Your Privacy Matters

DayVA, operated by BrightFlow Labs ("we," "us," or "our"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax residency and compliance tracking application.

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and password when you create an account
• Travel Data: Countries visited, entry and exit dates, and travel history you input into the application
• Tax Residency Information: Data related to your tax residency status and compliance tracking
• Visa and Immigration Data: Visa types, validity periods, and related documentation you choose to store
• Communication Data: Information you provide when contacting our support team

We use your information to:

• Provide, maintain, and improve our services
• Calculate tax residency days and compliance requirements
• Send you important updates and notifications
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to enhance user experience
• Detect, prevent, and address technical issues and security threats

Marketing Communications: If you opt in, we may send you product updates, feature announcements, or marketing communications about DayVA. You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us at privacy@dayva.io.

We process your personal data based on the following legal grounds:

• Contractual Necessity: To provide the services you request and fulfill our obligations under our Terms of Service
• Legal Obligations: To comply with tax, data protection, and other applicable laws and regulations
• Consent: Where you have given explicit permission (e.g., for marketing communications or optional features)
• Legitimate Interests: To maintain security, improve our services, prevent fraud, and enhance user experience

You have the right to object to processing based on legitimate interests and to withdraw consent at any time where processing is based on consent.

Your data is stored securely using industry-standard encryption and security measures. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but remain committed to protecting your information.

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our application
• Legal Compliance: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, sale, or acquisition of our business
• With Your Consent: When you explicitly agree to share your information

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained until you delete your account or request deletion
• Travel and Residency Data: Retained until account deletion or upon your request
• Financial and Transactional Data: Retained for up to 7 years to comply with legal and tax obligations
• Communication Records: Retained for up to 3 years for customer service and legal purposes

After the retention period expires, we will securely delete or anonymize your personal data unless we are required by law to retain it longer.

Depending on your location, you may have the following rights:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Data Portability: Receive your data in a structured, machine-readable format
• Withdrawal of Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@dayva.io. We will respond to your request within 30 days.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your privacy concerns.

While we encourage you to contact us first at privacy@dayva.io, you have the right to file a complaint directly with the relevant authority in your jurisdiction.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our services.

Essential Cookies: Some cookies are necessary for the operation of our service, including authentication and security features. These cannot be disabled.

Optional Cookies: We also use analytics and performance cookies to understand how you use DayVA. You can opt out of non-essential cookies through your browser preferences or our cookie consent banner.

For more information about managing cookies, please visit your browser's help documentation.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions recognizing equivalent data protection standards, or other legally recognized transfer mechanisms in accordance with GDPR and applicable data protection regulations.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal data we collect, use, and share
• Right to Delete: Request deletion of your personal data, subject to certain exceptions
• Right to Opt-Out: Opt out of the sale of personal data (note: we do not sell personal data)
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

Important: We do not sell your personal information to third parties for monetary or other valuable consideration.

To exercise your CCPA rights, please contact us at privacy@dayva.io. We will verify your identity before processing your request.

DayVA is not intended for users under the age of 16. If you are between 16 and 18 years of age, you may only use our services with the consent and supervision of a parent or legal guardian.

We do not knowingly collect personal information from children under 16. If you become aware that a child under 16 has provided us with personal data without parental consent, please contact us immediately at privacy@dayva.io, and we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.