Privacy Policy

Last updated: March 26, 2026

TendersLab LTD (“Daywatch”, “we”, “us”) operates the Daywatch AI Shift Coordination platform. This policy explains what personal data we collect, why, and your rights — whether you are located in the European Union, United States, Israel, or elsewhere.

1. Data We Collect

  • Account data: name, work email address, hashed password.
  • Shift & scheduling data: availability, preferences, assigned shifts.
  • Usage data: server logs (IP address, browser type, pages visited) for security and performance.
  • Billing data: handled directly by Lemon Squeezy — we do not store payment card details.
  • Cookies: essential session cookies required for authentication. No advertising or tracking cookies.

2. How We Use Your Data

  • Provide and operate the service (shift scheduling, team management).
  • Send transactional emails (account verification, worker invitations).
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell personal data to third parties.

3. Legal Basis for Processing (EU/EEA Users)

  • Contract performance (Art. 6(1)(b) GDPR): processing your data is necessary to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR): security monitoring and fraud prevention.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining billing records as required by law.

4. Data Retention

We retain account data for the duration of your subscription plus 30 days after account deletion. Billing records are kept for 7 years as required by Israeli tax law and EU accounting regulations. Server logs are retained for 90 days.

5. Third-Party Processors

ProcessorPurposeLocation
Lemon SqueezyPayment processing & invoicingUSA (SCCs apply)
SMTP provider (Brevo/Postmark)Transactional email deliveryEU

6. Your Rights

EU / EEA Residents (GDPR)

  • Access (Art. 15): download all your personal data via Account → Download My Data.
  • Rectification (Art. 16): update your profile in Account settings.
  • Erasure (Art. 17): delete your account via Account → Danger Zone → Delete Account.
  • Portability (Art. 20): your data export is provided in machine-readable JSON format.
  • Objection / Restriction (Art. 21, 18): contact us at privacy@daywatch.tech.
  • You have the right to lodge a complaint with your national supervisory authority (e.g., the Israeli Privacy Protection Authority, or EU Data Protection Authority in your member state).

California Residents (CCPA / CPRA)

  • Right to Know: see Section 1 above and use the data export feature.
  • Right to Delete: use the account deletion feature.
  • Right to Opt-Out of Sale: Daywatch does not sell personal information. No opt-out is required.
  • Non-discrimination: exercising your privacy rights will not result in any change in service level.

Israeli Residents (Protection of Privacy Law, 5741-1981)

  • You have the right to review and correct personal information held about you.
  • The data controller is TendersLab LTD, registered in Israel.
  • To exercise your rights under Israeli law, contact us at privacy@daywatch.tech.

7. Security

Passwords are bcrypt-hashed. Data is transmitted over TLS. Access to production data is restricted to authorised personnel. We comply with the Israeli Privacy Protection (Data Security) Regulations, 5777-2017.

8. Children

Daywatch is a B2B service intended for use by adults in a professional context. We do not knowingly collect data from persons under 18.

9. Changes to This Policy

We will notify registered users by email of material changes at least 14 days before they take effect.

10. Contact

TendersLab LTD
Email: privacy@daywatch.tech
For EU/EEA requests: We aim to respond within 30 days.

← Back to Daywatch|Terms of Service