Privacy & Security

Understand how DayHelm protects your data

In this guide

Data Encryption
Two-Factor Authentication
OAuth 2.0 Authorization
Session Security
Data Management

Data Encryption

All data in DayHelm is encrypted both in transit and at rest. OAuth tokens for connected services are encrypted using AES-256-GCM, the same standard used by financial institutions. Your passwords are hashed with bcrypt using 12 rounds of salting.

Two-Factor Authentication

Enable two-factor authentication (2FA) in Settings under Privacy & Security for an extra layer of account protection. When enabled, you will need to enter a verification code from your authenticator app or SMS in addition to your password when signing in.

OAuth 2.0 Authorization

When you connect third-party services, DayHelm uses OAuth 2.0 token-based authorization — your passwords are never shared with us. Google and Microsoft sign-in flows use PKCE (Proof Key for Code Exchange) for additional hardening. Access tokens are encrypted at rest with AES-256-GCM.

Session Security

Your session is validated on every request. User identity is always determined server-side from your authenticated session — never from URL parameters or request bodies. This prevents impersonation and session hijacking.

Data Management

You can manage your data from Settings under Privacy & Security — review what DayHelm stores, export a JSON archive, or delete your account. We do not sell your personal information. We share data only with service providers under contract (AI models, payments, email delivery, error monitoring, hosting) — see our Privacy Policy for the full list.