Your Data, Protected

Envelope Encryption

Every piece of personal data — names, email addresses, phone numbers — is encrypted individually before it's stored. Each record gets its own unique key (called a DEK), and that key is itself encrypted by a root key (called a KEK).

This means even if someone gained access to our database, they'd see only encrypted blobs. To read anything, they'd need the root key — which lives in a hardware security module, not in our code or database.

Blind Indexing

When you add a guardian's phone number, we need to check for duplicates — but we don't want to store the number in plain text. Instead, we create a one-way cryptographic fingerprint (an HMAC) of the number. This lets us look up matches without ever exposing the original value.

The result: we can verify whether a phone number already exists in our system without anyone — including us — being able to read the stored numbers.

Minimal Data

We only collect what's strictly necessary to make DayTap work: your name, your contacts' details, and your check-in times. That's it.

Old check-in records are automatically deleted on a rolling basis. We don't track your location, we don't use analytics SDKs, and there are no third-party trackers on this site or in the app. If you delete your account, everything is permanently removed.

No Passwords

DayTap uses Sign in with Apple and Google Sign-In — industry-standard authentication that never shares a password with us. Your identity is verified through cryptographic tokens issued by Apple or Google, so there's no password to leak or steal.