Privacy Policy
Privacy Policy
Last updated: July 7, 2026
This policy explains what information DayRoot collects, how it is used, how payment and email providers may process related records, and how to contact us about privacy requests.
1. Who This Policy Covers
This Privacy Policy explains how DayRoot collects, uses, shares, and protects personal information when you use the DayRoot website, account features, reports, checkout flows, email settings, and support channels.
For personal information processed through DayRoot, DayRoot acts as the controller or business responsible for deciding how that information is used, unless a third-party provider states otherwise for its own services.
2. Information We Collect
We may collect birth date, birth time, birth place, gender or pronoun context, relationship context, saved chart data, report inputs, account information, email address, support messages, device data, log data, and usage data.
We may receive payment-related metadata from payment providers, such as payment status, product purchased, subscription status, customer email, processor customer ID, receipt links, and billing portal links. DayRoot does not store full credit card numbers.
Do not submit sensitive information that is not needed for a reading or support request, including health records, abuse details, sexual information, religious information, biometric data, government ID numbers, children's data, or emergency information.
3. How We Use Information
We use information to generate and save readings, personalize the product, provide report recovery, manage account access, process purchases, provide customer support, prevent misuse, improve product quality, and maintain security.
If you opt in to Daily DayRoot emails or product updates, we use your email address and saved reading context to send those messages. You can unsubscribe from optional emails where required.
We may use aggregated or de-identified information to understand product performance and improve the service.
4. Legal Bases for EU and UK Users
Where GDPR, UK GDPR, or similar laws apply, we rely on contract to provide purchased or account features, consent for optional emails or non-essential tracking where required, legitimate interests to operate and secure the service, and legal obligation where records must be kept.
Our legitimate interests include operating DayRoot, preventing fraud or misuse, maintaining product security, understanding product performance, supporting users, and improving reading quality and user experience.
You may withdraw consent where processing is based on consent. Withdrawal does not affect processing that happened before withdrawal.
5. Sharing and Service Providers
We may share information with service providers that help us host the product, provide databases and authentication, process payments, send email, analyze usage, prevent fraud or abuse, provide customer support, monitor reliability, or operate infrastructure.
Payments, taxes, receipts, chargebacks, refunds, and certain customer records may be handled by payment providers or merchants of record such as Paddle, Lemon Squeezy, Stripe, or other providers used by DayRoot.
We may disclose information when required by law, to protect rights and safety, or as part of a merger, acquisition, financing, or sale of assets. DayRoot does not sell personal information for money.
6. Cookies, Analytics, and Tracking
DayRoot may use essential cookies or similar technologies for login, authentication, security, checkout return paths, preferences, and core site operation.
We may use privacy-conscious analytics to understand page views, product usage, reliability, and conversion paths. If we enable non-essential analytics, advertising pixels, affiliate tracking, or email open and click tracking, we will disclose those uses and request consent where required.
You can control cookies through your browser settings. Blocking essential cookies may prevent login, checkout, report recovery, or other core features from working.
7. Retention and Security
We keep information only as long as needed for the purposes described in this policy, including account operation, report recovery, subscription and purchase records, legal compliance, dispute resolution, security, support, and product improvement.
Retention periods may depend on the data type, account status, legal obligations, payment records, fraud prevention needs, backup systems, and whether the information is needed to provide or recover a report.
We use reasonable safeguards to protect information, but no internet service can promise perfect security.
8. Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or export personal information. You may also have the right to withdraw consent where processing is based on consent.
California and other US residents may have rights to know, access, correct, delete, opt out of certain sharing or targeted advertising, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights, where applicable.
To make a request, contact support@getdayroot.com. We may verify your identity, ask for information needed to process the request, and deny or limit requests where allowed by law.
9. Children and Minors
You must be at least 18 years old, or the age of majority where you live, to use DayRoot paid services or submit relationship context. DayRoot is not directed to children.
Do not submit information about children or minors. If you believe a minor's personal information has been submitted, contact support@getdayroot.com.
10. Updates and Contact
We may update this Privacy Policy as the product changes. If we make material changes, we will post the updated version and may notify account holders by email.
For privacy requests, data questions, or support, contact support@getdayroot.com.
