ShadowDaily Privacy Policy
Last updated: May 21, 2026
ShadowDaily ("the App"), published by Roadmap Talent LLC ("we," "us," or "our"), is a German language learning app that helps you practice writing and speaking German through diary entries, AI-powered grammar correction, and conversational exercises. This Privacy Policy explains what data we collect, how it is used, and your rights regarding that data.
Roadmap Talent LLC is the data controller under the EU General Data Protection Regulation (GDPR) for the personal data described below.
At a Glance
- Your diary entries, vocabulary, and recordings stay on your device. We do not maintain a server-side database of your content.
- When you use AI-powered features, your text or audio is sent to our server and processed by third-party AI providers (OpenAI, ElevenLabs).
- We collect anonymous product-analytics events (e.g., "entry written," "paywall viewed") via PostHog to understand how the App is used and to improve it.
- Our website (shadowdaily.com) uses Google Analytics, loaded via Google Tag Manager, for aggregate traffic measurement. It runs only if you accept analytics cookies in our consent banner, and is separate from the App.
- We use RevenueCat to manage subscriptions and store-purchase entitlements.
- We do not sell your personal information. We do not run third-party advertising SDKs inside the App. We may, separately, run marketing campaigns to promote the App on external platforms (see Section 5).
1. Data We Collect
1.1 Diary Entries and Text
When you write a diary entry, the App stores the following locally on your device:
- Your original German text
- The AI-corrected version of your text
- English translations
- Grammar corrections and suggestions
- Vocabulary extracted from your entries
This data is stored locally on your device. It is not uploaded to our server for permanent storage.
1.2 Voice Recordings
When you use the speech-to-text feature, the App records your voice using your device's microphone. These recordings are:
- Created temporarily on your device
- Sent to our server, which forwards them to OpenAI Whisper for transcription
- Deleted from your device after a successful transcription, or after you discard a failed-and-retained recording
We do not permanently store your voice recordings on our server. Voice data is sensitive personal information under California law and is treated accordingly (see Section 8).
1.3 Conversation Messages
During conversational practice exercises, messages you type or dictate are sent to our server for AI processing. These messages exist only for the duration of the conversation session and are not stored in any server-side database.
1.4 Subscription Data (via RevenueCat)
To manage your in-app subscription, we use RevenueCat, a third-party subscription infrastructure provider. RevenueCat receives:
- An anonymous user identifier generated by their SDK (e.g.,
$RCAnonymousID:…) — not linked to your name, email, or Apple ID - Your App Store transaction receipt (provided by Apple) when you purchase or restore a subscription
- Subscription status (active, expired, in trial, etc.) and product identifier
- The device platform (iOS) and the App build number making the request
RevenueCat processes this data on our behalf as a data processor under GDPR. See RevenueCat's Privacy Policy at revenuecat.com/privacy.
1.5 Analytics Data (via PostHog)
We use PostHog, a product-analytics platform, to understand how the App is used and improve it. PostHog receives:
- An anonymous distinct identifier (typically the same RevenueCat anonymous ID) — not linked to your name, email, or Apple ID
- App lifecycle events automatically captured by the PostHog SDK: app installed, opened, backgrounded, became active
- Custom product events we trigger: e.g., onboarding started, entry written, paywall viewed, conversation completed, exception captured
- Event metadata: timestamp, app version, build number, platform (iOS), session identifier
- Device characteristics: device type, OS version, screen dimensions
- Approximate location derived from your IP address (country, region, city, latitude/longitude, timezone) — derived server-side by PostHog and not precise location data from your device's GPS
- Your device's timezone setting (e.g.,
Europe/Berlin), used to distinguish real user locations from VPN/relay traffic - Subscription state (whether you are a paying subscriber, a trial user, or unsubscribed), so we can analyze conversion rates without combining this with personal identifiers
PostHog processes this data on our behalf as a data processor under GDPR. PostHog Inc. is based in the United States and hosts data on US-based infrastructure. See PostHog's Privacy Policy at posthog.com/privacy.
