Back to Home

Privacy Policy

Last updated: 10 March 2026

1. Introduction

Welcome to DayHop (https://dayhop.ie). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Act 2018, and all applicable Irish and European data protection law.

This Privacy Policy explains what personal data we collect from you, why we collect it, how we use it, and what rights you have in relation to it. Please read it carefully.

2. Who We Are (Data Controller)

The data controller responsible for your personal data is the operator of DayHop. Pursuant to the European Communities (Directive 2000/31/EC) Regulations 2003, the following identifying information is provided:

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Data

  • Email address (required to create an account)
  • Display name (optional, provided by you)
  • Authentication provider details (e.g. Google OAuth token, if you sign in with Google)

3.2 Usage & Activity Data

  • Activities you have marked as visited
  • Trips and planned outings you create
  • Your household membership (a shared group within the app)
  • Activity suggestions you submit

3.3 Location Data

  • Browser geolocation (in-session only):When you visit the activities page, we may request access to your device's location via the browser Geolocation API to sort results by distance from you. This requires your explicit permission via your browser's permission prompt. The location is used only for that session and is never stored or associated with your account. Declining has no effect on core functionality — activities will simply be sorted by name instead.
  • Home location (registered users only): If you voluntarily set a home address in your profile, the resulting coordinates are stored to provide persistent distance-based sorting across sessions.

3.4 Technical & Analytics Data

  • IP address and browser/device information (collected automatically by our hosting infrastructure)
  • Pages visited, clicks, and navigation patterns (collected via Google Analytics)
  • Performance metrics (collected via Vercel Speed Insights)

4. Legal Basis for Processing

We rely on the following legal bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): Processing your account data, household data, and activity records is necessary to provide you with the DayHop service.
  • Legitimate Interests (Art. 6(1)(f)): We process analytics and technical data to maintain, improve, and secure the service. These interests are not overridden by your privacy rights.
  • Consent (Art. 6(1)(a)): Where we ask for your consent (e.g. location access, optional features), we will clearly indicate this and you may withdraw consent at any time.

5. How We Use Your Data

  • To create and manage your account
  • To provide the core features of DayHop (browsing activities, tracking visits, planning trips)
  • To enable household sharing with other family members
  • To send you notifications you have opted into (e.g. household invitations)
  • To improve and monitor the performance of the service
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal effects.

6. Data Sharing & Transfers

We share your data only with trusted third-party processors:

  • Supabase – our database and authentication provider. Data is stored in Switzerland (eu-central-2, Zurich). Switzerland benefits from an EU adequacy decision, meaning transfers are lawful without additional safeguards. Supabase processes data under a Data Processing Agreement (DPA).
  • Vercel – our hosting and deployment platform, running in the EU (Dublin). Vercel may process request logs temporarily.
  • Google Analytics– we use Google Analytics to understand how visitors use the site. Google may transfer data to the USA; Google Analytics 4 anonymises IP addresses by default. Google's standard Data Processing Amendment applies to our use of Google Analytics.

Where personal data is transferred outside the EEA (to Google Analytics in the USA, or to Supabase in Switzerland), such transfers are covered by appropriate safeguards: Standard Contractual Clauses (Google) or an EU adequacy decision (Switzerland).

7. Data Retention

  • Account data is retained for as long as your account is active.
  • If you delete your account, we will delete or anonymise your personal data within 30 days, unless we are required to retain it by law.
  • Analytics data is retained for 26 months in Google Analytics (standard retention).
  • Server logs are retained for up to 90 days by Vercel.

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of Access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Art. 17): You can ask us to delete your personal data (“right to be forgotten”), subject to legal exceptions.
  • Right to Restriction (Art. 18): You can ask us to restrict processing in certain circumstances.
  • Right to Data Portability (Art. 20): You can request your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): You can object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, please email us at help@tnkng.com. We will respond within one month as required by GDPR.

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie.

9. Cookies & ePrivacy

We comply with the ePrivacy Directive as transposed into Irish law by the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. 336/2011). Non-essential cookies are only placed after you give your consent through the cookie banner shown on your first visit.

We use the following types of cookies:

  • Strictly necessary cookies: Session cookies required for authentication (set by Supabase). These are exempt from the consent requirement and cannot be disabled.
  • Analytics cookies (optional — consent required):Google Analytics sets cookies to measure site usage. These are only activated if you click “Accept All” in the cookie banner. We use Google Consent Mode v2so that analytics are blocked by default until consent is given. You can change your preference at any time by clearing your browser's local storage, or opt out permanently using the Google Analytics Opt-out Browser Add-on.

10. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. These include encrypted connections (HTTPS), Row Level Security (RLS) policies on our database, and access controls. However, no internet transmission is completely secure and we cannot guarantee absolute security.

11. Children's Privacy

DayHop is designed for use by parents and guardians. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data without parental consent, please contact us at help@tnkng.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of DayHop after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

help@tnkng.com

Terms of ServiceBack to Home