Legal

Privacy Policy

Last updated: November 17, 2026

DayDeck (“DayDeck”, “we”, “us”, or “our”) builds productivity tools that bring your email, calendar, and tasks into a single prioritized deck. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.

Information we collect

  • Account information. When you sign in with Google or Microsoft, we receive your name, email address, profile picture, and a unique account identifier.
  • Connected service data. With your permission, we access content from services you connect — for example, email metadata and contents from Gmail or Outlook, events from Google Calendar, and issues from tools like Jira or Linear. We only request the scopes needed to provide the product.
  • Usage data. We collect basic product analytics (pages visited, features used, approximate device and browser type) to improve DayDeck.
  • Support communications. If you contact us, we keep a record of the message and our reply so we can follow up.

How we use information

  • To provide, maintain, and improve DayDeck.
  • To generate AI-assisted summaries, priorities, and drafts on your behalf.
  • To send service notifications and respond to support requests.
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To comply with legal obligations.

Google API user data

DayDeck's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell your Google data, do not use it for advertising, and do not let humans read it except with your explicit consent, for security investigations, or when required by law.

Atlassian (Jira) data

When you connect a Jira account, DayDeck stores OAuth access and refresh tokens (encrypted at rest), your Atlassian account identifier, and the issue data we sync — including issue titles, descriptions, status, priority, due dates, labels, assignee and reporter display names and email addresses, project metadata, and the Atlassian sites you've granted access to. We only request the OAuth scopes needed to read and sync issues (read:jira-work, read:jira-user, read:me, offline_access).

In line with Atlassian's developer policies, DayDeck implements the Atlassian Personal Data Reporting API. On a weekly cycle we report the Atlassian account identifiers we store to Atlassian. If an account has been closed, we erase all personal data we hold for it. If Atlassian indicates the data has been updated, we refetch it.

You can disconnect Jira at any time from Settings; doing so revokes our tokens and deletes the stored Jira data tied to that connection.

AI processing

To generate summaries, insights, and drafted replies, we send relevant content from your connected accounts to AI model providers. These providers process the data only to return a result to DayDeck and do not train their models on it. We do not share your data with any AI provider that has not contractually agreed to these terms.

Sharing and disclosure

We do not sell your personal information. We share information only:

  • With service providers (hosting, analytics, AI processing, email delivery) under written contracts limiting their use of the data to providing services to us.
  • To comply with laws, lawful requests, or legal process.
  • To protect the rights, property, or safety of DayDeck, our users, or the public.
  • In connection with a merger, acquisition, or sale of assets, with notice to you.

Data retention

We retain account data for as long as your account is active. Cached content from connected services is rotated according to a short retention window, and authentication and sync audit logs are automatically purged after 90 days. You can disconnect any service or delete your account at any time from Settings; once deleted, we remove your personal data within 30 days, except where retention is required by law.

Security

We use encryption in transit and at rest, scoped access controls, and audit logging. No system is perfectly secure, so we encourage you to use a strong password on your identity provider and to enable multi-factor authentication.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, use our contact page.

Children

DayDeck is not intended for children under 13, and we do not knowingly collect their data.

Changes to this policy

We may update this policy from time to time. When we do, we'll update the “Last updated” date above and, for material changes, give you reasonable notice before they take effect.

Contact

Questions about this policy? Reach us through our contact page.