Privacy Policy
Last updated: April 13, 2026
1. Introduction
DayAI ("we", "our", or "us") is operated from Nelson Bay, NSW, Australia. We operate the DayAI platform at dayai.ai and its associated subdomains (including app.dayai.ai). DayAI is a massage shop management platform that provides booking management, customer relationship management, team management, and payment processing tools for massage and spa businesses.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. By using DayAI, you consent to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name, email address, and phone number when creating an account or making a booking
- Business information: Business name, address, ABN, services offered, operating hours, and team member details (for shop owners)
- Booking data: Appointment details, service preferences, and booking history
- Payment information: Processed securely through Stripe. We do not store credit card numbers or full payment card details on our servers
- Communications: Messages sent through our platform, LINE Bot, or customer support channels
2.2 Information Collected Automatically
- Device information (browser type, operating system)
- Usage data (pages visited, features used)
- IP address and approximate location
- Authentication tokens and session data
2.3 Information from Third Parties
- Authentication data from LINE Login or Google Sign-In
- Google Business Profile data (for connected business accounts)
3. How We Use Your Information
- To provide and maintain our platform services (bookings, customer management, team management, payroll)
- To process bookings and payments
- To send booking confirmations, reminders, and service updates via SMS or email
- To enable business owners to manage their operations and communicate with customers
- To provide AI-powered features such as chat assistance, analytics, and business recommendations
- To improve, personalise, and develop new features for our services
- To detect and prevent fraud or unauthorised use
- To comply with legal obligations
4. Third-Party Services
We use the following third-party services to operate our platform. Each has its own privacy policy governing their use of data:
- Firebase / Google Cloud: Cloud infrastructure, database (Firestore), and authentication. Data is stored in the australia-southeast1 (Sydney) region. See Firebase Privacy Policy.
- Stripe: Payment processing. Stripe is PCI DSS Level 1 compliant. We do not store card details. See Stripe Privacy Policy.
- Twilio: SMS notifications for booking confirmations and reminders. See Twilio Privacy Policy.
- Resend: Transactional email delivery for booking confirmations and notifications. See Resend Privacy Policy.
- LINE: Messaging platform used for business owner communication via LINE Bot. See LINE Privacy Policy.
- Anthropic (Claude AI): AI-powered features for business assistance and analytics.
- Google Reserve with Google: When a business opts in to Reserve with Google, their business name, address, services, availability, and pricing are shared with Google to enable direct booking from Google Search and Maps. Customer booking data (name, phone, email) may be exchanged between DayAI and Google to facilitate reservations. See Google Privacy Policy.
5. Data Storage and Security
Your data is stored on Firebase / Google Cloud servers in the australia-southeast1 (Sydney, Australia) region. We implement industry-standard security measures including:
- Encryption in transit (HTTPS/TLS) for all data transfers
- Encryption at rest for stored data
- Secure authentication via Firebase Auth
- Role-based access controls
- Regular security reviews
While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Sharing
We do not sell your personal information. We may share data in the following circumstances:
- With service providers: As described in Section 4, to operate our platform
- Between businesses and customers: When you book a service, your booking details (name, phone, email, appointment time) are shared with the relevant business
- With Google (Reserve with Google): For businesses that enable Reserve with Google, business information (name, address, services, availability) and customer booking details are shared with Google to enable bookings from Google Search and Maps
- Legal requirements: When required by law, court order, or to protect the rights, safety, or property of DayAI, our users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide our services. Business data (bookings, customer records, team records) is retained as long as the business account remains active. After account deletion, we may retain certain data for up to 90 days for backup and recovery purposes, and as required by law for record-keeping obligations.
8. Your Rights
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Data portability: Request your data in a structured, machine-readable format
- Opt out: Unsubscribe from marketing communications at any time
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
- Complaint: Lodge a complaint with a relevant data protection authority
To exercise any of these rights, please contact us at manager@dayai.ai. We will respond to your request within 30 days.
9. Cookies
We use minimal cookies, primarily for authentication and session management. These are essential cookies required for the platform to function. We do not use third-party advertising or tracking cookies. You can control cookie settings through your browser, but disabling essential cookies may prevent you from using certain features of the platform.
10. Australian Privacy Act
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). If you are an Australian resident, you have rights under this legislation including the right to access and correct your personal information. If you believe we have breached the APPs, you may lodge a complaint with us first, and if unsatisfied, with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
11. GDPR Compliance
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). These include the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal bases for processing your data include: performance of a contract (providing our services), legitimate interests (improving our platform), and consent (where applicable).
For GDPR-related enquiries, please contact us at manager@dayai.ai.
12. Children's Privacy
DayAI is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date above. Your continued use of DayAI after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: