California Privacy Rights (CCPA/CPRA)

Legal

California Privacy Rights (CCPA/CPRA)

Last updated: April 8, 2026 | Version 1.0 — GMX Quantum LLC

FOR CALIFORNIA RESIDENTS: This document outlines your privacy rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights are legally enforceable and non-negotiable.

1. Introduction and Scope

GMX Quantum LLC ("Company," "Business," "We," "Us," or "Our") is committed to protecting the privacy rights of California residents. This California Privacy Notice explains:

Your rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA);
What personal information we collect, use, and disclose;
How we process, store, and protect your personal information;
How to exercise your CCPA/CPRA rights.

This document supplements our Privacy Policy, Terms of Service, and Account & Data Deletion Policy.

This notice applies ONLY to California residents. If you are not a California resident, see our general Privacy Policy or GDPR & EU AI Act Compliance page (for EEA/UK/Switzerland users).

2. Personal Information We Collect

Under the CCPA, "personal information" means information that identifies, relates to, describes, or could reasonably be linked to a particular California consumer or household.

We collect the following categories of personal information:

2.1 Identifiers

What we collect: Name, email address, unique account identifiers, device identifiers, IP address.

Purpose: Account creation, authentication, subscription management, customer support.

Sources: Directly from you when you create an account or contact support.

2.2 Commercial Information

What we collect: Subscription purchase history, payment transaction records, subscription tier (Free or Elite).

Purpose: Billing, payment processing, subscription management, tax compliance.

Sources: Directly from you and from third-party payment processors (Apple App Store, Google Play Store, RevenueCat).

2.3 Internet or Network Activity Information

What we collect: App usage data, session duration, feature usage logs, error logs, crash reports.

Purpose: App performance monitoring, error detection, security monitoring, product improvement.

Sources: Automatically collected when you use the diAry app.

2.4 Geolocation Data

What we collect: Approximate location (city/region level) based on IP address. We do NOT collect precise GPS coordinates.

Purpose: Security monitoring, fraud prevention, compliance with regional laws.

Sources: Automatically collected from your device's network connection.

2.5 Sensitive Personal Information

Under the CPRA, "sensitive personal information" includes information that reveals:

Social Security number, driver's license, passport number;
Account credentials (username and password);
Precise geolocation;
Racial or ethnic origin, religious beliefs, union membership;
Contents of mail, email, and text messages (unless we are the intended recipient);
Genetic data, biometric data for unique identification;
Personal information collected about a known child under 13.

What we collect: We collect account credentials (hashed passwords) for authentication purposes. We do NOT collect or store your password in plaintext.

Journal entries may contain sensitive information you choose to write. We do not actively collect or analyze sensitive personal information from your journal entries. Your journal content is YOUR data, and we do not use it for marketing, profiling, or training AI models.

What we do NOT collect: We do NOT collect Social Security numbers, driver's license numbers, precise geolocation, racial/ethnic data, religious beliefs, genetic data, biometric identifiers (fingerprints, facial scans), or personal information about children under 13.

3. How We Use Your Personal Information

We use your personal information for the following business and commercial purposes:

Service Provision: To provide, maintain, and improve the diAry app;
Account Management: To create and manage your account, authenticate logins, and process subscriptions;
Customer Support: To respond to support inquiries, troubleshoot issues, and provide assistance;
Security and Fraud Prevention: To detect, prevent, and investigate security incidents, fraud, and abuse;
Legal Compliance: To comply with tax, accounting, and legal obligations;
Product Improvement: To analyze app usage (anonymized) and improve features, performance, and user experience;
Communications: To send transactional emails (e.g., password resets, subscription confirmations) and optional marketing emails (with your consent).

WE DO NOT:

Sell your personal information to third parties;
Share your personal information for cross-context behavioral advertising (targeted ads);
Use your journal entries to train AI models or for any purpose other than providing transcription/companion features to you;
Profile you for automated decision-making that produces legal or similarly significant effects.