We do not use PostHog's session-replay feature.
1.6 App Preferences
The App stores your preferences locally on your device, including:
- Text-to-speech speed and voice settings
- Notification and reminder preferences
- Display mode (light/dark)
- Writing streak history (dates only)
This data never leaves your device.
1.7 Server Logs
When the App contacts our server (hosted on Fly.io) for AI-powered features, standard web server logs are generated. These include:
- IP address
- Timestamp
- Request path (e.g.,
/api/correct,/api/transcribe) - User agent
Logs are retained for up to 30 days for security, debugging, and abuse prevention purposes.
1.8 Email Address (Website Only)
If you sign up for updates on our website (shadowdaily.com), we collect your email address through Loops, our email marketing provider. This email is:
- Used solely to send you product updates, such as notifying you when ShadowDaily becomes available on Android
- Stored on Loops' servers in the United States
- Tagged with the signup source (our website) so we can manage our mailing list — never shared with third parties for advertising
- Never used to identify you within the App
You can unsubscribe at any time using the unsubscribe link in any email we send, or by contacting us at hello@roadmaptalent.com. Upon request, we will delete your email from our records. Loops processes this data as our data processor; see Loops' Privacy Policy at loops.so/privacy.
1.9 Website Analytics and Cookies (Website Only)
Our website (shadowdaily.com) uses Google Analytics 4, loaded through Google Tag Manager, to measure website traffic and understand how visitors find and use the site so we can improve it. This applies to the website only and is entirely separate from the App — the App does not use Google Analytics or Google Tag Manager.
When enabled, Google Analytics may collect:
- A randomly generated identifier stored in cookies in your browser
- Pages you view, links and buttons you interact with, and the website that referred you
- Approximate location (country, region, city) derived from your IP address — Google Analytics does not log or store your full IP address
- Device and browser type, screen size, and language
This data is processed by Google (Google LLC, and Google Ireland Limited for visitors in the EEA, UK, and Switzerland) as our data processor. We use it for aggregate traffic measurement only; we do not use it for cross-site behavioral advertising. See Google's Privacy Policy at policies.google.com/privacy.
Cookie consent. We use a consent banner provided by Cookie Script to ask for your permission before any non-essential cookies — including Google Analytics — are placed on your device. If you decline, no analytics cookies are set and Google Analytics does not collect identifiable information about your visit. You can change or withdraw your choice at any time using the cookie-settings link in the banner. Cookie Script also records your consent choice so we can demonstrate that consent was obtained. Essential cookies needed for the website and the consent banner to function are always active.
1.10 Data We Do Not Collect
- We do not require you to create an account or provide your name or email to use the App
- We do not use third-party advertising SDKs inside the App
- We do not collect your device's advertising identifier (IDFA)
- We do not collect precise GPS location
- We do not access your contacts, photos, or other personal files
- We do not sell your personal information
2. How We Use Your Data
We use your data exclusively to provide and improve the App's language learning features:
| Feature | Data Used | Purpose |
|---|---|---|
| Grammar correction | Diary entry text | Correct grammar, suggest improvements, translate to English |
| Speech-to-text | Voice recordings | Convert spoken German into written text |
| Text-to-speech | German/English text | Generate spoken audio for shadowing exercises |
| Conversation practice | Chat messages | Provide AI conversation partner for German practice |
| Content moderation | Text and audio input | Ensure content meets community guidelines |
| Subscription management | Apple receipt, anonymous ID | Verify active subscription, restore purchases |
| Product analytics | Anonymous events and metadata | Understand usage patterns, fix bugs, improve features |
3. Third-Party AI Services
To provide AI-powered features, the App sends your text and voice data to third-party AI service providers. By using these features, you consent to this processing.
3.1 OpenAI
We use OpenAI's API services for:
- GPT-4o — Grammar correction, translation, conversational AI, and content moderation
- Whisper — Speech-to-text transcription of your voice recordings
Data sent to OpenAI is processed under OpenAI's API Data Usage Policy. OpenAI does not use API data to train their models. OpenAI may retain API data for up to 30 days for abuse monitoring, after which it is deleted.
