Privacy Policy — dawncast

Introduction

Northlight Digital LLC ("Northlight Digital," "we," "us," or "our") operates the dawncast mobile application (also referred to as "Dawncast" on the Apple App Store and/or Google Play Store), available for download on Apple iOS and/or Android devices, and the website located at dawncast.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

Northlight Digital LLC is the data controller responsible for your personal data under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy legislation.

For purposes of this Privacy Policy, the following definitions apply:

"Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, device identifiers, IP address, and location data.
"Processing" means any operation performed on Personal Data, whether automated or not, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, combination, restriction, erasure, or destruction.
"Service" means the dawncast mobile application (available on iOS and Android) and the dawncast.app website, including all features, content, and functionality offered through them.
"User" (or "you" or "your") means any individual who accesses or uses the Service, whether as a registered account holder or as a visitor.
"Device" means any electronic device used to access the Service, including smartphones, tablets, and computers.

This Privacy Policy is effective as of March 26, 2026. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Privacy Policy.

Information We Collect

We collect information from and about you in several ways, depending on how you interact with the Service. The categories below describe the types of information we may collect.

a. Information You Provide Directly

Account registration: When you create a dawncast account, we collect your name, email address, and a securely hashed version of your password. We never store your password in plain text.
Profile preferences: You may choose to provide information about your news interests (e.g., topics, categories, or specific sources you wish to follow) and your preferred language for briefings.
Location data: If you choose to enable weather features, we collect your city or ZIP/postal code to deliver localized weather information. We do not collect precise GPS coordinates unless you explicitly grant permission.
Feedback and support: When you contact us for support, submit feedback, or participate in surveys, we collect the content of your communications, your email address, and any other information you voluntarily provide.

b. Information from Connected Services

Calendar data: If you connect Google Calendar or Apple Calendar, we access event titles, start and end times, durations, and event locations to include calendar context in your morning briefing. We do not read event descriptions, attendee lists, attachments, private notes, or any data from calendars you have not explicitly selected.
Task data: If you connect a task management service, we access task titles and due dates to surface upcoming deadlines in your briefing. We do not access task descriptions, comments, or subtask details beyond what is needed to display the task name and due date.
Sign-in provider data: If you choose to sign in using Sign in with Apple or Google Sign-In, we receive your name, email address, and a unique identifier from the provider. We do not receive your password from these providers.

c. Information Collected Automatically

Device information: We collect information about your Device, including the operating system, version, device model, unique device identifiers, and mobile network information.
Usage analytics: We collect information about how you interact with the Service, such as which features you use, the time and duration of your sessions, briefing topics viewed, and actions taken within the app.
Crash reports: If the app encounters an error, we automatically collect diagnostic data including stack traces, device state, and operating system version to help us identify and fix bugs.
Push notification interaction: We collect data on whether push notifications are delivered, opened, or dismissed to measure the effectiveness of our notification delivery and improve timing.
IP address: We collect your IP address when you access the Service. This information is used for security purposes, approximate geolocation, and to comply with legal obligations.
Advertising identifier: On iOS, we may collect the Identifier for Advertisers (IDFA) only if you grant permission through Apple’s App Tracking Transparency (ATT) prompt. On Android, we may collect the Google Advertising ID (GAID). You can reset or limit these identifiers at any time through your device settings. We do not use these identifiers for cross-app tracking or targeted advertising.

d. Information from Third Parties

News content APIs: We receive articles, headlines, and summaries from third-party news aggregation services to compile your briefing. This data pertains to publicly available news content and does not contain your Personal Data.
Weather service APIs: We receive weather forecasts and conditions from third-party weather providers based on the location you provide (city or ZIP/postal code).
AI/LLM providers: In order to generate personalized briefing summaries, we send limited data to third-party AI service providers. The specific data sent to these providers is described in detail in the AI Data Processing section below.

