Privacy Policy

Your writing is yours.

What we collect, how we use it, and what we will never do.

Daara is built on the belief that the most personal writing a person does — about becoming a parent, about loss, about the things they haven't said out loud — deserves to be treated with exceptional care. This policy says plainly what that means in practice.

Last updated: April 2026

Plain language summary

  • We collect only what we need to make Daara work.
  • Your reflections and letters are stored in a secured database. They are not read by Daara staff.
  • We do not sell your data. We do not advertise. We do not share your personal information with third parties for commercial purposes.
  • Optional quality improvement data is de-identified before any use.
  • You can delete your account and all your data at any time.

1. Who we are

Daara is a wellness and educational companion for the perinatal journey, founded by a physician with training in family medicine, preventive medicine, and lactation medicine. Daara is not a covered entity under HIPAA. It is not a clinical tool, does not provide medical advice, and does not create a provider-patient relationship. The information you share with Daara is not protected health information (PHI) as defined by HIPAA — it is personal wellness information that you choose to record for yourself.

We are reachable at hello@daara.org for any privacy-related questions or requests.

2. What we collect and why

Account information

When you create an account, we collect your email address and a hashed password (we never store your password in plain text). Your email is used only for account verification, password resets, and — if you opt in — milestone notification emails.

Profile information

During onboarding you may provide a nickname, pronouns, role, journey status, due date or birth date, and baby information. All of this is optional except your email address. This information is used to personalise your experience — to surface the right milestone reflections and address you correctly throughout the app. It is not shared with third parties.

Reflections and letters

The text you write in milestone reflections, free journal entries, and letters is stored in a secured database (Supabase, hosted on AWS). This content is protected by Row Level Security — meaning the database is configured so that only your own account can read your own entries. No other user, and no automated system, reads your reflections.

Daara staff do not access individual reflection or letter content as a matter of policy. The only circumstances under which we would access content are: responding to a direct request from you for technical support, or complying with a lawful court order. We will notify you of any such order to the extent permitted by law.

Optional quality improvement data

On the Contribute page, you may voluntarily share demographic information — state, race/ethnicity, area type, distance to care, and provider type. This is entirely optional and explicitly consented to. It is stored separately from your account data and used only in aggregate, de-identified form to understand who Daara serves and improve content and access over time. It will never be linked back to your name, email, or written content.

Usage data

We do not use third-party analytics tracking (no Google Analytics, no Meta Pixel). Fly.io, our hosting provider, maintains standard server access logs (IP address, page requested, timestamp) for security purposes. These logs are not used for marketing or profiling and are retained for 30 days.

3. How we store and protect your data

Your data is stored in Supabase, a managed database platform hosted on AWS infrastructure in the United States. Supabase encrypts all data at rest using AES-256 and in transit using TLS 1.2 or higher.

Row Level Security (RLS) policies are applied to all tables containing personal data. This means that even if someone obtained the database credentials, they could not read your data without also being authenticated as your specific account.

We are working toward client-side encryption for reflection and letter content — meaning that in a future version, your text will be encrypted in your browser before it ever reaches our servers, making it unreadable even to us at a technical level. We will update this policy when that feature is available.

4. What we will never do

Sell your personal data to any third party, for any purpose.

Use your reflections or letters to train AI models.

Display advertising of any kind within Daara.

Share your personal information with healthcare providers, insurers, or employers.

Use your data to make inferences about you for commercial purposes.

Send you marketing emails. Milestone notification emails are sent only if you opt in and contain no advertising.

5. Email communications

We send the following email types:

  • Account verification — sent once when you create your account. Required.
  • Password reset — sent only when you request it. Required.
  • Milestone notifications — a warm email when a new reflection milestone is available for your current gestational or postpartum week. Sent only if you opt in during onboarding or in settings. You can opt out at any time.
  • Reflection and letter delivery — emails containing your own written content, sent only when you explicitly request them from within the app.

We do not send newsletters, promotional emails, or any other unsolicited communication.

6. Third-party services

Daara uses the following third-party services to operate:

Supabase
Database and authentication. Stores your account, profile, reflections, and letters. Privacy policy →
Fly.io
Hosting and content delivery. Serves the Daara web application. Maintains standard access logs. Privacy policy →
Resend / Google Fonts
Transactional email delivery (when configured) and web font delivery. Google Fonts requests do not include personally identifiable information.

We do not use analytics services, advertising networks, or social media tracking pixels.

7. Your rights and choices

You have the following rights regarding your data:

  • Access. You can view all your reflections and letters in the Entries page at any time.
  • Download. Every reflection and letter can be downloaded as a plain text file directly from the app.
  • Correction. You can update your profile information at any time in Settings.
  • Deletion. You can delete your account in Settings → Delete my account. This permanently and irreversibly deletes your account and all associated reflections, letters, and profile data. We do not retain deleted content.
  • Opt-out. You can opt out of milestone notification emails at any time in Settings → Email preferences.
  • Data portability. Your content can be downloaded as text files from within the app. If you need a full export of your data in machine-readable format, contact us at hello@daara.org.

If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or CCPA respectively. Please contact us at hello@daara.org to exercise any of these rights.

8. Children

Daara is designed for adults who are navigating the perinatal journey. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has created an account, please contact us at hello@daara.org and we will delete the account promptly.

9. Changes to this policy

If we make material changes to this policy, we will notify registered users by email at least 14 days before the changes take effect. The date at the top of this page reflects the most recent update. Continued use of Daara after the effective date constitutes acceptance of the updated policy.

We will never change this policy in a way that reduces your privacy protections without explicit opt-in consent.

10. Contact

For any privacy questions, data requests, or concerns, please contact us at:

Daara

hello@daara.org

www.daara.org

We aim to respond to all privacy-related enquiries within 5 business days.

← Back to Daara