3.2 ElevenLabs
Text is sent to ElevenLabs for text-to-speech synthesis. ElevenLabs processes data according to their Privacy Policy at elevenlabs.io/privacy.
3.3 Our Server
Your data passes through our server (hosted on Fly.io, with infrastructure in the United States) as an intermediary between the App and the AI services above. Our server:
- Does not maintain a database of user content
- Processes requests in memory and forwards them to the appropriate AI service
- Applies content moderation before forwarding data to AI providers
- Generates the standard web server logs described in Section 1.7
4. How We Protect Your Data
- All data transmitted between the App, our server, and third-party services uses HTTPS encryption in transit
- On-device data is protected by your device's built-in security (passcode, biometrics, and iOS data protection)
- Our server does not store user content in any database
- Content moderation filters are applied before data reaches third-party AI services
- We restrict access to administrative systems (Fly.io, PostHog, RevenueCat) to authorized personnel
5. Advertising and Marketing
5.1 No Ads Inside the App
We do not display advertising inside the App. The App contains no third-party advertising SDKs (Google AdMob, Meta Audience Network, etc.) and we do not share your data with advertising networks for behavioral advertising.
5.2 Marketing Campaigns We Run
We may run paid marketing campaigns to promote the App on platforms such as Apple Search Ads, Meta, Google, TikTok, or similar. These campaigns are run on those platforms' own infrastructure, not inside the App. We do not transmit your in-app data to those platforms for retargeting.
If we begin using conversion attribution (e.g., reporting in-app installs or purchases back to advertising platforms to measure campaign effectiveness), we will:
- Use privacy-preserving frameworks where available (Apple's SKAdNetwork, Apple Ads Attribution API)
- Update this Privacy Policy to disclose any additional data flows
- Where required, obtain your consent before tracking and request permission through Apple's App Tracking Transparency (ATT) prompt
Within the App, we do not run cross-app behavioral tracking. Our website (shadowdaily.com) uses Google Analytics for aggregate traffic measurement, loaded only after you consent through our cookie banner (see Section 1.9); we do not use it for cross-site behavioral advertising.
6. Data Retention
| Data | Location | Retention |
|---|---|---|
| Diary entries, corrections, vocabulary | Your device | Until you delete them or reset the App |
| Voice recordings | Your device (temporary) | Deleted after successful transcription or user-initiated discard |
| App settings, streaks | Your device | Until you delete them or reset the App |
| Data sent to OpenAI | OpenAI servers (US) | Up to 30 days, per OpenAI policy |
| Data sent to ElevenLabs | ElevenLabs servers (US) | Per ElevenLabs policy |
| RevenueCat subscription data | RevenueCat servers (US) | For the lifetime of your subscription, plus retention required by Apple for receipt validation |
| PostHog analytics events | PostHog servers (US) | Up to 7 years by default; we may shorten this in our PostHog configuration |
| Server access logs | Fly.io (US) | Up to 30 days |
| Email (website signup only) | Loops (US) | Until you unsubscribe or request deletion |
| Website analytics (Google Analytics) | Google servers (US / EU) | Up to 14 months for user-level data, per our Google Analytics settings |
| Cookie-consent record | Your browser and Cookie Script (EU) | Up to 12 months, after which your consent is requested again |
7. Your Rights and Controls
7.1 Managing Your Data Inside the App
Within the App, you can:
- Delete individual entries — Remove any diary entry and its associated corrections and vocabulary
- Export all data — Download a complete copy of your on-device data as a JSON file via Settings
- Import data — Restore previously exported data
- Reset all data — Delete all entries, streaks, vocabulary, and settings via Settings
- Disable notifications — Turn off all reminders in Settings
7.2 Voice and AI Consent
Use of the microphone and AI-powered features is voluntary. You can write diary entries manually without using speech-to-text. The App requests your permission before accessing the microphone, and you can revoke this permission at any time in your device's Settings.
