This Privacy Policy describes how Daysync PTY LTD ("Daysync", "Company", "We", "Us", or "Our"), a company registered in Western Australia, Australia (ABN: 16 677 972 333), with its registered office at Level 4, 172 St Georges Terrace, Perth 6000, WA, Australia, collects, uses, discloses, and protects Your personal information when You use our website at https://www.daysync.com, our web application at https://app.daysync.com, our help centre at https://help.daysync.com, our feedback and roadmap portal at https://feedback.daysync.com, our mobile applications (iOS and Android), our desktop application, and all related services (collectively, the "Service").
By using the Service, You acknowledge that You have read and understood this Privacy Policy. If You do not agree with Our practices, please do not use the Service.
1. Definitions
"Personal Data" means any information that relates to an identified or identifiable individual, as defined under applicable data protection laws (including the Australian Privacy Act 1988, the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and Brazil's LGPD).
"Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or deletion.
"Data Controller" means the entity that determines the purposes and means of processing Personal Data. For the purposes of this Policy, Daysync is the Data Controller.
"Data Processor" means an entity that processes Personal Data on behalf of the Data Controller.
"You" / "User" means the individual accessing or using the Service.
2. Data We Collect
2.1. Information You Provide Directly
Account Information: Name, email address, password (hashed), profile picture, organisation or band name, role.
Billing Information: Name, billing address, and payment method details. Full payment card details are processed and stored by Stripe, Inc. — We do not store full card numbers on Our servers.
Content and Communications: Event details, schedules, venue information, accommodation details, guest lists, travel itineraries, notes, and any other content You upload to the Service. Also includes correspondence with Our support team.
2.2. Information Collected Automatically
Usage Data: Pages viewed, features used, actions taken, timestamps, session duration, referring URLs, and interaction patterns.
Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers, and app version.
Location Data:
Precise Geolocation (Mobile App): With Your explicit consent, We collect precise GPS location data from Your mobile device to enable location-based filtering features (such as finding nearby venues or accommodation). You can enable or disable location services at any time through Your device settings.
Approximate Location: We may infer approximate location from Your IP address.
Place Location Data: Addresses and coordinates of venues, accommodation, and other places that You add to the Service.
Log Data: IP address, access times, error logs, and diagnostic data.
2.3. Information from Third Parties
Payment Processor: Stripe provides Us with limited transaction information (e.g., last four digits of card, payment status, billing country) but never full card details.
App Stores: Apple App Store and Google Play Store may provide Us with purchase and subscription data.
Single Sign-On Providers: If You log in via a third-party provider (e.g., Google, Apple), We receive basic profile information as authorised by You.
Analytics Providers: We receive aggregated and anonymised data from analytics services.
2.4. Cookies and Tracking Technologies
We use cookies, web beacons, pixels, and similar technologies to collect information about Your use of the Service. Please refer to Our Cookie Policy for detailed information.
3. How We Use Your Data
We process Your Personal Data for the following purposes and on the following legal bases:
Purpose | Legal Basis (GDPR) |
Providing and operating the Service | Performance of contract |
Processing payments and managing subscriptions | Performance of contract |
Sending transactional emails (receipts, account alerts) | Performance of contract; Legitimate interest |
Providing customer support | Performance of contract; Legitimate interest |
Enabling location-based features | Consent |
Improving and personalising the Service | Legitimate interest |
Analysing usage patterns and trends | Legitimate interest |
Preventing fraud, abuse, and security threats | Legitimate interest; Legal obligation |
Sending marketing communications | Consent (where required); Legitimate interest |
Complying with legal obligations | Legal obligation |
Enforcing Our Terms of Service | Legitimate interest |
4. How We Share Your Data
We do not sell Your Personal Data to third parties.
We may share Your Personal Data with the following categories of recipients:
4.1. Service Providers
We engage trusted third-party service providers who process data on Our behalf, including:
Stripe, Inc. — Payment processing
Google Analytics — Usage analytics and performance monitoring
Cloud hosting providers — Data storage and infrastructure
Email service providers — Transactional and marketing emails
Freshdesk — Customer support
All service providers are contractually bound to process data only as instructed by Us and to maintain appropriate security measures.
4.2. Your Organisation and Team Members
If You are part of a team or organisation on Daysync, certain data (such as schedule details, event information, and Your name) may be visible to other authorised members of Your team.
4.3. Legal Requirements
We may disclose Your data if required to do so by law, regulation, legal process, or governmental request, or if We believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect Our rights or property; (c) prevent fraud or security threats; or (d) protect the safety of Users or the public.
4.4. Business Transfers
In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of assets, Your Personal Data may be transferred as part of that transaction. We will notify You of any such change and any choices You may have regarding Your data.
5. International Data Transfers
5.1. Daysync is based in Australia. Your data may be transferred to, and processed in, countries other than Your country of residence, including Australia and the United States.
5.2. Where We transfer Personal Data from the EU/EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, We rely on appropriate safeguards including:
Standard Contractual Clauses (SCCs) approved by the European Commission;
UK International Data Transfer Addendum where applicable;
Your explicit consent where no other mechanism is available.
5.3. For transfers from Australia, We comply with Australian Privacy Principle (APP) 8 by taking reasonable steps to ensure overseas recipients handle Your data consistently with the Australian Privacy Principles.
5.4. You may request a copy of the applicable transfer mechanism by contacting Us at [email protected].
6. Data Retention
6.1. We retain Your Personal Data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
6.2. General retention periods:
Account Data: Retained for the duration of Your account plus 30 days after account deletion (to allow for recovery), then deleted or anonymised.
