TL;DR: We collect minimal information necessary to provide our services. We don't sell your data. We use industry-standard security. Contact us if you have questions.
1. Information We Collect
1.1 Information You Provide
We collect information you directly provide to us, including:
- Account information (name, email address) when you register
- Payment information processed securely through our payment processors
- Communications you send to us
- Survey responses and feedback
1.2 Information We Collect Automatically
When you use our service, we automatically collect:
- Usage data (pages visited, time spent, features used)
- Device information (IP address, browser type, operating system)
- Cookies and similar technologies for functionality and analytics
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices and support messages
- Communicate with you about products, services, and promotions
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues
3. Information Sharing and Disclosure
We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy:
- Service Providers: We may share information with trusted third-party service providers who assist us in operating our website and conducting our business
- Legal Requirements: We may disclose information if required by law or to protect our rights and safety
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
4. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption for data transmission
- Secure data storage with access controls
- Regular security audits and updates
- Employee training on data protection
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
- Essential Cookies: Required for basic website functionality
- Analytics Cookies: Help us understand how you use our service
- Preference Cookies: Remember your settings and preferences
You can control cookie settings through your browser preferences.
6. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.
7. Data Retention
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access to your personal information
- Correction of inaccurate information
- Deletion of your personal information
- Restriction or objection to processing
- Data portability
To exercise these rights, please contact us using the information below.
9. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
10. Third-Party Links
Our service may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
11. GDPR Compliance (EU Users)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
11.1 Lawful Basis for Processing
We process your personal data based on the following lawful bases:
- Contract: To provide our services and fulfill our contractual obligations
- Legitimate Interest: To improve our services, communicate with you, and ensure security
- Consent: Where you have explicitly agreed to certain processing activities
11.2 Your GDPR Rights
As an EU resident, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
11.3 OAuth and Third-Party Authentication
When you sign up using Google or Facebook OAuth:
- We only receive basic profile information (name, email) that you authorize
- We do not access your social media posts, friends lists, or other private data
- You can revoke our access through your Google/Facebook account settings
- Data received through OAuth is processed under the same privacy standards as other registration methods
11.4 Data Protection Officer
For GDPR-related inquiries, please contact our Data Protection Officer at hello@ahaday.com.
11.5 Complaints
If you believe we have not complied with GDPR, you have the right to lodge a complaint with your local data protection authority.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.