4. Disclosure of Personal Information

We disclose your personal information to the following categories of third parties:

4.1 Service Providers

We disclose personal information to service providers who perform services on our behalf under written contracts:

Payment Processors: Apple (App Store), Google (Play Store), RevenueCat (subscription management);
Cloud Infrastructure: Amazon Web Services (AWS), Google Cloud Platform, or similar providers for data hosting and storage;
AI Processing: OpenAI or Anthropic for AI transcription and companion features (under strict data processing agreements);
Analytics: Google Analytics or similar tools for anonymized app usage analytics.

Service providers are contractually prohibited from using your personal information for any purpose other than providing services to us.

4.2 Legal and Regulatory Authorities

We may disclose personal information to government agencies, law enforcement, or regulatory authorities when:

Required by law, court order, or legal process;
Necessary to investigate fraud, security incidents, or violations of our Terms of Service;
Necessary to protect the rights, safety, or property of GMX Quantum LLC, our users, or the public.

4.3 Business Transfers

If GMX Quantum LLC is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email or in-app notification before your personal information is transferred and becomes subject to a different privacy policy.

5. Your California Privacy Rights (CCPA/CPRA)

As a California resident, you have the following legally enforceable rights:

5.1 Right to Know (CCPA § 1798.100)

You have the right to request disclosure of:

The categories of personal information we collected about you;
The categories of sources from which we collected your personal information;
The business or commercial purposes for collecting or selling your personal information;
The categories of third parties with whom we share your personal information;
The specific pieces of personal information we collected about you (data portability).

How to request: Email [email protected] with subject line "CCPA REQUEST – RIGHT TO KNOW". We will respond within forty-five (45) days (or notify you if we need an additional 45 days).

5.2 Right to Delete (CCPA § 1798.105)

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, transaction records).

See our Account & Data Deletion Policy for complete details on:

How to delete your account (in-app or via email);
What data is deleted and when;
Legal exceptions to deletion (e.g., payment records retained for 7 years for tax compliance).

How to request deletion: Email [email protected] with subject line "CCPA REQUEST – RIGHT TO DELETE". We will confirm deletion within forty-five (45) days.

5.3 Right to Correct (CPRA § 1798.106)

You have the right to request correction of inaccurate personal information. You can update your account information directly in the app under Settings → Account, or email [email protected] with subject line "CCPA REQUEST – RIGHT TO CORRECT".

5.4 Right to Opt-Out of Sale or Sharing (CCPA § 1798.120)

IMPORTANT: WE DO NOT SELL YOUR PERSONAL INFORMATION TO THIRD PARTIES.

Under the CCPA, "sale" includes disclosing personal information to third parties for monetary or other valuable consideration. We do not engage in such practices.

WE DO NOT SHARE YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING.

Under the CPRA, "sharing" includes disclosing personal information to third parties for cross-context behavioral advertising (targeted ads). We do not engage in such practices.

If this changes in the future, we will:

Update this notice and notify you;
Provide a "Do Not Sell or Share My Personal Information" link in the app and on our website;
Honor opt-out requests within 15 business days.

5.5 Right to Limit Use of Sensitive Personal Information (CPRA § 1798.121)

We only collect and use sensitive personal information (hashed passwords) for purposes necessary to provide the diAry service.

We do NOT use sensitive personal information for:

Inferring characteristics about you;
Targeted advertising;
Profiling or automated decision-making.

You do not need to opt out of sensitive data use because we do not use it for these purposes.

5.6 Right to Non-Discrimination (CCPA § 1798.125)

WE WILL NOT DISCRIMINATE AGAINST YOU FOR EXERCISING YOUR CCPA/CPRA RIGHTS.

We will not:

Deny you goods or services;
Charge you different prices or rates;
Provide you a different level or quality of service;
Suggest that you will receive a different price or quality of service.

However, we may offer financial incentives (e.g., discounts, promotions) in exchange for collecting or retaining certain personal information, provided such incentives are reasonably related to the value of your data. Any such programs will be clearly disclosed with opt-in consent.