How We Use Your Information

We may use the information we collect for the following purposes:

Generating your briefings: We may use your news interest preferences, location data, calendar data, and task data to compile and deliver personalized daily briefings tailored to your needs.
Providing weather information: We may use your city or ZIP/postal code to fetch and display localized weather forecasts within your briefing.
Displaying calendar context: We may use connected calendar event titles, times, and locations to include a schedule overview in your morning briefing.
Improving AI-generated content: We may use aggregated, anonymized usage patterns to refine the quality, relevance, and accuracy of AI-generated briefing summaries. Individual user data is not used to train third-party AI models.
Delivering push notifications: We may use your device token and notification preferences to send morning briefing alerts and, where you have opted in, other relevant notifications.
Analytics and product improvement: We may use usage analytics, device information, and crash reports to understand how the Service is used, diagnose technical issues, and improve features and performance.
Communication: We may use your email address to send you account-related communications, respond to support requests, and, where you have opted in, share product updates or announcements.
Fraud detection and security: We may use IP addresses, device identifiers, and usage patterns to detect, investigate, and prevent unauthorized access, abuse, or other fraudulent activity.
Legal compliance: We may process your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Aggregated analytics: We may generate aggregated, de-identified statistics about Service usage to better understand user trends. Aggregated data cannot be used to identify any individual user.

AI Data Processing

We use artificial intelligence and large language models (LLMs) provided by third-party services to generate the personalized briefing summaries you receive each morning. Our current AI service providers include Anthropic (Claude) for text generation and summarization, and ElevenLabs for audio narration and text-to-speech. For more information about how these providers handle data, please refer to the Anthropic Privacy Policy and the ElevenLabs Privacy Policy. We believe in transparency about what data is and is not shared with these AI providers.

What IS sent to AI providers

Publicly available news article text, headlines, and summaries obtained from news content APIs.
Your selected interest preferences and topic categories (e.g., "Technology," "Finance," "Sports") to tailor the tone, priority, and focus of your briefing.
Your preferred language setting, so briefings can be generated in your chosen language.
General location context (city-level only) for weather narrative generation.

What is NOT sent to AI providers

Your name, email address, or any personal identifiers.
Calendar event details, including titles, times, attendees, or locations.
Task data, including titles or due dates.
Your IP address, device identifiers, or advertising identifiers.
Your password hash or authentication credentials.

Data retention by AI providers

We require our third-party AI service providers to operate under data processing agreements (DPAs) that prohibit them from retaining, storing, or using the data we send for any purpose other than generating the requested output. Our AI providers are contractually prohibited from using dawncast user data to train, fine-tune, or improve their own models.

AI content accuracy

AI-generated briefing content may occasionally contain inaccuracies, errors, or omissions. Briefings provided by dawncast are intended as a convenient summary and should not be relied upon as the sole source of information for important decisions. We encourage you to consult original news sources for critical information. We do not guarantee the accuracy, completeness, or timeliness of AI-generated content.

How We Share Your Information

We do not sell your personal information. We do not knowingly sell Personal Data and have no intention of doing so. We share your information only in the following limited circumstances:

Cloud infrastructure providers: We use third-party cloud hosting and database services to store and process your data securely. These providers act as data processors on our behalf and are contractually bound to protect your information.
AI/LLM providers: As described in the AI Data Processing section, we send limited, non-identifying data to Anthropic (Claude) for text generation and to ElevenLabs for audio narration. These providers operate under data processing agreements (DPAs).
Analytics providers: We share anonymized, aggregated usage data with analytics services to help us understand how the Service is used. No individually identifiable information is shared for analytics purposes.
Push notification services: We share your device push token with Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to deliver notifications to your Device. These services receive only the information necessary to route the notification.
Calendar and task providers: When you connect a calendar or task service, we communicate with that provider’s API using OAuth-based, read-only access tokens. We do not share your dawncast data with these providers.
Weather providers: We share your city or ZIP/postal code with third-party weather services to retrieve forecasts. No other Personal Data is transmitted.
News providers: We request news content from third-party APIs based on topic categories. Your Personal Data is not shared with news content providers.
Payment processors: If you subscribe to a paid plan, your payment information is processed directly by third-party payment processors (e.g., Apple App Store, Google Play Store, or Stripe). We do not receive or store your full credit card number or payment credentials.
Legal compliance: We may disclose your information if required to do so by law, in response to a valid subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your Personal Data is transferred and becomes subject to a different privacy policy.

Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. The specific retention periods are as follows:

Account data: Your account information (name, email, preferences) is retained for the duration of your account. Upon receiving a deletion request, we will delete or anonymize your account data within 30 calendar days.
Briefing history: Your generated briefings are retained on our systems and may be accessible to you within the app for up to 90 days. Briefing data may be retained beyond this period for internal purposes such as service improvement and analytics, but will no longer be visible to you in the app.
Usage analytics: Analytics data is aggregated and de-identified. Aggregated analytics may be retained indefinitely for product improvement and business purposes.
Calendar and task data: Calendar events and task information are cached locally on your Device and refreshed daily. This data is not stored on our servers beyond the brief period required to process and generate your briefing. Once the briefing is generated, the raw calendar and task data is discarded from our processing systems.
Crash reports: Crash and diagnostic reports are retained to allow our engineering team to investigate and resolve issues. These reports may be retained indefinitely in aggregated or de-identified form.

You have the right to request earlier deletion of your data at any time by contacting us at support@dawncast.app or by using the account deletion feature within the app. Subject to applicable legal obligations, we will honor such requests promptly.

Data Security

We take the security of your Personal Data seriously and implement industry-standard technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.

Encryption in transit: All data transmitted between your Device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher.
Encryption at rest: Personal Data stored on our servers is encrypted at rest using encryption provided by our infrastructure providers.
Access controls: Access to Personal Data is restricted to authorized personnel who require it to operate, develop, or improve the Service.
Security practices: We strive to conduct periodic security reviews of our infrastructure and application code and to address identified vulnerabilities in a timely manner.
Incident response: In the event of a data breach that we believe poses a risk to your rights and freedoms, we will make reasonable efforts to notify affected users and relevant authorities in accordance with applicable law.

While we strive to use commercially acceptable means to protect your Personal Data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

Your Privacy Rights

a. Rights for All Users

Regardless of where you are located, you have the following rights with respect to your Personal Data:

Access: You may request a copy of the Personal Data we hold about you.
Correction: You may request that we correct inaccurate or incomplete Personal Data.
Deletion: You may request that we delete your Personal Data, subject to certain legal exceptions.
Data export: You may request a copy of your data in a structured, commonly used, machine-readable format.
Withdraw consent: Where we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Object to processing: You may object to our processing of your Personal Data in certain circumstances, including processing for direct marketing purposes. Please note that the Service requires the processing of certain Personal Data to function. If you object to the processing necessary to provide the Service, you may be required to stop using the app and/or your account may be deleted.

To exercise any of these rights, you may use the in-app privacy settings or contact us at support@dawncast.app. We will respond to your request within the timeframes specified by applicable law.

b. Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply:

Legal bases for processing: We process your Personal Data on the following legal bases: (i) performance of a contract — to provide the Service you have requested; (ii) legitimate interests — to improve the Service, ensure security, and conduct analytics, where these interests are not overridden by your rights; (iii) consent — where you have given explicit consent, such as for push notifications or connecting third-party services; and (iv) legal obligation — where processing is necessary to comply with applicable law.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state or UK where you reside, work, or where the alleged infringement took place.
Data Protection Officer: You may contact our Data Protection Officer at dpo@northlightdigital.io with any questions or concerns about how we handle your data.
Cross-border transfers: Where your data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office to ensure an adequate level of protection.

c. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know: You have the right to request that we disclose the categories and specific pieces of Personal Data we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your data.
Right to delete: You have the right to request deletion of your Personal Data, subject to certain exceptions provided by law.
Right to opt out of sale: We do not sell your Personal Data. As such, we do not offer an opt-out mechanism for the sale of Personal Data because no sale occurs.
Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, provide a different level of quality, or suggest that you will receive different treatment for exercising your rights.
Authorized agent: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent’s authorization and your identity before fulfilling the request.
Shine the Light: Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of Personal Data to third parties for direct marketing purposes. We do not disclose Personal Data to third parties for their direct marketing purposes.

d. Additional Rights for Residents of Other US States

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), or another US state with a comprehensive consumer privacy law, you may have similar rights to access, correct, delete, and port your Personal Data, as well as the right to opt out of certain processing activities. We are committed to honoring these rights in accordance with applicable state law. If your request is denied, you have the right to appeal the decision by contacting us at support@dawncast.app with the subject line "Privacy Rights Appeal."

