Day Coordinator
Sign inGet started

Privacy Policy

Last updated: June 2, 2026

Day Coordinator (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event coordination platform (the “Service”). By using the Service, you agree to the practices described in this policy.

Day Coordinator is a sole proprietorship based in British Columbia, Canada. We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act(PIPA), the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA), as applicable.

1. Information We Collect

1.1 Account Data

When you sign in via magic link, we collect your email address from Supabase Auth. During onboarding you provide your first name and last name (required), and optionally your phone number (stored in E.164 format, e.g. +1XXXXXXXXXX) and company name. Phone numbers are collected solely for SMS notifications and are never used for authentication.

1.2 Event Data

When you create an event, we store the event’s title, description, date and time, timezone, and optional venue assignment. Events may also have a public-facing slug if you enable the public timeline feature.

1.3 Task & Timeline Data

We store the tasks you create within each event, including task titles, descriptions, scheduled start and end times, durations, dependency relationships between tasks, assignments to team members, and actual start and completion times recorded during live mode.

1.4 Vendor Data

When you add vendors to an event, we store vendor names, email addresses, phone numbers, company names, and job titles as provided by you. Vendors who accept your invitation may also provide additional contact details during the join process.

1.5 Venue Data

We store venue information you save to your account, including venue name, street address, geographic coordinates (latitude/longitude), and venue contact names, phone numbers, and email addresses.

1.6 Activity Logs

We maintain an audit trail of actions taken within each event, such as task creation, status changes, and notification sends. These logs include the action type, timestamp, and which user performed the action.

1.7 Notification Records

When notifications are sent (email or SMS), we record the notification type, delivery channel, recipient, status, and timestamp to ensure idempotency and track delivery.

1.8 Cookies & Tracking

We use only one cookie: the Supabase authentication session cookie (sb-*-auth-token), which is strictly necessary to keep you signed in. We do not use analytics cookies, advertising cookies, tracking pixels, fingerprinting scripts, or any other tracking technology. We do not integrate with Google Analytics, Facebook Pixel, or any third-party analytics service.

2. How We Use Your Data

We use your data exclusively for the following purposes:

  • Service delivery: Providing the core event coordination features — timeline management, task scheduling, dependency resolution, vendor coordination, and live mode tracking.
  • Authentication: Sending magic link sign-in emails so you can access your account.
  • Vendor invitations: Sending invitation emails to vendors you add to your events.
  • Notifications: Sending task reminders, delay alerts, and event status updates via email or SMS, based on your notification preferences.
  • Payment processing: Processing payments for paid features through a third-party payment processor. We never store full payment card details.
  • Maps & location: Displaying venue locations on maps using publicly available map tiles.
  • Real-time updates: Broadcasting event changes to connected team members during live events.
  • Audit & security: Maintaining activity logs for troubleshooting, security monitoring, and service improvement.

We do not use your data for advertising, profiling, automated decision-making, or any purpose beyond operating and improving the Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing personal data are:

  • Contractual necessity: Processing your email, event data, and task data is necessary to provide the Service you have requested.
  • Legitimate interests: We process activity logs and notification records to maintain service security, debug issues, and improve the platform. These interests are balanced against your rights and do not override them.
  • Consent: SMS notifications require your explicit consent. You provide your phone number optionally during onboarding with clear notice that it is used only for event notifications. You may withdraw this consent at any time through your account settings or by contacting us.

4. Data Sharing & Third-Party Services

We do not sell, rent, trade, or otherwise disclose your personal data to third parties for their own marketing or commercial purposes. We share data only with the following categories of service providers, and only to the extent necessary to operate the Service:

Cloud Infrastructure & Authentication

Your account data, event data, task data, vendor contacts, venues, and activity logs are stored with our cloud database and authentication provider. This provider also handles sign-in and real-time updates during live events.

Email Delivery

We use a transactional email service to deliver magic-link sign-in emails, vendor invitation emails, and event notification emails. This provider receives your email address and the content of the message being delivered.

SMS Delivery

If you opt in to SMS notifications, we use an SMS delivery provider to send text messages to your phone number. This provider receives your phone number and message content.

Payment Processing

Payments for paid features are processed by a third-party payment processor. This provider collects and processes your payment method details directly — we never receive or store full credit card numbers.

Maps

Venue locations are displayed using an open-source map library with publicly available map tiles. When a map is shown, your browser may make requests to a tile server. No personal data is sent in these requests.

5. Data Retention

We retain your data only as long as necessary:

  • Account data: Retained until you delete your account or request deletion.
  • Event data (including tasks, vendors, and activity logs): Retained until you delete the event or your account. Deleting an event cascades to remove all associated tasks, vendor assignments, and activity logs.
  • Venue data: Retained until you delete the venue or your account.
  • Notification records: Retained for 90 days after the notification is sent, after which they are eligible for deletion.

6. Your Data Protection Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, delete, or export your data, and to withdraw consent where processing is based on consent. To exercise any of these rights, contact us at daycoordinator.org@gmail.com. We will respond within 30 days and may need to verify your identity before fulfilling your request.

7. International Data Transfers

Day Coordinator is based in Canada, and your data is stored on Supabase servers in the United States. If you are located outside Canada or the United States, your data will be transferred to and processed in these countries. We rely on appropriate safeguards, including standard contractual clauses and the adequacy of Canadian privacy law under GDPR, to ensure your data remains protected. By using the Service, you consent to this transfer.

8. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has provided us with personal data, we will delete it promptly. If you believe we may have collected data from a minor, please contact us immediately.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest (Supabase-managed encryption).
  • Rate limiting on authentication endpoints to prevent abuse.
  • Event-scoped access controls — every database query enforces event-level data isolation.
  • Idempotent notification delivery to prevent duplicate messages.

In accordance with British Columbia’s PIPA, in the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the BC Office of the Information & Privacy Commissioner without unreasonable delay.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Canada’s Anti-Spam Legislation (CASL)

Emails we send fall into two categories:

  • Transactional messages— magic-link sign-in emails, vendor invitation emails sent at your direction, and event notification emails. These are exempt from CASL’s consent requirements as they are essential to providing the Service.
  • SMS notifications — sent only with your express consent, provided during onboarding. You may withdraw this consent at any time.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the email address associated with your account or through an in-app notice before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, contact us at:

Day Coordinator
Kamloops, British Columbia, Canada
daycoordinator.org@gmail.com