Privacy Policy

1. Data Controller

DayPing is operated from Berlin, Germany. For any privacy-related questions, please contact us at support@dayping.de.

2. Data We Collect

We collect only the data necessary to provide our service:

• Username and email address (account registration)
• Selected state or region (to show relevant holidays)
• Notification preferences (reminder settings)
• Subscription status (plan type, active or canceled)
• Technical logs (IP address, timestamps, browser/device info) for security and reliability

3. Purposes of Processing

We process your data for the following purposes:

• Delivering holiday reminders and notifications
• Generating personalized trip suggestions
• Managing your account and preferences
• Processing subscriptions and billing
• Ensuring security, preventing fraud, and maintaining service reliability

4. Legal Bases (Art. 6 GDPR)

We process personal data based on the following legal grounds:

• Contract necessity — to deliver the service you signed up for, including account management and subscriptions (Art. 6(1)(b))
• Legal obligation — to comply with accounting, tax, and regulatory requirements (Art. 6(1)(c))
• Legitimate interests — to maintain security, prevent abuse, and ensure service reliability (Art. 6(1)(f))
• Consent — only where explicitly required, such as optional communications; we currently use only essential cookies (Art. 6(1)(a))

5. Data Sharing

We do not sell your personal data. We share data only with trusted service providers who help us operate the platform:

• Stripe — payment processing (Stripe receives billing data; we do not store card numbers or bank details)
• Infrastructure providers — hosting and email delivery services

6. International Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your data only as long as necessary:

• Account data — kept while your account is active; deleted from active systems within 30 days after account deletion
• Billing records — retained for the period required by applicable tax and accounting laws
• Technical logs — kept for 30 to 90 days for security and troubleshooting purposes

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — obtain a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data
• Right to restriction — limit how your data is processed
• Right to data portability — receive your data in a portable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, withdraw it at any time

9. Supervisory Authority

You have the right to lodge a complaint with the data protection supervisory authority. For DayPing, the competent authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59–61, 10555 Berlin, Germany. Email: mailbox@datenschutz-berlin.de. Website: datenschutz-berlin.de.

10. Children

DayPing is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this page periodically.