Privacy policy

Introduction

DaySync ("we," "our," or "us") is operated by DaySync LLC, a Wyoming limited liability company (Filing ID 2026-001938982), located at 30 N Gould St, STE R, Sheridan, WY 82801, USA. DaySync LLC is the data controller responsible for your information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, our web application, our websites, and related services (together, the "Services") for beauty and appointment-based businesses, including independent professionals, studios, and salon teams.

The Services include:

• The DaySync mobile apps for iOS and Android
• The DaySync web application at web.daysync.io
• Our marketing website at daysync.io
• Published business booking pages at your-business.daysync.pro

Transition note: Our mobile apps may continue to appear under our affiliate Frizo LLC (Georgia, registration 405589260) in the Apple App Store and Google Play until the app store account transfers to DaySync LLC are completed. Frizo LLC processes data on the same terms described here.

Information We Collect

Personal Information You Provide

Account Information:

• Name and email address
• Phone number
• Business name and description
• Profile photo
• Business address and location
• Working hours and availability
• Team member details (for businesses with staff)
• Social media profiles (optional)

Client Data You Input:

• Client names and contact information
• Client photos and visit history
• Appointment notes and service records
• Client preferences and personal notes

Business Data:

• Service catalog (names, descriptions, pricing, duration)
• Product inventory information
• Appointment schedules and bookings
• Revenue and financial data
• Portfolio photos (before/after images)

Payment and Subscription Information:

• Subscription plan and billing status
• Limited billing details needed to manage your subscription (for example, plan, renewal date, and the last four digits of a card)
• For businesses that accept payments from their own clients, the identity and bank/payout details required to open and operate a Stripe Connect account

We do not store full payment card numbers. Card and bank details are collected and processed directly by our payment partners described below.

Information Automatically Collected

Device and Usage Information:

• Device type, operating system, and version
• IP address and general location data
• App and web usage analytics and performance data
• Crash reports and error logs
• Push notification tokens

Cookies and Similar Technologies are described in detail in the "Cookies and Tracking Technologies" section below.

Cookies and Tracking Technologies

We and our partners use cookies and similar technologies on our websites and web application. We use the following categories:

Strictly necessary cookies. Required to run the Services, including authentication and security. This includes a session cookie scoped to the daysync.io domain that keeps you signed in across our marketing website (daysync.io) and our web application (web.daysync.io), so that if you log in on one, your logged-in status is recognized on the other (single sign-on). These cookies cannot be switched off.

Preference cookies. Remember your settings and choices, such as language and display preferences.

Analytics cookies. Help us understand how the Services are used so we can improve them. We use PostHog for product analytics, which may set cookies or use similar identifiers to measure feature usage, activation, and performance. Analytics data is used in aggregated or pseudonymized form wherever possible.

Published booking pages at your-business.daysync.pro are public-facing and operate on a separate registrable domain (daysync.pro); they do not share the single sign-on session described above and may set their own necessary and analytics cookies.

Where required by law (for example, in the EEA and the UK), we ask for your consent before setting non-essential cookies, and you can change your choices at any time through our cookie settings or your browser controls.

How We Use Your Information

Core Functionality

• Provide appointment scheduling and management services
• Enable client management and communication features
• Provide team and staff management for businesses with multiple members
• Generate business analytics and revenue reports
• Sync data across your devices and the web application
• Send appointment reminders and notifications

Business Profile and Online Booking Services

• Create and maintain your public booking page at your-business.daysync.pro
• Display your services and portfolio to potential clients
• Process online bookings from clients
• Enable social media integration features

Payments and Subscriptions

• Manage your DaySync subscription, billing, and entitlements
• Enable businesses to accept payments from their own clients via Stripe Connect
• Process subscription purchases and renewals through our payment partners

Communication

• Send important service updates and notifications
• Provide customer support and respond to inquiries
• Send promotional communications (with your consent)
• SMS and messaging notifications for appointment reminders (where enabled)

Analytics and Improvements

• Analyze usage patterns to improve functionality
• Monitor performance and fix technical issues
• Conduct research and development for new features

Information Sharing and Disclosure

We DO NOT Sell Your Personal Information

DaySync does not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share limited information with trusted service providers who help us operate the Services, under contractual obligations to protect your data:

