Privacy Policy and Term's of service

The Bighead Techies LLP (“we” or “us” or “company”) is passionate about you, and your privacy and security. As part of our commitment to you, below is our Privacy Policy (“Policy”) that ensures the information that you enter in The Daybook, our mobile application,, always belongs to you and is kept as safe and secure as reasonably possible.

This Policy also applies to any other products, services, or platforms we may provide or make available to you from time to time, as well as your general dealings with us – including through our website and any other on-line or mobile platforms (“Services”).

Here at Bighead Techies we take your privacy and the processing of your personal data very seriously. Therefore, we have prepared this Privacy Notice where we describe our contact details, information regarding what personal data we process and what rights you have towards us and how you may defend them. Always feel free to contact our customer support ( Refer Contact Details to the Controller)  if you have any questions about our processing of personal data or this Privacy Notice.

Accepting Privacy Policy and term's of service:

By using our Daybook app or any of our other Services, you agree to this Policy.  Once agreed, this Policy is legally binding on both parties.

Changing our privacy policy and term's of service:

Occasionally we may need to change this Policy and terms of services.  By continuing to use our Daybook app or the Services after that date, you agree to the revised Policy. Otherwise, you are free to close your Daybook account(see “Closing your Account” below).

What is personal data?

“Personal data” is any information relating to an identifiable or identified person (you as a user). An identifiable person is someone who can be identified, directly or indirectly, for example by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

The processing of special categories of data, defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life, is prohibited, subject to certain exceptions.

Personal data which we handle

Your personal data may only be processed by us with your given consent, when it is necessary for the performance of a contract to which you are a party, or when it is necessary for our compliance with a legal obligation. The processing of the personal data, the specific purposes for the processing, the legal basis for the processing, and for how long we store your personal data, is described below.

Name

Your name may be processed by us when you sign up to the app. It may also be stored by us when you write it in your diary posts. The processing is based on your consent and will be kept by us for as long as you have an account and 180 days thereafter, or when you erase such diary posts containing your name.

Email address

To enable login and for creating an identity in our system, we process your email address, which may also be used for support and marketing purposes when you explicitly consent to such processing. Signing up is optional for our app, which means that any processing of your email address is based on your consent. Your email address will be kept with us until you delete your account and 180 days thereafter.

Phone number

For further authentication and login purposes, as well as for support purposes, we may process your phone number. As it is optional for you to provide your phone number, the processing is based on your consent. Your phone number will be kept with us until you delete your account and 180 days thereafter.

Home address and location

You as a user can optionally toggle whether to map locations of your diary entries. If you chose to activate such mapping, we may, based on your consent, process your location, whereby your home address might become visible depending on your usage. Your approximate location will also be processed by us on an anonymous basis for analytic purposes. Such personal data will be stored by us until you withdraw your consent, or until 180 days after you delete your account.

Payment details

If you chose to upgrade your accounts subscription, we may process your payment details as it is necessary for our performance of a contract where you are a party. Such payment details will be kept with us until you terminate your upgraded subscription.

Date of birth

For analytics purposes, we will on an anonymous basis process your age, as it is necessary for legitimate interests for us. Your age will then be kept securely by us until your account is deleted and 180 days thereafter.

Other information in diary entries

Depending on if you decide to include any personal data in your diary entries, such personal data will be processed by us by being stored on our cloud database. We will not share such information with any third party. This processing is based solely on your consent. The personal data will be kept until you delete the diary entry, or 180 days after you delete your account. This information will include the below, and any other categories of personal data which you will write about:

• Professional and work details
• Profiling details (including level of education, occupation, photos and images, annual/monthly income, gender, marital status and physical characteristics)
• Criminal convictions and offences
• Trade union membership
• Religious or philosophical belief
• Sex life
• Sexual orientation
• Race/ethnicity
• Political opinion
• Health status
• Day to day life

Deletion after inactivity

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Summary of your rights towards us:

You as a user have the possibility to claim several rights towards us. Such rights are listed here and thereafter described in detail below. You find our contact details at the top of this Privacy Notice.

