Privacy Policy

1 Who We Are

Daybar ("we", "our", "us") is an independently developed macOS application created by Viet Cao, an individual developer. For privacy inquiries contact us at support@daybar.app.

2 What Data We Collect

Daybar operates with a local-first, privacy-by-default architecture. The following summarizes all data handling:

3 What We Do Not Collect

We explicitly do not collect, transmit, or store:

• Your name, email address, or contact information (unless you email us for support)
• Your calendar events, meeting titles, or attendees
• Your tasks or to-do items
• Your location or IP address via the app
• Device identifiers, advertising IDs, or fingerprints
• Usage telemetry or crash reports (we plan to add opt-in crash reporting in a future version)

There is no Daybar server that receives your calendar data. The app communicates directly from your Mac to Google, Microsoft, or Apple servers using your credentials.

4 Calendar Integrations

Google Calendar: Daybar uses OAuth 2.0 to request read and write access to your Google Calendar. Your access token and refresh token are encrypted and stored exclusively in macOS Keychain using Electron's safeStorage API (AES-256 backed by your system login keychain). Daybar communicates directly with the Google Calendar API from your Mac - no data is routed through our infrastructure.

Microsoft Outlook / Office 365: The same principles apply. Daybar uses the PKCE OAuth 2.0 flow (no client secret required). Tokens are stored in macOS Keychain. Microsoft Graph API requests are made directly from your device.

Apple Calendar (iCloud): Daybar accesses Apple Calendar via macOS EventKit / AppleScript. No data leaves your device for this integration. You may be prompted by macOS to grant calendar access permission.

You can revoke Daybar's calendar access at any time by removing the account from Daybar Settings, or directly from your Google / Microsoft account security settings.

5 License and Purchases

Daybar Pro is sold via Lemon Squeezy (a Merchant of Record). When you purchase:

• Lemon Squeezy collects your payment details, email, and billing address. Lemon Squeezy is the legal seller and processes all tax (including EU VAT) on our behalf. See Lemon Squeezy's Privacy Policy.
• Your license key is stored locally on your device. Daybar sends the key and a device identifier to Lemon Squeezy's License API solely to validate your purchase. No other data is included in this request.
• We receive a summary notification of your purchase (a generated order ID) but do not receive your payment card details, full name, or address.

6 Website Analytics

Our marketing website (daybar.app) uses Umami Analytics, a privacy-focused, open-source analytics platform.

• No cookies are set
• No personal data is collected
• No cross-site tracking
• Data is hosted in the EU (Frankfurt) and is not shared with third parties
• Umami collects only: page views, referrer (which website linked to us), browser type, country (derived from anonymized IP - IP address is never stored), and screen size

This analytics is compliant with GDPR, PECR, and CCPA with no consent banner required.

7 Data Storage and Security

All sensitive data stored by Daybar on your device uses macOS platform security:

• OAuth tokens - stored via Electron safeStorage, which uses AES-256 encryption backed by your macOS login keychain. Only Daybar can decrypt these values.
• Settings and preferences - stored in localStorage within Electron's app partition (not accessible to other applications or websites).
• License key - stored in localStorage, a string that can only validate your purchase and contains no personal information.

Daybar does not operate any servers, databases, or cloud infrastructure that stores user data. We cannot access your data because we do not receive it.

8 Third-Party Services

Daybar interacts with the following third-party services on your behalf. Each has its own privacy policy:

• Google Privacy Policy - Google Calendar API
• Microsoft Privacy Statement - Microsoft Graph / Outlook Calendar
• Apple Privacy Policy - Apple Calendar / iCloud
• Lemon Squeezy Privacy Policy - Payment processing
• Umami Privacy Policy - Website analytics

9 Children's Privacy

Daybar is not directed to children under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at support@daybar.app and we will delete it promptly.

10 Your Rights (GDPR / CCPA)

Because Daybar does not collect or store personal data on our servers, most traditional data rights (access, portability, deletion) are satisfied automatically - your data stays on your device and you control it entirely.

However, for any data held by our payment processor (Lemon Squeezy) as part of a purchase:

• Right to access - email support@daybar.app and we will provide any information we hold about your purchase
• Right to deletion - we will delete your purchase record and deactivate your license upon request. Note: Lemon Squeezy retains transaction records as required by law.
• Right to opt out - website analytics can be opted out of by enabling "Do Not Track" in your browser. Umami respects this signal.

To exercise any rights, contact us at support@daybar.app. We will respond within 30 days.

11 Changes to This Policy

We may update this Privacy Policy as the app evolves. When we make significant changes, we will update the "Last updated" date at the top of this page. Continued use of Daybar after changes constitutes acceptance of the updated policy.

We will never change this policy in a way that begins collecting your calendar data or personal information without your explicit consent.

12 Contact

For privacy questions, data requests, or concerns:

• Email: support@daybar.app
• Response time: Within 5 business days