Children’s Privacy

The Service is not directed to children under the age of 13 (or under the age of 16 for individuals in the European Economic Area). We do not knowingly collect Personal Data from children under these age thresholds. If you are a parent or guardian and you believe your child has provided us with Personal Data without your consent, please contact us immediately at support@dawncast.app.

If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to delete that information from our servers promptly and within no more than 30 days of discovery.

International Data Transfers

The Service is operated by Northlight Digital LLC from the United States. Your Personal Data is primarily processed and stored on servers located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction.

For users in the European Economic Area (EEA) and the United Kingdom, we ensure that cross-border transfers of Personal Data are conducted in compliance with the GDPR and UK GDPR by implementing Standard Contractual Clauses (SCCs) approved by the European Commission (and the UK Addendum, where applicable) with our data processors and sub-processors.

The types of data transferred internationally may include account information, usage analytics, device information, and the limited data sent to AI providers as described in this policy.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate, subject to the safeguards described in this Privacy Policy.

Cookies and Tracking

We use a limited number of cookies and similar technologies on the dawncast.app website. The dawncast mobile app does not use cookies but may use device identifiers as described below.

Website cookies

Essential cookies: These cookies are strictly necessary for the operation of the website, including session management and authentication. They cannot be disabled without affecting website functionality.
Analytics cookies: We use analytics cookies on the website to understand visitor behavior, page views, and site performance. These cookies collect aggregated, anonymized data and do not track you across other websites.
Advertising cookies: We do not use advertising or third-party tracking cookies on the dawncast.app website.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may impair the functionality of the website.

Mobile app

The dawncast mobile app does not use cookies. Instead, the app may use device identifiers (such as the IDFA on iOS, subject to App Tracking Transparency, or the GAID on Android) for analytics and service improvement purposes as described in the Information We Collect section. You can reset or limit these identifiers through your device’s privacy settings.

Push Notifications

dawncast delivers your morning briefing through push notifications. When you enable push notifications, your Device generates a unique push token that is sent to our servers. We use this token to deliver notifications through Apple Push Notification service (APNs) for iOS devices and Firebase Cloud Messaging (FCM) for Android devices.

You can control push notification preferences within the dawncast app settings, including the time of delivery and the types of notifications you wish to receive. You may also disable push notifications entirely through your Device’s system settings at any time.

Push notification services receive only the device token and the notification payload (briefing title and summary text). No other Personal Data is transmitted to APNs or FCM as part of the notification delivery process.

Third-Party Links

Your dawncast briefing may contain links to third-party websites, including the original sources of news articles referenced in your summary. These links are provided for your convenience and reference only.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We do not control and are not liable for the data collection, use, or disclosure practices of these external sites. We encourage you to review the privacy policy of every third-party website you visit through links in your briefing.

The inclusion of a link to a third-party website does not imply endorsement of the site, its content, or its operators by Northlight Digital LLC or dawncast.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes that significantly affect how we collect, use, or share your Personal Data, we will provide prominent notice by one or more of the following means: (i) displaying an in-app notification; (ii) sending an email to the address associated with your account; or (iii) posting a conspicuous notice on the dawncast.app website.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the revised terms, you should discontinue use of the Service and delete your account.

In some cases, we may require your explicit re-consent before continuing to process your data under the updated policy, particularly where required by applicable data protection law.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using any of the methods below:

Privacy inquiries: support@dawncast.app
General support: support@dawncast.app
Data Protection Officer: dpo@northlightdigital.io
Mailing address: Northlight Digital LLC, New York, NY

We aim to respond to all privacy-related inquiries within 30 calendar days of receipt. For requests made under the California Consumer Privacy Act (CCPA/CPRA), we will respond within 45 calendar days, with the possibility of a one-time extension of an additional 45 days where reasonably necessary, provided we notify you of the extension.

