← Back to home

Privacy Policy

Last updated: December 3, 2025

Introduction

Daylane ("we", "our", or "us") is a scheduling service that connects to your iCloud Calendar to help you share availability and book meetings. This Privacy Policy describes the personal data we collect, how we use it, how we share it, and the choices you have.

Information We Collect

  • Account Information: Your email and name from Apple Sign-In or email magic link, plus profile details you provide (display name, booking slug, timezone, default meeting link).
  • Availability & Preferences: Availability rules you configure (days, time ranges, buffers, slot duration) and booking page settings.
  • Calendar Connection Details: iCloud email, selected calendar URL/name, and an app-specific password stored encrypted in Supabase Vault. We fetch busy times from iCloud and create events there; we do not store your existing iCloud events in Daylane.
  • Booking Data: For each booking we store invitee name and email, selected time slot, notes, meeting URL (if provided), booking status, and generated iCal UID. Calendar events are created in your connected iCloud calendar.
  • Communications: Email content and ICS attachments we send via our provider (e.g., booking confirmations and notifications).
  • Technical Data: IP address and basic request metadata used for rate limiting and security. Authentication uses cookies set by Supabase; no advertising or cross-site tracking cookies are used.

How We Use Your Information

  • Authenticate you and operate the service (Supabase auth and sessions)
  • Show your availability, process booking requests, and create calendar events in your iCloud calendar
  • Send booking confirmations and notifications to hosts and invitees
  • Secure the service (rate limiting, fraud/abuse prevention, logging)
  • Maintain and improve product reliability and support

How We Share Information

We do not sell your data. We share it only with service providers needed to run Daylane:

  • Supabase: Authentication, Postgres database, and Vault for storing iCloud app passwords.
  • Apple: For Apple Sign-In authentication.
  • iCloud (CalDAV): To fetch busy times and create calendar events in your selected calendar; we do not persist your existing iCloud events in our database.
  • Resend (email delivery): To send booking confirmations/notifications with ICS attachments.
  • Upstash (rate limiting): To protect the service; receives IP addresses and basic request metadata.
  • Hosting and infrastructure: Providers we use to deliver the app (e.g., cloud hosting and logging) may process data as our processors.

Security

We use encryption in transit and at rest through our providers. iCloud app-specific passwords are stored in Supabase Vault (not in plaintext) and retrieved server-side when needed to check availability or create events. Access to credentials and bookings is restricted to authenticated users and service-role operations. No method of transmission or storage is 100% secure, but we apply least-privilege access and monitor for abuse.

Data Retention & Deletion

  • Account, availability, and booking data are retained while your account is active.
  • You can disconnect iCloud at any time; doing so deletes the stored app-specific password from Vault and removes the connection record.
  • Booking records (including invitee details, notes, and iCal UID) are kept so you can manage your history. Contact us to delete bookings or your account; deletion removes associated credentials and profile data from our systems.
  • Rate-limit and email delivery logs are retained by our providers for a limited period consistent with their service terms.

Cookies & Tracking

We use Supabase auth cookies to keep you signed in. We do not use advertising cookies or third-party tracking pixels. Local storage may be used for product preferences.

Your Rights

You may:

  • Access, correct, or delete your account data
  • Disconnect your iCloud calendar at any time
  • Request export of your data
  • Object to or restrict certain processing where applicable

Contact us to exercise these rights.

Children

Daylane is not directed to children under 13 (or the age required in your jurisdiction). We do not knowingly collect their data.

Changes to This Policy

We may update this Privacy Policy from time to time. We will change the "Last updated" date when we do. Material changes will be communicated through the service or by email when appropriate.

Contact Us

Questions or requests? Email us at privacy@daylane.app.