Your California Privacy Rights

This notice applies to California residents whose personal information DayHelm collects as part of providing our service. It supplements our general Privacy Policy.

DayHelm does not sell personal information and does not share personal information for cross-context behavioural advertising, as those terms are defined in the CCPA/CPRA.

Because we do not sell or share your information, we are not required to provide a separate "Do Not Sell or Share My Personal Information" mechanism. If this ever changes, we will update this notice and provide the required opt-out link.

In the past 12 months, we have collected the following categories of personal information (as defined by the CCPA):

• Identifiers — name, email address, account ID, IP address.
• Customer records — billing name and payment method metadata (card numbers are processed by Stripe; we do not store them).
• Commercial information — subscription tier, billing history.
• Internet/network activity — pages visited, features used, device and browser metadata, request logs.
• Content you connect to DayHelm — email metadata, calendar events, tasks, notes, and contacts from integrations you authorise via OAuth. Full email bodies are fetched on demand from your provider and not stored.
• Inferences — productivity patterns and preferences derived by AI features operating on the data above.

• Directly from you when you register and use DayHelm.
• From third-party integrations you explicitly authorise (Gmail, Outlook, Google Calendar, Slack, Notion, Todoist, Asana, Trello, Zoom, Microsoft Teams).
• Automatically from your device when you interact with our service (log data, analytics).

• Providing, maintaining, and improving DayHelm.
• Running AI analysis that powers suggestions, summaries, and insights.
• Billing and subscription management.
• Security, fraud prevention, debugging, and legal compliance.
• Customer support and transactional communications.

We share personal information only with service providers under written contract that limits their use to providing services to DayHelm:

• Cloud hosting and database infrastructure providers.
• AI model providers (OpenAI, Anthropic) for processing requests you initiate.
• Payment processor (Stripe) for subscription billing.
• Email delivery (Resend) for transactional email.
• Error monitoring and analytics (Sentry, Vercel Analytics, BetterStack).

Under the CCPA/CPRA, you have the right to:

• Know what personal information we collect about you and how we use it.
• Access a copy of the personal information we hold about you.
• Delete personal information we have collected from you, subject to legal exceptions.
• Correct inaccurate personal information we hold about you.
• Limit use of sensitive personal information where applicable.
• Non-discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights.

You can exercise the rights to access and delete your data directly from your account:

• Access / portability: go to Settings → Privacy & Security → Export Data to download a JSON archive of your account information.
• Deletion: go to Settings → Privacy & Security → Delete Account to permanently delete your account and associated data.

For rights not covered in-app (correction, limit use of sensitive personal information, questions about what we hold), email privacy@dayhelm.com from the email address associated with your account. We may ask for information to verify your identity before fulfilling your request, and we respond within 45 days as required by CCPA.

You may designate an authorised agent to make a request on your behalf by providing written permission signed by you. We may require you to verify your identity directly with us before acting on the request.

We retain personal information only as long as necessary to provide the service and comply with our legal obligations. See the Data Retention section of our Privacy Policy for details.

Questions about this notice or your California privacy rights?