Privacy Policy

Last updated: June 7, 2026

TendersLab LTD (“Daywatch”, “we”, “us”) operates the Daywatch AI Shift Coordination platform. This policy explains what personal data we collect, why, and your rights — whether you are located in the European Union, United States, Israel, or elsewhere.

1. Data We Collect

  • Account data: name, work email address, hashed password (or Google OAuth identity if you sign up via Google).
  • Organisation profile data (collected during onboarding): organisation name, team name, industry/sector, geographic location (country/city), and organisation phone number — as provided during the setup wizard. This information is used for account administration and to tailor the service to your industry.
  • Phone numbers & Messaging Data: If you choose to enable notifications, we collect your mobile phone number. This is used strictly to send one-time verification codes (OTP) and operational/transactional notifications regarding shifts.
  • Shift & scheduling data: availability, preferences, assigned shifts.
  • Usage data: server logs (IP address, browser type, pages visited) for security and performance.
  • Billing data: handled directly by Lemon Squeezy — we do not store payment card details.
  • Cookies: essential session cookies required for authentication, and optional analytics/performance cookies (such as Google Analytics and Microsoft Clarity) that only activate upon your explicit consent.

2. How We Use Your Data

  • Provide and operate the service (shift scheduling, team management).
  • Send transactional emails (account verification, worker invitations).
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell personal data to third parties.

3. Legal Basis for Processing (EU/EEA Users)

  • Contract performance (Art. 6(1)(b) GDPR): processing your data is necessary to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR): security monitoring and fraud prevention.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining billing records as required by law.

4. Data Retention

We retain account data for the duration of your subscription plus 30 days after account deletion. Billing records are kept for 7 years as required by Israeli tax law and EU accounting regulations. Server logs are retained for 90 days.

5. Third-Party Processors

ProcessorPurposeLocation
Lemon SqueezyPayment processing & invoicingUSA (SCCs apply)
SMTP provider (Brevo/Postmark)Transactional email deliveryEU
Google AnalyticsWeb traffic analyticsUSA
Microsoft ClaritySession recording & user behavior analyticsUSA

6. Your Rights

EU / EEA Residents (GDPR)

  • Access (Art. 15): download all your personal data via Account → Download My Data.
  • Rectification (Art. 16): update your profile in Account settings.
  • Erasure (Art. 17): delete your account via Account → Danger Zone → Delete Account.
  • Portability (Art. 20): your data export is provided in machine-readable JSON format.
  • Objection / Restriction (Art. 21, 18): contact us at privacy@daywatch.tech.
  • You have the right to lodge a complaint with your national supervisory authority (e.g., the Israeli Privacy Protection Authority, or EU Data Protection Authority in your member state).

California Residents (CCPA / CPRA)

  • Right to Know: see Section 1 above and use the data export feature.
  • Right to Delete: use the account deletion feature.
  • Right to Opt-Out of Sale: Daywatch does not sell personal information. No opt-out is required.
  • Non-discrimination: exercising your privacy rights will not result in any change in service level.

Israeli Residents (Protection of Privacy Law, 5741-1981)

  • You have the right to review and correct personal information held about you.
  • The data controller is TendersLab LTD, registered in Israel.
  • To exercise your rights under Israeli law, contact us at privacy@daywatch.tech.

7. SMS & WhatsApp Notifications

If you enable notifications, Daywatch will send account-related and shift-scheduling notifications via SMS or WhatsApp.No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Message frequency varies based on team scheduling activity. Standard message and data rates may apply. You can opt out and unsubscribe at any time by replying STOP to any message you receive.

8. Security

Passwords are bcrypt-hashed. Data is transmitted over TLS. Access to production data is restricted to authorised personnel. We comply with the Israeli Privacy Protection (Data Security) Regulations, 5777-2017.

9. Children

Daywatch is a B2B service intended for use by adults in a professional context. We do not knowingly collect data from persons under 18.

10. Changes to This Policy

We will notify registered users by email of material changes at least 14 days before they take effect.

11. Contact

TendersLab LTD
Email: privacy@daywatch.tech
For EU/EEA requests: We aim to respond within 30 days.

← Back to Daywatch|Terms of Service