Introduction

For purposes of this Privacy Policy, the following definitions apply:

"Personal Data" means any information that relates to an identified or identifiable individual, including but not limited to name, email address, device identifiers, IP address, and location data.
"Processing" means any operation performed on Personal Data, whether automated or not, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, combination, restriction, erasure, or destruction.
"Service" means the dawncast mobile application (available on iOS and Android) and the dawncast.app website, including all features, content, and functionality offered through them.
"User" (or "you" or "your") means any individual who accesses or uses the Service, whether as a registered account holder or as a visitor.
"Device" means any electronic device used to access the Service, including smartphones, tablets, and computers.

Information We Collect

We collect information from and about you in several ways, depending on how you interact with the Service. The categories below describe the types of information we may collect.

a. Information You Provide Directly

Account registration: When you create a dawncast account, we collect your name, email address, and a securely hashed version of your password. We never store your password in plain text.
Profile preferences: You may choose to provide information about your news interests (e.g., topics, categories, or specific sources you wish to follow) and your preferred language for briefings.
Location data: If you choose to enable weather features, we collect your city or ZIP/postal code to deliver localized weather information. We do not collect precise GPS coordinates unless you explicitly grant permission.
Feedback and support: When you contact us for support, submit feedback, or participate in surveys, we collect the content of your communications, your email address, and any other information you voluntarily provide.

b. Information from Connected Services

Calendar data: If you connect Google Calendar or Apple Calendar, we access event titles, start and end times, durations, and event locations to include calendar context in your morning briefing. We do not read event descriptions, attendee lists, attachments, private notes, or any data from calendars you have not explicitly selected.
Task data: If you connect a task management service, we access task titles and due dates to surface upcoming deadlines in your briefing. We do not access task descriptions, comments, or subtask details beyond what is needed to display the task name and due date.
Sign-in provider data: If you choose to sign in using Sign in with Apple or Google Sign-In, we receive your name, email address, and a unique identifier from the provider. We do not receive your password from these providers.

c. Information Collected Automatically

Device information: We collect information about your Device, including the operating system, version, device model, unique device identifiers, and mobile network information.
Usage analytics: We collect information about how you interact with the Service, such as which features you use, the time and duration of your sessions, briefing topics viewed, and actions taken within the app.
Crash reports: If the app encounters an error, we automatically collect diagnostic data including stack traces, device state, and operating system version to help us identify and fix bugs.
Push notification interaction: We collect data on whether push notifications are delivered, opened, or dismissed to measure the effectiveness of our notification delivery and improve timing.
IP address: We collect your IP address when you access the Service. This information is used for security purposes, approximate geolocation, and to comply with legal obligations.
Advertising identifier: On iOS, we may collect the Identifier for Advertisers (IDFA) only if you grant permission through Apple’s App Tracking Transparency (ATT) prompt. On Android, we may collect the Google Advertising ID (GAID). You can reset or limit these identifiers at any time through your device settings. We do not use these identifiers for cross-app tracking or targeted advertising.

d. Information from Third Parties

News content APIs: We receive articles, headlines, and summaries from third-party news aggregation services to compile your briefing. This data pertains to publicly available news content and does not contain your Personal Data.
Weather service APIs: We receive weather forecasts and conditions from third-party weather providers based on the location you provide (city or ZIP/postal code).
AI/LLM providers: In order to generate personalized briefing summaries, we send limited data to third-party AI service providers. The specific data sent to these providers is described in detail in the AI Data Processing section below.