6. How to Exercise Your CCPA/CPRA Rights

To exercise any of your California privacy rights:

Email [email protected];
Use a clear subject line (e.g., "CCPA REQUEST – RIGHT TO KNOW");
Include: Your full name, email address associated with your account, California residency confirmation, and a description of your request;
We will verify your identity by confirming your account email or asking for additional verification if necessary;
We will respond within forty-five (45) days (or notify you if we need an additional 45 days).

Authorized Agents: You may designate an authorized agent to make a CCPA/CPRA request on your behalf. The authorized agent must provide:

Written authorization signed by you;
Proof of the agent's identity;
We may still require you to verify your identity directly.

There is no fee for exercising your CCPA/CPRA rights. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations:

Account and journal data: Deleted within 48 hours of account deletion;
Backup copies: Deleted within 30 days of account deletion;
Payment transaction records: Retained for 7 years (California tax and accounting compliance);
Customer support emails: Retained for 3 years;
Anonymized analytics: Retained indefinitely (cannot be linked to you).

For complete details, see our Account & Data Deletion Policy.

8. California "Shine the Light" Law (Civil Code § 1798.83)

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

WE DO NOT DISCLOSE YOUR PERSONAL INFORMATION TO THIRD PARTIES FOR THEIR DIRECT MARKETING PURPOSES.

If this changes in the future, you may request a "Shine the Light" disclosure by emailing [email protected] with subject line "CALIFORNIA SHINE THE LIGHT REQUEST".

9. California Online Privacy Protection Act (CalOPPA)

CalOPPA requires commercial websites and online services to post a privacy policy. Our Privacy Policy complies with CalOPPA and discloses:

The categories of personal information we collect;
How we use and share personal information;
Your rights and choices regarding your personal information;
How we respond to "Do Not Track" (DNT) signals.

9.1 Do Not Track (DNT) Signals

We do not currently respond to "Do Not Track" (DNT) browser signals.

The diAry app does not track users across third-party websites or apps. We only collect usage data within the diAry app itself for performance monitoring and product improvement.

If you wish to disable app usage analytics, you can do so in Settings → Privacy → Disable Analytics.

10. Children's Privacy (COPPA and California Minors)

diAry is NOT intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information immediately.

California Minors (Under 18): If you are a California resident under 18 and have an account, you may request removal of content you posted to the Service by emailing [email protected] with subject line "CALIFORNIA MINOR – CONTENT REMOVAL REQUEST". Note that removal does not ensure complete deletion if the content was shared with others or reposted.

11. International Data Transfers

Your personal information may be stored and processed in the United States or other countries where our service providers operate. By using diAry, you consent to the transfer of your personal information to the United States and other countries, which may have different data protection laws than California.

We implement safeguards (e.g., encryption, Standard Contractual Clauses) to protect your personal information during international transfers.

12. Updates to This Notice

We may update this California Privacy Notice to reflect:

Changes in CCPA/CPRA regulations;
Changes in our data processing practices;
New features or services that affect personal information processing.

We will notify you of material changes via:

Email notification to your registered account email;
In-app notification when you next open diAry;
Updated "Last Updated" date at the top of this document.

Continued use of diAry after such changes constitutes acceptance of the updated notice.

13. Contact Information

For CCPA/CPRA-related inquiries or to exercise your California privacy rights, contact:

GMX Quantum LLC
Privacy Officer
Email: [email protected]
Subject Line: "CCPA REQUEST" or "CALIFORNIA PRIVACY INQUIRY"
Registered Address: Wilmington, Delaware, United States

Response Time: We will respond to CCPA/CPRA requests within forty-five (45) days. If we need more time, we will notify you and explain the reason for the delay.

Effective Date: April 8, 2026 | Version: 1.0

This notice is legally binding and enforceable under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). By using diAry, you acknowledge that you have read, understood, and agreed to the terms outlined in this notice.