• Right to be forgotten
• Right to withdraw consent
• Right to access
• Right to rectification
• Right to restriction of processing
• Right to data portability
• Right to object

Right to be forgotten

You have the right to request that we delete any personal data that we process about you. We will delete the data as soon as possible, but at least within one month’s time. If the personal data is needed for fulfillment of our contractual duties towards you or to preserve it with legal ground, we will however not delete the information until the data is no longer needed. We will also, without your explicit demand, delete such personal data that we have collected but do not longer have a lawful right to process. We will inform you about this, if it would occur.

Right to withdraw consent

You have the right to withdraw your given consent at any time. If you do so, we will erase such personal data which is not subject to any other legal ground than your given consent. The erasure will be done as soon as possible. Please note that your withdrawal of consent does not oblige us to erase personal data which is processed based on a contractual relationship or any other legal ground.

Right of access

You have, at any time, the right to receive confirmation from us as to whether personal data concerning you are being processed. You have also the right to access that personal data and to receive the following information:

1. The purposes of the processing
2. The categories of personal data concerned
3. The recipients or categories of recipients to whom personal data have been or will be disclosed
4. The envisaged period for which the personal data will be stored or the criteria used to determine that period
5. The existence of automated decision-making and profiling

Right to rectification

You have, at any time, the right to demand us to correct any inaccurate personal data within a month’s time. You have also the right to complete incomplete personal data, taking into account our purposes of the processing, by the means of providing a supplementary statement.

Right to restriction of processing

You have, instead of demanding us to delete any data, the right to demand us to restrict our processing of your personal data. This may be achieved if

1. You have reason to believe that the accuracy of the personal data is not correct, and the restriction shall be in place during a period that allows us to verify the accuracy of the personal data
2. The processing is unlawful but you don’t want us to delete the personal data
3. We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
4. You have objected to processing concerning profiling or automated decision-making, whereby a restriction shall be obtained during the period when we assess whether our legitimate ground for the processing override your legitimate ground.

Data portability

You have the right to retrieve the personal data which we process about you and that you have provided to us. You have also the right to demand that we transmit such personal data to another data controller if the personal data is collected based on your consent or if the processing of the personal data is carried out by automated means by us, if we deem it technically feasible.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. This can be done when the personal data is processed as part of automated decision-making, including profiling, and direct marketing, if such processing would be carried out (see “Personal data that we process” above).

Permitted Users:

By setting up account, you represent that you have either reached the age of 16.  wIf you do not know whether you have reached the age of 16 or where you live or do not understand this section, please ask your parent or legal guardian for help before you create an account.. Please refer Children’s Privacy.

You can create a daybook dairy account for others only where you are the authorized individual-representative (a parent, guardian, or legal representative establishing a subscription for a Diary).  By setting up such an account you automatically certify and agree that (i) you have this authority, (ii) we are entitled to rely of your certification as true, and (iii) you will hold us harmless from any claim by such others that you did not have authority to create a Diary for them. Subject to an agreement with our company, we will permit organizations (including not-for-profit entities) and individuals to create Diaries, set up accounts for others and encourage them to use a Diary or other Services. Whether you set up your own Diary account or one is set up for you and you agree to become a Diary user, these Terms shall apply to you and govern your relationship with us.

We reserve the right to restrict in our sole discretion who is eligible to use the Diary or our Services, or set up an account, and to reject a request to create a Diary account or close an account at any time without liability. We will only do this where we believe we have a reasonable concern or issue.

How We Share and Disclose Your Information:

Daybook Share your information in the following ways:

Service Providers. We provide access to or share your information with operations and maintenance contractors and other third parties who perform services on our behalf. They have access to perform these services but are prohibited from using your information for other purposes. They provide a variety of services to us, including billing, sales, marketing, test proctoring, product content and features, advertising, analytics, research, customer service, data storage, security, fraud prevention, payment processing, and legal services

Aggregate/Anonymous Information. From time to time, Daybook may share Aggregate/Anonymous Information about use of the Services, such as, but not limited to, publishing a report on usage trends or survey results, and other demographic information provided to us by our users. The sharing of such data is unrestricted

Protection of Daybook and Others. By using the Website or app, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order) or law; (b) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Udacity, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, compliance with applicable law, and spam/malware prevention, and similar purposes.

