Privacy Policy
Effective date: January 1, 2026 · Last updated: May 4, 2026
Daysight ("we," "us," or "our") is a free reminder service that helps you remember birthdays, anniversaries, and other important dates for the people you care about. This Privacy Policy explains what personal information we collect, how we use it, and your rights. We've written it to be readable, not just legally complete.
By using Daysight, you agree to the practices described here. If you don't agree, please don't use the service.
1. Information We Collect
Account information
When you create an account, we collect your email address and, optionally, a display name. We do not collect your phone number, postal address, or payment information.
Contact and event data you enter
To send you reminders, you give us information about other people — their names, birthdays, anniversaries, your relationship to them, and their gift preferences. This data is stored solely to provide you with the service. We do not use it for advertising, profiling, or any purpose other than sending you reminders.
Usage and analytics data
We collect basic information about how you use the service — features used, emails opened or clicked, and whether a gift link led to a purchase. This helps us understand what's working and improve the product. When used for analytics, this data is anonymised and not linked to your identity.
Technical session data
We use strictly necessary cookies to keep you signed in. These are set by Supabase, our authentication provider, and are required for the service to function. We do not use analytics cookies, tracking pixels, or marketing cookies on our own site. When you click a gift link in a reminder email, the third-party retailer you visit may set their own cookies — see Section 4.
2. How We Use Your Information
The table below sets out each processing activity, its purpose, and the legal basis we rely on under GDPR Article 6. Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms.
| Processing activity | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account registration and authentication | Create and secure your account | 6(1)(b) — performance of the contract you entered into with us |
| Storing contact and event data | Provide the core reminder service | 6(1)(b) — performance of the contract |
| Sending reminder emails with gift suggestions | Deliver the service you signed up for; include affiliate gift links that generate revenue to keep the service free | 6(1)(a) — your explicit consent at sign-up (you can withdraw at any time via the unsubscribe link) |
| Sending re-engagement emails to new users | Help new users who have not yet added contacts get value from the service | 6(1)(a) — your consent at sign-up |
| Email delivery and open/click tracking | Confirm delivery, detect failures, and understand which gift suggestions are useful | 6(1)(f) — legitimate interests (improving deliverability and service quality) |
| Affiliate purchase attribution | Record that a purchase was referred by Daysight so we can receive a commission | 6(1)(f) — legitimate interests (sustainable revenue model that keeps the service free) |
| Anonymised usage analytics | Understand feature usage and improve the product | 6(1)(f) — legitimate interests (product improvement); data is anonymised before use |
| Responding to support messages | Answer your questions and resolve issues | 6(1)(f) — legitimate interests (customer support) |
3. How We Share Your Information
We do not sell your personal information. We do not share it with advertisers. The limited ways we may share data are:
- Service providers: companies that help us operate the service, including our authentication provider (Supabase), email delivery provider (Resend), and cloud hosting (Vercel). They are contractually required to process your data only as directed by us and may not use it for their own purposes.
- Affiliate networks: when you click a gift link and complete a purchase, our affiliate partners receive a referral signal to attribute the commission. They do not receive your name, email address, or any contact data you have entered into Daysight.
- Legal requirements: if required by law, court order, or to protect the rights and safety of users or the public, we may disclose information to competent authorities.
- Business transfers: if Daysight is acquired or merged with another company, your data may transfer as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
4. Affiliate Links and Third-Party Sites
Daysight is free because we earn small commissions when you buy gifts through our recommended links. When you click a “Buy Now” link in a reminder email, you are directed to a third-party retailer. That retailer may set its own cookies and tracking technologies on your device to attribute the purchase.
We are not responsible for the privacy practices of those third-party sites. We recommend reviewing their privacy policies before making a purchase.
5. Data Retention
- Active account data (profile, contacts, events) is kept for as long as your account is active.
- Soft-deleted contacts and events are moved to a recycling bin and permanently purged within 7 days of deletion. You can restore them from Settings within that window.
- Your account can be deleted at any time from Settings. When you do, all personal data — your profile, contacts, events, and reminder history — is permanently deleted within 7 days. Deletion is irreversible.
- Anonymised, aggregated analytics (e.g. conversion event counts with no identifying fields) may be retained indefinitely for product improvement.
- Support correspondence is retained for up to 2 years, then deleted.
6. Cookies
We use strictly necessary cookies on the Daysight website. These are set by Supabase, our authentication provider, to maintain your signed-in session and cannot be disabled without breaking the service. We do not use third-party advertising cookies, tracking pixels, or analytics scripts on our own site.
If you arrive from a Microsoft Advertising (Bing) ad, we store a single first-party cookie holding the ad-click identifier that Microsoft appends to the link (the “msclkid”). We use it only to measure whether ad clicks lead to sign-ups, and we report only that identifier — never your name, email, or other personal information — back to Microsoft for that measurement. No third-party advertising cookie or tracking script runs in your browser.
Similarly, if you arrive from one of our own links (for example a link in our social media profile), we store a single first-party cookie holding a short referral label from that link so we can measure which of our channels lead to sign-ups. This label contains no personal information, is used only for our own internal analytics, and is never shared with any third party.
Third-party retailers you visit after clicking a gift link may set their own cookies. Those cookies are governed by the retailer's own privacy policy.
7. Your Rights
All users
- You can access and update your account information in Settings at any time.
- You can delete individual contacts and events, or your entire account, from Settings.
- You can unsubscribe from all reminder emails using the unsubscribe link in any email, or by toggling email preferences in Settings.
California residents (CCPA / CPRA)
Under California privacy law, you have the right to know what personal information we collect and how it is used, to request deletion of your personal information, to correct inaccurate information, and to opt out of the sale or sharing of your personal information. We do not sell or share personal information. To exercise your rights, contact us at info@daysight.xyz.
EEA, UK, and Swiss residents (GDPR / UK GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under applicable data protection law:
- Access (Art. 15): request a copy of the personal data we hold about you.
- Rectification (Art. 16): ask us to correct inaccurate or incomplete data.
- Erasure (Art. 17): ask us to delete your personal data (subject to certain exceptions).
- Restriction (Art. 18): ask us to restrict processing of your data in certain circumstances.
- Portability (Art. 20): receive your personal data in a structured, machine-readable format.
- Object (Art. 21): object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: where processing is based on consent (Art. 6(1)(a)), you may withdraw it at any time without affecting the lawfulness of prior processing — use the unsubscribe link in any email or contact us directly.
To exercise any of these rights, contact us at info@daysight.xyz. We will respond within one calendar month. You also have the right to lodge a complaint with your supervisory authority — for example, the ICO in the UK, or your national data protection authority in the EEA.
8. Children's Privacy
Daysight is not directed at children under 13 (or under 16 where required by local law). We do not knowingly collect personal information from anyone under those ages. If you believe a child has provided us personal information, please contact us and we will delete it promptly.
9. Security
We use industry-standard measures to protect your data, including TLS encryption in transit, encrypted storage at rest, and row-level security in our database so that only you can access your own data. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. If changes are significant, we will notify you by email or by a prominent notice on the site at least 14 days before the changes take effect.
11. Contact Us
Questions about this policy or your data? We're happy to help. Reach us at info@daysight.xyz.