Privacy Policy
Last updated: January 2026
Overview
At Denly, we believe privacy is a fundamental right. This policy explains how we collect, use, and protect your personal information. We follow a strict data minimization philosophy - we only collect what's absolutely necessary to provide our service.
- Marketing cookies only with your consent
- No third-party analytics
- No data selling, ever
- Your data stays yours
Data Controller
The data controller responsible for your personal data is
BanioBits
Switzerland
privacy@baniobits.dev
For any privacy-related questions or requests, please contact us at the email above.
Data Location & Security
Your data is stored on servers located in Germany (European Union), operated by our hosting provider. All data is encrypted at rest and in transit using industry-standard encryption (TLS 1.3, AES-256).
- Hosted in Germany (EU)
- Encrypted at rest and in transit
- Regular security updates
- No data stored outside EU infrastructure
Support Access
In rare cases, authorized Denly administrators may temporarily and strictly limited in time access user accounts solely for troubleshooting and support purposes, for example when a user reports an issue or requests assistance.
- All access is restricted, logged, and auditable within our internal security systems
- Administrators are bound by confidentiality obligations
- No changes are made without a legitimate support reason
Legal Basis for Processing
We process your personal data based on the following legal grounds
Contract Performance
Processing necessary to provide the Denly service you signed up for (Article 6(1)(b) GDPR). This includes limited administrative access to user accounts when required to provide technical support.
Legitimate Interest
Error tracking and service stability monitoring via Sentry (Article 6(1)(f) GDPR)
Consent
For optional features that require additional data processing, we ask for your explicit consent before proceeding
Data We Collect
Account Data
- Email address (for login and communication)
- Name (for personalization)
- Hashed password (we never store plain-text passwords)
- Timezone and currency preferences
User-Generated Content
- Tasks, notes, and projects you create
- Daily planning entries and time blocks
- Health logs (if you choose to use this feature)
- Client and financial records (if you use Pro features)
Technical Data
- Error logs and crash reports (via Sentry)
- Device type and browser version (for debugging only)
- Session data (for keeping you logged in)
What We Don't Collect
- Location data
- Browsing history outside Denly
- Contact lists or social connections
- Biometric data
Third-Party Services (Subprocessors)
We use a minimal set of trusted services to operate Denly. Each has been carefully selected for their privacy practices.
| Service | Purpose | Data | Location |
|---|---|---|---|
| Stripe | Payment processing | Payment details, email, billing address | USA (EU-US Data Privacy Framework) |
| Sentry | Error tracking and monitoring | Technical errors, device info, anonymized user context | USA (Standard Contractual Clauses) |
| Hosting Provider | Infrastructure and servers | All application data (encrypted) | Germany (EU) |
| Advertising measurement | Page visits, conversion events (with consent only) | USA (Standard Contractual Clauses) |
Privacy-First Tracking
We are fundamentally opposed to surveillance capitalism. Denly does not use
- Third-party analytics (no Google Analytics, no Mixpanel)
- Third-party advertising networks for profiling or cross-site tracking
- Social media trackers
- Fingerprinting techniques
We use Reddit Pixel for marketing purposes, but only with your explicit consent. You can manage your cookie preferences at any time via the Cookie Settings link in our footer.
We use essential session cookies to keep you logged in (strictly necessary). Marketing cookies are only set after you consent.
Data Retention
We keep your data only as long as necessary
Your Rights
Under GDPR and Swiss DSG, you have the following rights
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct any inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Data Portability
Export your data in a machine-readable format (JSON/CSV)
Right to Object
Object to processing based on legitimate interests
Right to Lodge a Complaint
File a complaint with your local data protection authority (in Switzerland, the FDPIC)
How to Exercise Your Rights
Contact us at privacy@baniobits.dev or use the data export feature in Settings. We respond to all requests within 30 days.
International Data Transfers
While Denly is operated from Switzerland and your data is stored in Germany (EU), some of our subprocessors are based in the USA. For these transfers, we rely on
- EU-US Data Privacy Framework (for Stripe)
- Standard Contractual Clauses (for Sentry)
These mechanisms ensure your data receives adequate protection even when transferred outside the EU/EEA.
Worldwide Applicability
This privacy policy applies to all Denly users worldwide. Regardless of where you're located, we apply the same high standards of data protection based on GDPR and Swiss DSG principles.
For US Users (CCPA/CPRA)
California residents have additional rights including the right to know what data is collected and the right to opt-out of data sales. Note - We never sell your data.
For UK Users
UK GDPR applies. Our practices comply with UK data protection requirements.
Changes to This Policy
We may update this privacy policy from time to time. For significant changes, we'll notify you via email and in-app notification at least 30 days before the changes take effect.
Contact Us
If you have any questions about this privacy policy or our data practices, please reach out
privacy@baniobits.dev
We aim to respond within 5 business days.