Business Transfers. As we continue to develop our business, we may buy, merge, partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.

Related Entities and Affiliates. We may share information with our affiliated companies that are under the common ownership or control of Bighead Techies LLP

Ads on Daybook: We may also share certain information such as your location, browser and cookie data and other data relating to your use of our Service with our business partners to deliver advertisements (“ads”) that may be of interest to you. We may allow third-party ad servers or ad networks to serve advertisements on the Service. These third-party ad servers or ad networks use technology to send, directly to your browser or mobile device, the ads and ad links that appear on the Service, and will automatically receive your IP address when they do so. They may also use other technologies (such as cookies, JavaScript, device identifiers, location data, and clear gifs, see above) to compile information about your browser’s or device’s visits and usage patterns on the Service, and to measure the effectiveness of their ads and to personalize the advertising content. We does not sell, rent, or share the information we collect directly from you or about you from third parties with these third-party ad servers or ad networks for such parties’ own marketing purposes.

Parties with whom you share Your Data may have very different privacy policies and terms of use from ours. You understand and accept that it is your responsibility, prior to sharing Your Data, to review and choose to accept the privacy policy and terms and conditions of any parties with whom you share Your Data and the implications of such sharing. You agree not to hold us responsible for any use or publication of Your Data which you have chosen to share from your Diary or account.

Except as we state in this Policy, we will not make Your Data available to anyone with whom you have not instructed or permitted us to distribute or share Your Data. Where we believe in good faith that we have a legal obligation to make that data available to the authorities, or if the threat of physical harm or other damage exists to you, our company, or someone else, we reserve the right to provide any information to the proper authorities and as needed to protect those parties from harm.

Prior to us stopping business for any reason, we will notify you where we can, in advance, and allow you delete Your Data. If we are acquired, purchased, merged or operated by another company, that company could change this Policy or our Terms of Use, including provisions governing how it treats Your Data. You may be notified of any changes to this Policy and, if changes are objectionable to you, your options include the export of Your Data, closing your account and deletion of its contents (as described below).

Security:

We take security very seriously and use security to ensure that Your Data is protected when it is in your Diary. When you opt to use Services which require our employees or Service Providers to have access to Your Data to perform the Services, we agree to implement procedures to protect your security and privacy. However, we cannot and do not guarantee that a breach will never occur or that Your Data will be secure and will never be misused, and you acknowledge and agree that we cannot be held responsible for any breach or unauthorised access to or use of Your Data. In Case of breach we will notify users using email  or other means available.

We provide you with multiple ways to share Your Data, including, but not limited to, email, text, media other apps , social media, etc., which will not encrypt or protect Your Data during transmission. You agree that when you share Your Data using tools which do not provide the necessary encryption and other appropriate protections, that you do so knowingly, at your own risk; and we cannot be held responsible for any breach, hack, or unauthorised access to or use of Your Data.

To prevent access to your Diary by people with malicious intent, we strongly encourage you to follow best practices for a safe password, identity and personal health information management, and to not share your Diary credentials or Your Data with anyone with whom you do not have a high level of trust.

Processes and Systems / Service providers:

From time to time, we may establish business relationships with other businesses whom we believe are trustworthy, and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). This may include certain services, such as hosting and maintenance, and data storage and management. We only provide our Service Providers with the information necessary for them to perform these services for us or carry out a service or transaction requested by you. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect Your Data from unauthorised access, use, or disclosure. Service Providers are prohibited from using Your Data other than in compliance with our privacy policy and as specified by us.