How We Use Your Information

We may use the information we collect for the following purposes:

Generating your briefings: We may use your news interest preferences, location data, calendar data, and task data to compile and deliver personalized daily briefings tailored to your needs.
Providing weather information: We may use your city or ZIP/postal code to fetch and display localized weather forecasts within your briefing.
Displaying calendar context: We may use connected calendar event titles, times, and locations to include a schedule overview in your morning briefing.
Improving AI-generated content: We may use aggregated, anonymized usage patterns to refine the quality, relevance, and accuracy of AI-generated briefing summaries. Individual user data is not used to train third-party AI models.
Delivering push notifications: We may use your device token and notification preferences to send morning briefing alerts and, where you have opted in, other relevant notifications.
Analytics and product improvement: We may use usage analytics, device information, and crash reports to understand how the Service is used, diagnose technical issues, and improve features and performance.
Communication: We may use your email address to send you account-related communications, respond to support requests, and, where you have opted in, share product updates or announcements.
Fraud detection and security: We may use IP addresses, device identifiers, and usage patterns to detect, investigate, and prevent unauthorized access, abuse, or other fraudulent activity.
Legal compliance: We may process your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Aggregated analytics: We may generate aggregated, de-identified statistics about Service usage to better understand user trends. Aggregated data cannot be used to identify any individual user.

AI Data Processing

What IS sent to AI providers

Publicly available news article text, headlines, and summaries obtained from news content APIs.
Your selected interest preferences and topic categories (e.g., "Technology," "Finance," "Sports") to tailor the tone, priority, and focus of your briefing.
Your preferred language setting, so briefings can be generated in your chosen language.
General location context (city-level only) for weather narrative generation.

What is NOT sent to AI providers

Your name, email address, or any personal identifiers.
Calendar event details, including titles, times, attendees, or locations.
Task data, including titles or due dates.
Your IP address, device identifiers, or advertising identifiers.
Your password hash or authentication credentials.

Data retention by AI providers

AI content accuracy

How We Share Your Information

We do not sell your personal information. We do not knowingly sell Personal Data and have no intention of doing so. We share your information only in the following limited circumstances:

Cloud infrastructure providers: We use third-party cloud hosting and database services to store and process your data securely. These providers act as data processors on our behalf and are contractually bound to protect your information.
AI/LLM providers: As described in the AI Data Processing section, we send limited, non-identifying data to Anthropic (Claude) for text generation and to ElevenLabs for audio narration. These providers operate under data processing agreements (DPAs).
Analytics providers: We share anonymized, aggregated usage data with analytics services to help us understand how the Service is used. No individually identifiable information is shared for analytics purposes.
Push notification services: We share your device push token with Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) to deliver notifications to your Device. These services receive only the information necessary to route the notification.
Calendar and task providers: When you connect a calendar or task service, we communicate with that provider’s API using OAuth-based, read-only access tokens. We do not share your dawncast data with these providers.
Weather providers: We share your city or ZIP/postal code with third-party weather services to retrieve forecasts. No other Personal Data is transmitted.
News providers: We request news content from third-party APIs based on topic categories. Your Personal Data is not shared with news content providers.
Payment processors: If you subscribe to a paid plan, your payment information is processed directly by third-party payment processors (e.g., Apple App Store, Google Play Store, or Stripe). We do not receive or store your full credit card number or payment credentials.
Legal compliance: We may disclose your information if required to do so by law, in response to a valid subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your Personal Data is transferred and becomes subject to a different privacy policy.

Data Retention

Account data: Your account information (name, email, preferences) is retained for the duration of your account. Upon receiving a deletion request, we will delete or anonymize your account data within 30 calendar days.
Briefing history: Your generated briefings are retained on our systems and may be accessible to you within the app for up to 90 days. Briefing data may be retained beyond this period for internal purposes such as service improvement and analytics, but will no longer be visible to you in the app.
Usage analytics: Analytics data is aggregated and de-identified. Aggregated analytics may be retained indefinitely for product improvement and business purposes.
Calendar and task data: Calendar events and task information are cached locally on your Device and refreshed daily. This data is not stored on our servers beyond the brief period required to process and generate your briefing. Once the briefing is generated, the raw calendar and task data is discarded from our processing systems.
Crash reports: Crash and diagnostic reports are retained to allow our engineering team to investigate and resolve issues. These reports may be retained indefinitely in aggregated or de-identified form.

