Privacy Policy

1. Data categories we process

Daycade processes only data required to deliver the service, secure operations, and manage billing.

• Account data: email address and authentication metadata from Google OAuth.
• Contract metadata: wallet address, contract identifiers, beneficiary contact details, timers, and storage references.
• Operational logs: IP, timestamps, error traces, anti-abuse and security events.
• Billing data: Stripe customer/subscription/payment identifiers and transaction status.

2. Why we process this data

We process this data to operate contracts, enforce account security, send service emails, prevent abuse, and comply with legal obligations.

• Account access and session protection.
• Contract lifecycle actions: creation, updates, activity checks, recovery workflow.
• Reminder/recovery email sending and delivery diagnostics.
• Fraud prevention, incident response, and legal compliance.

3. External providers involved

Daycade relies on third-party services that process part of your data under their own terms and availability constraints.

• Google OAuth for account authentication.
• Blockchain infrastructure (Sui network and RPC providers) for on-chain contract state.
• Decentralized storage infrastructure (including Walrus integrations) for encrypted payload hosting.
• Email delivery providers for reminders and recovery messages.
• Stripe for billing, invoices, and payment events.
• Hosting/infrastructure providers for platform availability and logs.

4. On-chain and decentralized data warning

Some metadata is written to blockchain systems or decentralized storage references that are not controlled like a traditional private database.

• Blockchain records are generally immutable and may remain visible permanently.
• Decentralized storage references can persist across distributed nodes.
• Deletion, correction, or full erasure may be technically impossible for some on-chain or distributed records.

5. Security and encryption limits

Daycade uses encryption and operational safeguards, but no system can guarantee absolute security or uninterrupted access.

• Encrypted design reduces risk but does not eliminate all technical vulnerabilities.
• Incidents, bugs, provider outages, network failures, or attacks may impact availability.
• Daycade cannot guarantee perpetual accessibility, perfect delivery, or recoverability in every scenario.

6. Retention periods

Data is retained for operational, security, contractual, and legal reasons, then deleted or anonymized when feasible.

• Account and billing records can be retained for legal/accounting obligations.
• Security and audit logs can be retained to investigate abuse and incidents.
• Retention can differ depending on legal duties, litigation holds, and technical constraints.

7. Billing and payment data

Payments and invoices are managed through Stripe. Daycade does not store full card details on its own servers.

• Stripe handles payment instruments and card compliance.
• Daycade stores payment status and references needed to provide the service.
• Billing disputes, chargebacks, and payment failures can affect access to paid features.

8. Your rights and practical limits

You may request access, correction, or deletion of off-chain personal data where legally and technically possible.

• Requests can be limited by legal obligations and security requirements.
• On-chain/decentralized records may not be erasable or editable.
• Identity verification can be required before processing rights requests.

9. Liability boundary for data incidents

To the maximum extent permitted by law, Daycade is not liable for indirect or consequential losses caused by third-party failures, network incidents, delayed emails, inaccessible data, or irreversible on-chain constraints.