7.3 Analytics Opt-Out
You can opt out of PostHog analytics collection directly in the App by going to Settings → Send anonymous analytics and turning the toggle off. The change takes effect immediately. You can also opt out by contacting us at hello@roadmaptalent.com (or via our contact form).
7.4 Rights Under GDPR (European Economic Area, UK, Switzerland)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access — You can export your in-App data using the built-in export feature. To request a copy of analytics data tied to your anonymous identifier, contact us at hello@roadmaptalent.com.
- Right to Erasure ("Right to Be Forgotten") — You can delete your data using the App's built-in delete and reset features. To request deletion of your data from RevenueCat, PostHog, or server logs, contact us at hello@roadmaptalent.com.
- Right to Data Portability — The App's export feature provides your data in a machine-readable JSON format.
- Right to Restrict Processing — You can stop using AI-powered features at any time; the App continues to function for local diary writing.
- Right to Object — You can object to our processing of your data for analytics purposes (see Section 7.3).
- Right to Withdraw Consent — You can revoke microphone access via device Settings and stop using AI features at any time.
- Right to Lodge a Complaint — If you believe we have violated your rights under GDPR, you may lodge a complaint with your local data protection authority.
Legal Basis for Processing (GDPR Article 6):
- Consent (Article 6(1)(a)) — For AI-powered features (you opt in by choosing to use them), in-App analytics collection, and website analytics cookies (you opt in through our cookie banner).
- Performance of a Contract (Article 6(1)(b)) — For subscription management via RevenueCat.
- Legitimate Interests (Article 6(1)(f)) — For security logging and abuse prevention. We have weighed these interests against your privacy interests and concluded that they do not override your fundamental rights.
International Data Transfers: When you use AI-powered features, analytics, or subscriptions, your data is transferred to servers located in the United States. These transfers rely on your explicit consent under GDPR Article 49(1)(a) and, where applicable, on Standard Contractual Clauses with our processors.
7.5 Rights Under California Privacy Law (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"):
- Right to Know — Request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties we share with.
- Right to Delete — Request deletion of personal information we hold, subject to legal exceptions.
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing — We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information — Voice recordings qualify as sensitive personal information. We use them only to transcribe your speech and do not retain them beyond what is described in Section 6.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.
Categories of Personal Information Collected (CCPA disclosure) — In the past 12 months, we may have collected the following categories of personal information:
| CCPA Category | Examples | Source |
|---|---|---|
| Identifiers | Anonymous RevenueCat / PostHog IDs, Google Analytics client ID, IP address | App SDKs, web request |
| Internet activity | App events, build version, screen dimensions; website page views and interactions | PostHog SDK, Google Analytics (website) |
| Geolocation (approximate) | City/region/country from IP | PostHog server-side enrichment |
| Audio (sensitive) | Voice recordings (transient) | App microphone |
| Commercial information | Subscription status, transaction receipts | RevenueCat / Apple |
To exercise CCPA rights, contact us at hello@roadmaptalent.com or via our contact form.
7.6 Other Jurisdictions
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or any other US state or country with a comprehensive privacy law, you have rights substantially similar to those described above. You may exercise them by contacting us at hello@roadmaptalent.com or via our contact form.
8. Sensitive Personal Information
Voice recordings collected by the App constitute sensitive personal information under the CPRA and may constitute special-category data under GDPR. We:
- Use voice recordings solely to transcribe your speech into text
- Send recordings to OpenAI Whisper for transcription, then discard
- Do not use voice recordings to identify you, build a voiceprint, or train any model
- Do not retain voice recordings on our server beyond the request lifecycle
9. Children's Privacy
The App is not directed at children under 13 (or under 16 in jurisdictions that apply that threshold, including the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hello@roadmaptalent.com so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, provide a notice within the App. Continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us:
Email: hello@roadmaptalent.com
Contact form (alternative): https://forms.gle/4DTkJpWqvrT24BEY6
Publisher / Data Controller: Roadmap Talent LLC