We use following processors/ Service providers:

• Google Firebase (Google LLC) : For utilizing storage, Analytics, Cloud Messaging, Authentication, Realtime Database, Storage, Hosting, Remote Config, Test Lab, Crash Reporting, Notifications, App Indexing, Dynamic Links, Invites
• Elastic search & Kibana: For providing search functionally and providing analytics
• Fabric and crashlytics(Google LLC) : For analytics and for troubleshooting crashes
• Facebook - For providing login service
• Onesignal - for providing push notifications/for marketing
• AWS (Amazon Web services ) -Cloud provider for storing data

Data flow:

1. Devices(Mobile/Web)->Firebase -> Elasticsearch
2. Devices(Mobile/Web)->Fabric
3. Devices(Mobile/Web)->AWS 4. Devices(Mobile/Web)->AWS
   
   
4. Devices(Mobile/Web)->Onesignal

    

Privacy standards:

Your Diary and all of its content belong to you. You have control over your Diary and how much of Your Data you share with others. You are solely responsible for verifying the identity of those you have invited to your Diary, organisations which have created and invited you to use a Diary, and monitoring the access to and use of your Diary by those whom you, authorised others and/or organisations have invited to your Diary. We are not responsible nor liable for anyone you allow to access your Diary or use Your Data. With regard to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), we must disclose what personal data we collect and process about you, and for what purposes. In this Privacy Notice, you find all such information that we are obliged to inform you.

The Regulation in its entirety in your language, may be accessed by following this link:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

Would you like to defend your rights, which are listed in this Privacy Notice, you may contact us using the contact information listed below.

Closing your account:

Once you establish a Diary account it will continue to exist until closed by you or us. You can stop using your Diary/Daybook and close your account with us at any time. You simply need to notify us by email at daybook.dairy@gmail.com.We can suspend or close your account for lack of use, violation of this Privacy Policy or our Terms and Conditions, or other reasons which we deem sufficient in our discretion. We will notify you in advance of suspending or closing your account and allow you a right of appeal to us to be reinstated. The form of the appeal and final decision shall be in our sole and absolute discretion.

When your account is closed, we will provide you, by a means to be determined by us in our discretion, with an electronic copy of Your Data as it then exists in your Diary. Except where you have agreed to share Your Data as set out below, we will delete all of Your Data within a reasonable period (around 60-90 days). Note that once Your Data is deleted it cannot be retrieved. We will retain system logs in relation to your Diary tracking the deletion, but not retain Your Data.

Where you have chosen to give access to Your Data to any third parties (including other Diary users) for analytical and other purposes in both anonymous and/or personally identified formats with the requirement that some or all of Your Data will not be deleted in the future, then Your Data will continue to be stored, shared and used as you have agreed.

Children’s Privacy:

The Daybook and our Services are intended for users who are 16 years of age and older. If we become aware that we have inadvertently received information relating to a child who is younger than 16, we will promptly delete that information from our records.

Open Source library used:

Following open source libraries are used for building daybook.

1. https://github.com/prolificinteractive/material-calendarview
2. https://github.com/Nightonke/BlurLockView
3. http://opencsv.sourceforge.net/
4. https://github.com/shaileshmamgain5/TwoStageRate
5. http://jakewharton.github.io/butterknife/
6. https://github.com/afollestad/material-dialogs
7. https://github.com/maksim88/PasswordEditText
8. https://github.com/MiguelCatalan/MaterialSearchView
9. https://github.com/airbnb/lottie-android
10. https://github.com/lingochamp/okdownload
11. https://github.com/h6ah4i/android-advancedrecyclerview
12. https://github.com/Mauin/RxFingerprint
13. https://github.com/ReactiveX/RxJava
14. https://github.com/jgilfelt/android-sqlite-asset-helper
15. https://github.com/bumptech/glide
16. https://github.com/stfalcon-studio/FrescoImageViewer
17. https://github.com/zetbaitsu/Compressor
18. https://github.com/firebase/firebase-jobdispatcher-android
19. https://github.com/vikramezhil/DroidSpeech
20. https://www.lottiefiles.com/630-voice?page=9
21. https://www.lottiefiles.com/license

Contact Details to the Controller

Name of the company: Bighead Techies LLP

National company registration number: AAE-8393

Country of operation: India

E-mail address: bigheadtechies@gmail.com,daybook.dairy@gmail.com

Phone number: +918547109242

Postal address: 214, Plamoottil, Mammood, Changanacherry, Kerala, India - 686553