DayZen
Start Free

Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how DayZen ("DayZen", "we", "us", "our") collects, uses, shares, and protects your personal information when you use our AI-driven calendar and task management service (the "Service"). By using DayZen you agree to this Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide

  • Account information — name, email address, password (stored hashed), and profile preferences.
  • Your Content — tasks, events, projects, goals, notes, time entries, client and project records, and any other content you create in the Service.
  • Communications — messages you send to support or feedback you submit.

Information from connected services

  • Google Calendar data — when you connect Google Calendar, we receive your calendar events and metadata as described in Section 3 below.
  • Profile data from sign-in providers — basic profile information (name, email, profile picture) from Google when you sign in with Google.

Information collected automatically

  • Usage data — pages viewed, features used, actions taken in the app, timestamps.
  • Device & log data — IP address, browser type, operating system, device identifiers, crash and error logs.
  • Cookies and similar technologies — used for authentication, session management, and basic analytics. We do not use third-party advertising cookies.

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Authenticate you and secure your account.
  • Generate AI-assisted scheduling proposals, daily briefings, backlog triage, and other personalized features.
  • Sync calendar events between DayZen and connected calendar providers.
  • Send transactional and service-related communications (e.g. booking confirmations, password resets, account notices).
  • Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
  • Comply with legal obligations.

3. Google User Data

When you connect your Google account to DayZen, we request only the OAuth scopes needed to provide calendar features:

  • https://www.googleapis.com/auth/calendar.readonly — to read your existing calendar events so DayZen can display them and avoid scheduling conflicts.
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete events that you (or our AI on your approval) schedule through DayZen.
  • https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile — to identify your Google account and display your name and profile picture in the app.

Limited Use Disclosure

DayZen's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Google user data obtained through these scopes is used only to provide and improve user-facing features within DayZen. We do not:

  • Transfer Google user data to third parties for advertising or any other purpose unrelated to the Service.
  • Use Google user data for serving ads.
  • Allow humans to read Google user data, except (a) with your affirmative consent for specific messages, (b) as necessary for security purposes (e.g. investigating abuse), (c) to comply with applicable law, or (d) in aggregated, anonymized form for internal operations.
  • Use Google user data to develop, improve, or train generalized or non-personalized AI / machine learning models.

You can revoke DayZen's access to your Google account at any time by visiting your Google Account permissions page or by disconnecting Google from your DayZen account settings.

4. AI Processing

DayZen uses third-party AI providers, primarily Anthropic (Claude), to power scheduling proposals, daily briefings, backlog triage, and similar features. When you use an AI feature, relevant portions of Your Content (such as task titles, time horizons, goals, and calendar context) are sent to the AI provider to generate the response. These providers process the data on our behalf under data-processing agreements and do not use it to train their public models. We do not send raw Google user data to AI providers beyond what is necessary to assist you with scheduling that you control.

5. How We Share Information

We share personal information only as described below:

  • Service providers / sub-processors — infrastructure (Lovable Cloud / Supabase for hosting and database), email delivery, error monitoring, and AI processing (Anthropic). These providers process data on our behalf under contractual obligations.
  • With your direction — for example when you send a booking confirmation email or share a booking link.
  • Legal and safety — to comply with applicable law, valid legal process, or to protect the rights, property, or safety of DayZen, our users, or the public.
  • Business transfers — if DayZen is involved in a merger, acquisition, or sale of assets, your data may be transferred subject to this Policy.

We do not sell your personal information, and we do not share it with advertising networks.

6. Data Retention & Deletion

We retain your data for as long as your account is active. You can delete individual items at any time. You can delete your entire account from your profile settings; once you do, we permanently delete or anonymize your personal data within 30 days, except where retention is required by law (e.g. tax or accounting records) or for legitimate security purposes. Backups containing residual data are purged on a rolling basis.

7. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, encryption at rest, row-level security in our database, and access controls. No system is perfectly secure; you use the Service at your own risk and should keep your credentials confidential.

8. Your Rights

Depending on where you live (e.g. EEA / UK under GDPR, California under CCPA), you may have rights to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Request a portable copy of your data.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact us at privacy@dayzen.app. We may need to verify your identity before responding.

9. International Transfers

DayZen is operated from the United States. If you access the Service from outside the US, your data will be transferred to, stored, and processed in the US and other countries where our service providers operate. We rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA, UK, and Switzerland.

10. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice (for example by email or in-app notification) before the changes take effect. The "Last updated" date at the top of this page reflects the most recent version.

12. Contact

Questions or requests about your privacy? Contact us at privacy@dayzen.app.