Privacy Policy
Everdaily ("the app", "we", "us") is an independent iOS application that helps Destiny 2 players track Eververse store items and receive push notifications when those items are available for Bright Dust. Your privacy matters to us. This policy explains exactly what data we collect, why, and how it is protected.
1. What data we collect
We collect only the minimum data required to provide the app's functionality:
- Bungie Membership ID — your unique Bungie.net account identifier, obtained via OAuth during sign-in. This is used to fetch your Destiny 2 inventory and store data from the Bungie API.
- OAuth Tokens — short-lived access and refresh tokens issued by Bungie.net after you authenticate. These allow the app to check the Eververse store on your behalf. They are encrypted at rest using AES-256-GCM.
- Push Notification Token — an Apple Push Notification Service (APNs) device token used solely to deliver store alerts to your device.
- Tracked Item Hashes — the list of Eververse item IDs you choose to track inside the app. These are anonymous numeric identifiers from the Destiny 2 manifest; they contain no personal information.
2. What we do NOT collect
- Your name, email address, or any contact information
- Your Bungie username or display name
- Your Destiny 2 gameplay data, character stats, or purchase history
- Device identifiers beyond the APNs push token
- Location data of any kind
- Analytics, advertising identifiers, or tracking data
3. How data is used
Your data is used exclusively to operate the app:
- OAuth tokens are used once daily to query the Bungie API and check the current Eververse store inventory.
- Your tracked item list is compared against the store inventory to determine whether a notification should be sent.
- Your push token is used only to send you that notification.
We do not use your data for advertising, analytics, profiling, or any purpose beyond what is described above.
4. How data is stored and protected
- All data is stored in a private PostgreSQL database hosted on a cloud VPS (DigitalOcean). The database is not publicly accessible.
- Bungie OAuth tokens are encrypted at rest using AES-256-GCM before being written to the database.
- All communication between the app and our servers uses HTTPS (TLS).
- Session cookies are marked
HttpOnlyandSecure.
5. Data sharing
We do not sell, rent, trade, or share your data with any third parties, period. The only external service your data touches is the Bungie API (bungie.net), which is required to authenticate you and fetch store data. Bungie's own privacy policy governs that interaction.
6. Data retention
Your data is retained for as long as you have an active account in the app. If you delete your account (via Settings → Account → Data & Privacy → Delete Account), all of your data — including your Bungie Membership ID, OAuth tokens, push token, and tracked item list — is permanently and immediately deleted from our database.
7. Your rights
You have the right to:
- Access your data — use the "Export Tracking Data" option in Settings → Data & Privacy.
- Delete your data — use the "Delete Account" option in Settings → Data & Privacy.
- Portability — exported data is provided in standard JSON format.
8. Children's privacy
Everdaily is not directed at children under 13. We do not knowingly collect data from anyone under 13 years of age.
9. Changes to this policy
If we make material changes to this policy, we will update the "Last updated" date at the top. Continued use of the app after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions or concerns about this privacy policy or your data, please open an issue on the project's GitHub repository or contact via iamogre.com.