Privacy Policy

1. Information we collect

We collect information that is reasonably necessary to provide and improve the Service. Depending on how you use Daylah, this may include:

Account & contact information

Name, email address, password (stored in hashed form), and any profile information you choose to provide when creating or managing an account.

Content you create or upload

Family schedules, reminders, notes, lists, tasks, messages, and any files or documents you choose to upload or store through the Service. We treat this content as described in Section 6 (File & data transfers).

Usage information

Information about how you interact with the Service, including features used, pages visited, actions taken, session durations, and error events. This helps us maintain reliability and improve the product.

Device & technical information

IP address, browser type and version, operating system, device identifiers, and general geographic location (country or city level) derived from your IP address.

Communications

If you contact us for support or feedback, we retain the content of that communication and any contact details you provide.

2. How we use information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Authenticate users and keep accounts secure
• Process and store content and files you submit
• Send transactional communications (e.g. password resets, account notices)
• Send product updates or announcements where you have opted in or where permitted by law
• Diagnose technical problems and monitor service health
• Understand how users interact with the Service to guide product development
• Prevent fraud, abuse, or violations of our Terms of Service
• Comply with applicable legal obligations

We do not sell personal information to third parties. We do not use your content to train AI or machine learning models without your explicit consent.

Use of automated processing and AI

Certain features of the Service may use automated processing, including artificial intelligence or machine learning systems, to analyse, organise, generate, classify, extract, or recommend content based on the information you provide. We use such technologies solely to provide, maintain, secure, and improve the Service. We do not use your personal data or content to train general-purpose AI models without your explicit consent.

Outputs generated by automated systems may not always be accurate, complete, or suitable for your particular circumstances. You are responsible for reviewing and verifying important outputs before relying on them.

3. Legal basis for processing

Where data protection law requires a legal basis for processing personal information, we rely on one or more of the following:

• Contract performance — processing necessary to provide the Service you have requested or to fulfil our agreement with you.
• Legitimate interests — processing necessary for our legitimate interests in operating, securing, and improving the Service, provided those interests are not overridden by your rights.
• Legal obligation — processing necessary to comply with applicable laws and regulations.
• Consent — where we ask for your consent (e.g. for optional analytics cookies or marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. Cookies & tracking technologies

Our website and Service use cookies and similar technologies (collectively, "cookies") to operate the Service and understand how it is used.

Types of cookies we use

• Strictly necessary cookies — required for the Service to function (e.g. session authentication, security tokens). These cannot be disabled.
• Functional cookies — remember your preferences and settings to improve your experience.
• Analytics cookies — help us understand usage patterns and improve the Service. These are only set with your consent where required by law.

Your cookie choices

When you first visit our website, we present a cookie notice where required by law. You can manage your preferences through that notice or via your browser settings. Blocking strictly necessary cookies may affect Service functionality.

You may be able to manage your cookie preferences through your browser settings or through controls we make available within the Service. Where required by law, we will obtain your consent before placing non-essential cookies, such as analytics or similar measurement technologies.

Third-party tracking

We may use third-party analytics providers (such as an analytics service) that set their own cookies. These providers are subject to their own privacy policies, and we require them to process data only on our behalf and in accordance with our instructions.

5. Data storage & security

We implement commercially reasonable technical and organisational security measures designed to protect personal information against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encryption at rest for sensitive data, access controls, and regular security reviews.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a security incident, we will notify affected users and relevant authorities as required by applicable law (see Section 15).

6. File & data transfers

Daylah allows users to upload, store, sync, and exchange files and data between devices and family members through our servers. When you use these features:

• Files and data you upload are transmitted over encrypted connections (TLS) and stored on our servers in encrypted form.
• Files you share with other members of your family group are accessible to those members in accordance with the permissions you configure.
• We process file content only to the extent necessary to store, transmit, display, and deliver it to you and the people you choose to share it with.
• We do not access, read, or analyse the content of your files for advertising or AI training purposes without your explicit consent.
• Where files are processed by third-party infrastructure providers (e.g. cloud storage), those providers act as data processors under our instructions and are subject to appropriate data processing agreements.

7. Service providers

We use trusted third-party service providers to help us operate the Service. These may include providers of cloud infrastructure and hosting, email and notifications, analytics, error monitoring, security and fraud prevention, and customer support tooling.

We enter into data processing agreements with providers that process personal information on our behalf, requiring them to maintain appropriate security and confidentiality standards and to process data only for specified purposes. We do not authorise service providers to use your personal information for their own independent purposes.

