Privacy Policy
Effective July 15, 2026
1. Overview
This policy explains what information Overday Labs (“we,” “us”) collects when you use Dayoutly at dayoutly.com, how we use it, and the choices you have. The short version: we collect the minimum needed to run the service, we don’t sell your personal information, and you can ask us to delete your data at any time.
2. Information we collect
Account information. If you create an account: your email address and a password (stored in hashed form by our authentication provider — we never see or store your plain-text password).
Things you do in the app. Events you save, sources you hide, filter preferences, and your selected city. If you browse without an account, preferences are stored only in your browser’s local storage and never leave your device.
Usage and device data. Standard server logs (IP address, browser type, pages requested) and, when analytics are enabled, aggregate usage statistics such as page views and general location at the city level. We do not collect precise GPS location.
3. How we use information
- to provide the service: accounts, saved events, city selection, filters;
- to send transactional email (account verification, password resets, a welcome note);
- to understand aggregate usage and improve the product;
- to maintain security and prevent abuse.
We do not sell personal information, and we do not share it with third parties for their own advertising.
4. Cookies and local storage
We use browser local storage for functional preferences (theme, selected city, filters, saved events for guests, and a one-time confirmation if you enable adult-audience listings). If analytics are enabled, the analytics provider sets its own cookies to measure aggregate usage.
5. Service providers
We rely on a small number of providers who process data on our behalf:
- Supabase — account authentication and database hosting
- Vercel — website hosting and request logs
- Heroku (Salesforce) — background data processing
- Resend — transactional email delivery
- Google Analytics — aggregate usage analytics, when enabled
Each provider is bound by its own security and privacy commitments and processes data only to provide its service to us.
6. Data retention
Account data is kept while your account is active and deleted when you ask us to close it. Server logs and analytics data are retained per our providers’ standard retention windows. Event listings themselves are public information about public events, not personal data.
7. Your rights
You can access, correct, export, or delete your personal information by emailing hello@dayoutly.com. Depending on where you live (for example the EU/UK under GDPR, or California under the CCPA), you may have additional statutory rights, including the right to know what we hold about you and the right to deletion. We honor such requests regardless of where you live. We do not discriminate against you for exercising these rights.
8. Children
The service is designed to help parents and caregivers find family activities. Accounts are limited to people 13 or older, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.
9. Security
All traffic is encrypted in transit (HTTPS). Authentication and password storage are handled by our authentication provider using industry-standard hashing. No method of storage is 100% secure, but we limit what we collect so there is little to lose.
10. Changes
If we materially change this policy, we will update the effective date above and, where practical, provide notice in the app.
11. Terms of Service
Use of the service is also governed by our Terms of Service.
Questions? Contact hello@dayoutly.com.