Privacy Policy

Contractual necessity: Account data and campaign data are processed to deliver the service you signed up for.

Legal obligation: NDA signature data (name, email, IP address, timestamp) is retained as evidence of a legally binding agreement.

Consent: Newsletter subscriptions and client-configured Google Analytics on landing pages require your explicit consent. You can withdraw consent at any time.

Legitimate interest: Aggregate campaign performance counters (views, clicks, segment breakdowns) are processed under legitimate interest to provide campaign reporting to page owners. Subscribe-page and UTM data are similarly captured under legitimate interest for newsletter personalization, as disclosed at subscription time.

Vercel: Hosting and content delivery for dayclerk.com. Vercel processes server request logs that may include visitor IP addresses as part of standard infrastructure operation. These logs are controlled by Vercel under their own privacy policy and are not accessible to DayClerk at the application level.

Supabase: Database and file storage hosting (US region). All user, campaign, and uploaded file data is stored in Supabase-managed infrastructure. Supabase is SOC 2 Type II certified.

Anthropic (Claude API): AI generation of campaign content. Campaign briefs and segment descriptions are sent to Anthropic's API for processing. Anthropic's API does not retain inputs for model training by default.

Resend: Transactional email delivery (account notifications, newsletter welcome emails). Data processed: email address, name.

Mailchimp: Newsletter list management and bulk email delivery. Data shared: email address, name, subscription preferences.

Google Analytics 4: Usage analytics on DayClerk-owned pages (with your consent only). Also used on client campaign landing pages as described in Section 2 above.

Pexels: Stock photography for campaign pages. No personal data is shared.

Account and campaign data is retained for as long as your account is active.

Uploaded campaign documents are retained in encrypted storage for the duration of the campaign and destroyed when the campaign expires or the associated landing page is deleted.

NDA signature records (name, email, IP address, timestamp) are retained for 7 years from the date of signing as required for legal agreement records, after which they are permanently deleted.

Newsletter subscriber data is retained while you are subscribed, or for up to 2 years after unsubscribing, whichever is shorter.

Access: You can request a copy of the data we hold about you.

Correction: You can update your account information at any time.

Erasure: You can request deletion of your data via our contact page. Note that NDA signature records may be exempt from erasure requests where retention is required for legal compliance. Newsletter subscribers can also manage and delete their subscription data via the preference center link in any email we send.

Unsubscribe: Every marketing email includes a one-click unsubscribe link. You can also manage preferences at dayclerk.com/newsletter/preferences.

Consent preference: We store your analytics choice in browser local storage under the key dc_ga_consent. This is not a cookie — it stays on your device and is never transmitted to our servers.

Deduplication keys: To avoid counting the same device twice, DayClerk's native performance counters store small flags in your browser's local storage (e.g. cplus_viewed_<pageId>). These are never transmitted to our servers and contain no personal information.

Google Analytics cookie (optional, consent required): If a page owner has connected GA4 and you accept the analytics banner, Google sets a _ga cookie on dayclerk.com containing a unique client ID. This cookie is used by the page owner's GA4 property only. DayClerk does not read or store it.

No advertising cookies, cross-site tracking cookies, or any other third-party cookies are used beyond what is described above.