Billing and Transaction Data: Retained for 7 years from the date of the transaction, as required by Australian taxation law and equivalent international requirements.
Usage and Analytics Data: Retained in identifiable form for up to 26 months, then anonymised or aggregated.
Support Correspondence: Retained for up to 3 years after the last interaction.
Location Data: Precise geolocation data is processed in real-time and not stored beyond the session, except for place locations (venues, accommodation) which are retained as part of Your User Content.
Marketing Consent Records: Retained for as long as the consent is active plus 3 years for compliance purposes.
6.3. When Personal Data is no longer needed, We will securely delete or anonymise it using industry-standard methods.
7. Data Security
7.1. We implement appropriate technical and organisational measures to protect Your Personal Data against unauthorised access, alteration, disclosure, or destruction, including:
Encryption of data in transit (TLS 1.2+) and at rest;
Access controls and authentication requirements;
Regular security assessments and penetration testing;
Employee security training;
Incident response procedures.
7.2. While We strive to protect Your Personal Data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7.3. In the event of a data breach that poses a risk to Your rights and freedoms, We will notify the relevant supervisory authority and affected individuals in accordance with applicable data protection laws (within 72 hours for GDPR, or as otherwise required).
8. Your Rights
Depending on Your jurisdiction, You may have some or all of the following rights regarding Your Personal Data:
8.1. Rights Under GDPR (EU/EEA) and UK GDPR
If You are in the EU/EEA or UK, You have the right to:
Access — Request a copy of the Personal Data We hold about You;
Rectification — Request correction of inaccurate or incomplete data;
Erasure ("Right to be Forgotten") — Request deletion of Your data, subject to certain exceptions;
Restriction — Request that We restrict processing of Your data;
Data Portability — Receive Your data in a structured, commonly used, machine-readable format;
Objection — Object to processing based on legitimate interests or for direct marketing;
Withdraw Consent — Withdraw consent at any time where processing is based on consent;
Automated Decision-Making — Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise these rights, contact Us at [email protected]. We will respond within 30 days (extendable by a further 60 days for complex requests).
Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
European Union (EU)
United Kingdom (UK)
Switzerland
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/11855174331
Supervisory Authority: You have the right to lodge a complaint with Your local data protection supervisory authority. A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the UK, contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
Exercise your data subject rights under GDPR
We provide you with an easy way to submit us privacy related request like a request to access or erase your personal data. If you want to make use of your data subject rights, please visit our Trust Center: https://app.prighter.com/portal/11855174331
8.2. Rights Under Australian Privacy Act
If You are in Australia, You have the right to access Your Personal Data held by Us, request correction of inaccurate data, and complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.
8.3. Rights Under CCPA / CPRA (California, USA)
If You are a California resident, You have the right to: know what Personal Data We collect; request deletion; request correction; opt-out of sale/sharing (We do not sell or share Personal Data as defined under CPRA); non-discrimination for exercising rights; and limit use of sensitive Personal Information.
To exercise Your CCPA/CPRA rights, contact Us at [email protected].
8.4. Rights Under LGPD (Brazil)
If You are in Brazil, You have rights under the Lei Geral de Proteção de Dados (LGPD) including access, correction, anonymisation, portability, deletion, information about sharing, and the ability to revoke consent. Contact Us at [email protected].
8.5. Rights Under POPIA (South Africa)
If You are in South Africa, You have the right to access, correct, and delete Your Personal Data under the Protection of Personal Information Act (POPIA). Contact Us at [email protected].
8.6. Rights Under PIPEDA (Canada)
If You are in Canada, You have the right to access and correct Your personal information under PIPEDA and applicable provincial legislation. Contact Us at [email protected].
9. Children's Privacy
9.1. The Service is not intended for children under 16 years of age. We do not knowingly collect Personal Data from children under 16.
9.2. If We become aware that We have collected Personal Data from a child under 16, We will take steps to promptly delete that data.
9.3. If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us at [email protected].
10. Third-Party Links and Services
The Service may contain links to third-party websites or services not operated by Us. We are not responsible for the privacy practices of these third parties. We encourage You to review the privacy policies of any third-party services You access through the Service.
11. Marketing Communications
11.1. With Your consent (where required by law), We may send You promotional emails about new features, special offers, or other information we think You may find interesting.
11.2. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, updating Your preferences in Your account settings, or contacting Us at [email protected].
11.3. Even if You opt out of marketing communications, We may still send You essential transactional and service-related messages.
12. Automated Decision-Making
We do not currently use automated decision-making or profiling that produces legal or similarly significant effects on You. If this changes, We will update this Privacy Policy and provide appropriate notice and opt-out mechanisms.
13. Changes to This Privacy Policy
13.1. We may update this Privacy Policy from time to time. We will notify You of material changes by posting the updated policy on the Service, updating the "Last Updated" date, and sending an email notification at least 30 days before the changes take effect.
13.2. Your continued use of the Service after the effective date constitutes Your acceptance of the updated Privacy Policy. If You do not agree, You should discontinue use of the Service.
14. Data Protection Officer
We are in the process of formally appointing a Data Protection Officer (DPO). Until the DPO is appointed, all data protection enquiries should be directed to:
Privacy Team
Daysync PTY LTD
Level 4, 172 St Georges Terrace
Perth 6000, WA, Australia
Email: [email protected]
15. Contact Us
If You have any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us:
Privacy Enquiries: [email protected]
General Support: [email protected]
Legal: [email protected]
Postal Address: Daysync PTY LTD, Level 4, 172 St Georges Terrace, Perth 6000, WA, Australia