• Firebase (Google) — cloud hosting, data storage, and backup
• Stripe — payment processing, including Stripe Connect, which enables businesses using DaySync to accept payments from their own clients. Stripe collects and processes payment, identity, and payout information directly. Stripe acts as an independent controller for the payment data it processes.
• Paddle — our Merchant of Record for subscription sales through the web application. Paddle processes your subscription payment and handles billing, invoicing, and applicable taxes.
• Adapty — subscription and entitlement management across web (Paddle), iOS, and Android, used to determine which features your plan unlocks. Adapty processes subscription events and account identifiers.
• Apple App Store / Google Play — in-app subscription purchases made on mobile devices are processed by the respective app store.
• PostHog — product and usage analytics
• Customer support tools for help desk functionality

Public Information

• Information you choose to display on your public booking page
• Portfolio images you opt to showcase publicly
• Business information you make publicly available

Legal Requirements

• When required by law, court order, or government request
• To protect our rights, property, or safety
• To prevent fraud or abuse of our services

Business Transfers

• In connection with a merger, acquisition, or sale of assets (with notice)

Your Client Data Protection

You Control Client Information

• You determine what client information to collect and store
• You are responsible for obtaining necessary consents from your clients
• Client data belongs to you and can be exported or deleted at any time

Our Commitments

• We encrypt client data in transit and at rest
• We implement strict access controls and security measures
• We do not use client information for our own marketing or analytics
• We do not share client information with other users or third parties, except service providers acting on our instructions

Data Security

Security Measures

• SSL/TLS encryption for all data transmission
• Encryption of sensitive account data
• Regular security audits and vulnerability assessments
• Secure cloud infrastructure with Firebase security rules
• Multi-factor authentication options

Data Breach Response

• Immediate investigation and containment procedures
• Notification to affected users without undue delay, and within 72 hours where required by law
• Cooperation with regulatory authorities as required
• Regular security training for our team

Your Rights and Choices

Account Management

• Access and update your account information at any time
• Export your data in standard formats
• Delete your account and associated data
• Control notification preferences and settings

Marketing Communications

• Opt out of promotional emails and notifications
• Manage push notification preferences
• Control social media integration features

Data Portability

• Export your business data, client information, and appointment history
• Transfer data to other services or platforms
• Receive data in commonly used formats (CSV, JSON)

International Data Transfers

DaySync LLC is based in the United States, and we operate globally. Your information may be transferred to and processed in the United States and other countries that may have data protection laws different from those in your country. Where we transfer personal data internationally, we rely on appropriate safeguards, including:

• Standard Contractual Clauses for transfers from the EEA and the UK
• Adequacy decisions where applicable
• Strong encryption and security measures during transfer

Children's Privacy

DaySync is intended for business use by adults (18+ years). We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

Data Retention

Account Data

• Retained while your account is active
• Deleted within 30 days of an account deletion request
• Some data may be retained longer for legal, tax, or compliance purposes

Client Information

• Retained according to your business needs and local regulations
• Can be deleted by you at any time
• Automatically purged upon account deletion

Payment and Subscription Records

• Transaction and billing records are retained as required by tax and accounting laws

Analytics Data

• Anonymized or pseudonymized usage data may be retained for up to 2 years
• Crash reports and error logs retained for 1 year maximum

Region-Specific Rights

European Union / EEA / United Kingdom (GDPR / UK GDPR)

• Right to access your personal data
• Right to rectify inaccurate information
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge complaints with a supervisory authority

California (CCPA/CPRA)

• Right to know what personal information is collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of sale or sharing (we do not sell data)
• Right to non-discrimination for exercising privacy rights

Other Jurisdictions

We comply with applicable privacy laws in all regions where we operate.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

• Notify you of material changes via email or in-app notification
• Post the updated policy with a new effective date
• Maintain previous versions for reference
• Provide 30 days notice for significant changes

EU and UK Privacy Contact

If you are located in the European Economic Area or the United Kingdom and have questions or requests regarding the processing of your personal data, you can contact us at privacy@daysync.io.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

• Email: privacy@daysync.io
• General Support: support@daysync.io
• Website: daysync.io
• Company: DaySync LLC (Wyoming Filing ID: 2026-001938982)
• Address: 30 N Gould St, STE R, Sheridan, WY 82801, USA

Consent and Acceptance

By using DaySync, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services.

For questions about this Privacy Policy, please contact us at privacy@daysync.io.