (b) agreement to abide and be bound by this modified Policy.

XV. Contact Information

The Company welcomes your questions or comments regarding this Statement of Privacy. If you believe that the Company has not adhered to this Statement, please contact the Company at:

Pinefall Digital, LLC

Email Address: doug@pinefalldigital.com

Phone number: 1-800-697-8713

Effective as of April 30, 2026