A current list of our key sub-processors is available on request by contacting us at hello@syanlabs.com. We may update our service providers from time to time as our business and technical needs evolve.

8. International transfers

Syan Labs is based in Singapore. The Service is operated using infrastructure that may be located in Singapore, the United States, or other countries. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information may be transferred to and processed in countries that do not provide the same level of data protection as your home country.

Where such transfers occur, we take steps to ensure appropriate safeguards are in place, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Addendum where applicable
• Adequacy decisions where the destination country has been recognised as providing adequate protection

You may request information about the safeguards applicable to a particular transfer by contacting us at hello@syanlabs.com.

9. Data retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain business and legal records, resolve disputes, enforce our agreements, and comply with applicable law.

In general:

• Account data is retained for the duration of your account and for a reasonable period after account deletion to comply with legal obligations.
• Content and files you store in Daylah are retained until you delete them or until your account is deleted, after which they are removed from our production systems within 30 days and from backups within 90 days.
• Usage and analytics data may be retained in aggregated or anonymised form for longer periods.

When you delete your account, we will delete or anonymise your personal information subject to the above timelines and any legal retention obligations.

10. Children & family data

Daylah is designed for family use and accounts must be created and managed by adults (aged 18 or over, or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information directly from children under 13 (or under 16 where required by applicable law).

Because Daylah is a family product, information relating to children in your family (such as schedules or reminders created by an adult account holder) may be stored in the Service. In this case, the adult account holder is responsible for ensuring that the storage of such information is appropriate and compliant with applicable law.

If you believe that a child has provided personal information to us without appropriate parental or guardian consent, please contact us at hello@syanlabs.com and we will take steps to investigate and remove that information where required.

11. Your rights & choices

Depending on your location, you may have the following rights in relation to your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion of your personal information, subject to legal retention obligations.
• Restriction — request that we restrict processing of your information in certain circumstances.
• Portability — receive your personal information in a structured, commonly used, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent — where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at hello@syanlabs.com. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal information in accordance with applicable law.

12. EEA, UK & Swiss users GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional information applies.

Data controller

Syan Labs Pte. Ltd., Singapore is the data controller of your personal information. Our contact details are set out in Section 17.

Legal bases

The legal bases for our processing activities are described in Section 3. Where processing is based on legitimate interests, those interests are the operation, security, and improvement of the Service.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or where an alleged infringement occurred. In the UK, the relevant authority is the Information Commissioner's Office (ICO). In Switzerland, it is the Federal Data Protection and Information Commissioner (FDPIC).

Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.

13. California users CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights:

• Know — the categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties with whom we share it.
• Delete — request deletion of your personal information, subject to certain exceptions.
• Correct — request correction of inaccurate personal information.
• Opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising.
• Limit use of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the Service.
• Non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at hello@syanlabs.com. We will verify your identity and respond within 45 days.

14. Singapore users PDPA

As a Singapore-incorporated company, we comply with the Personal Data Protection Act 2012 (PDPA) as amended. In addition to the rights described in Section 11, Singapore residents may:

• Request access to personal data we hold about you and information about how it has been used or disclosed in the past 12 months.
• Request correction of personal data that is inaccurate, incomplete, misleading, or not up to date.
• Withdraw consent to the collection, use, or disclosure of personal data at any time, with reasonable notice, subject to legal and contractual restrictions. Withdrawal of consent may affect our ability to provide the Service.

We have appointed a Data Protection Officer (DPO) who can be contacted at hello@syanlabs.com. In the event of a data breach that is likely to result in significant harm, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as required under the PDPA.

15. Data breach notification

In the event of a personal data breach that is likely to result in significant harm to individuals, or as otherwise required by applicable law, we will:

• Notify relevant supervisory authorities within the timeframe required by applicable law (e.g. 72 hours under GDPR; 3 business days under Singapore PDPA).
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms or significant harm.
• Take prompt steps to contain the breach and mitigate its impact.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the Service, our practices, or applicable legal requirements. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by sending a notice via the Service or by email. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

17. Contact & Data Protection Officer

If you have questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle personal information, please contact us:

• Email: hello@syanlabs.com
• Data Protection Officer: privacy@syanlabs.com
• Postal: Syan Labs Pte. Ltd., Singapore

We will acknowledge your enquiry promptly and respond within the timeframe required by applicable law.