Data Security

Encryption in transit: All data transmitted between your Device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher.
Encryption at rest: Personal Data stored on our servers is encrypted at rest using encryption provided by our infrastructure providers.
Access controls: Access to Personal Data is restricted to authorized personnel who require it to operate, develop, or improve the Service.
Security practices: We strive to conduct periodic security reviews of our infrastructure and application code and to address identified vulnerabilities in a timely manner.
Incident response: In the event of a data breach that we believe poses a risk to your rights and freedoms, we will make reasonable efforts to notify affected users and relevant authorities in accordance with applicable law.

Your Privacy Rights

a. Rights for All Users

Regardless of where you are located, you have the following rights with respect to your Personal Data:

Access: You may request a copy of the Personal Data we hold about you.
Correction: You may request that we correct inaccurate or incomplete Personal Data.
Deletion: You may request that we delete your Personal Data, subject to certain legal exceptions.
Data export: You may request a copy of your data in a structured, commonly used, machine-readable format.
Withdraw consent: Where we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Object to processing: You may object to our processing of your Personal Data in certain circumstances, including processing for direct marketing purposes. Please note that the Service requires the processing of certain Personal Data to function. If you object to the processing necessary to provide the Service, you may be required to stop using the app and/or your account may be deleted.

To exercise any of these rights, you may use the in-app privacy settings or contact us at support@dawncast.app. We will respond to your request within the timeframes specified by applicable law.

b. Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply:

Legal bases for processing: We process your Personal Data on the following legal bases: (i) performance of a contract — to provide the Service you have requested; (ii) legitimate interests — to improve the Service, ensure security, and conduct analytics, where these interests are not overridden by your rights; (iii) consent — where you have given explicit consent, such as for push notifications or connecting third-party services; and (iv) legal obligation — where processing is necessary to comply with applicable law.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state or UK where you reside, work, or where the alleged infringement took place.
Data Protection Officer: You may contact our Data Protection Officer at dpo@northlightdigital.io with any questions or concerns about how we handle your data.
Cross-border transfers: Where your data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office to ensure an adequate level of protection.

c. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know: You have the right to request that we disclose the categories and specific pieces of Personal Data we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your data.
Right to delete: You have the right to request deletion of your Personal Data, subject to certain exceptions provided by law.
Right to opt out of sale: We do not sell your Personal Data. As such, we do not offer an opt-out mechanism for the sale of Personal Data because no sale occurs.
Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, provide a different level of quality, or suggest that you will receive different treatment for exercising your rights.
Authorized agent: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent’s authorization and your identity before fulfilling the request.
Shine the Light: Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of Personal Data to third parties for direct marketing purposes. We do not disclose Personal Data to third parties for their direct marketing purposes.

d. Additional Rights for Residents of Other US States

Children’s Privacy

International Data Transfers

The types of data transferred internationally may include account information, usage analytics, device information, and the limited data sent to AI providers as described in this policy.

Cookies and Tracking

We use a limited number of cookies and similar technologies on the dawncast.app website. The dawncast mobile app does not use cookies but may use device identifiers as described below.

Website cookies

Essential cookies: These cookies are strictly necessary for the operation of the website, including session management and authentication. They cannot be disabled without affecting website functionality.
Analytics cookies: We use analytics cookies on the website to understand visitor behavior, page views, and site performance. These cookies collect aggregated, anonymized data and do not track you across other websites.
Advertising cookies: We do not use advertising or third-party tracking cookies on the dawncast.app website.

Mobile app

Push Notifications

Third-Party Links

The inclusion of a link to a third-party website does not imply endorsement of the site, its content, or its operators by Northlight Digital LLC or dawncast.

Changes to This Policy

In some cases, we may require your explicit re-consent before continuing to process your data under the updated policy, particularly where required by applicable data protection law.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using any of the methods below:

Privacy inquiries: support@dawncast.app
General support: support@dawncast.app
Data Protection Officer: dpo@northlightdigital.io
Mailing address: Northlight Digital LLC, New York, NY