DearDay

Privacy Policy

Last updated: May 3, 2026

DearDay (“we”, “our”, “us”) operates the website at dearday.sg. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with Singapore’s Personal Data Protection Act (PDPA) 2012.

1. Information we collect

When you use DearDay, we may collect:

  • Account information: name, email address, profile picture (via Google OAuth)
  • Invitation content: titles, dates, places, messages, recipient names you enter
  • RSVP responses: attendance status, attendee names, replies submitted by recipients
  • Usage data: page views, device type, browser, approximate location (via Vercel Analytics and Google Analytics, if enabled)

2. How we use your information

  • To create and deliver your invitations and process RSVPs
  • To authenticate you and protect your account
  • To improve site performance and user experience
  • To communicate service updates or critical notices
  • To display relevant advertising via Google AdSense (see Section 5)

3. Data sharing

We do not sell your personal information. We share data only with the following service providers:

  • Google — for authentication and (optionally) advertising
  • Supabase — database and storage hosting (region: ap-southeast-1, Singapore)
  • Vercel — application hosting and analytics

Each provider has its own privacy policy and data handling practices.

4. Data retention & automatic deletion

Cards are kept only from the day they are created until the event date, and are automatically deleted afterwards. Cards without an event date (thank/congrats) are deleted 30 days after creation. Deleting a card also removes all related recipients, RSVP records, and uploaded images. Deleted data cannot be recovered.

You may also delete individual invitations at any time from the management page before the automatic deletion date.

5. Cookies and advertising

We use essential cookies for authentication and language preference. We may use Google AdSense to display ads on public pages (excluding individual invitation pages). Google and its partners may use cookies to serve ads based on prior visits to our site or other sites. You can opt out of personalized advertising at Google Ads Settings.

6. Your rights (PDPA)

Under Singapore’s PDPA, you have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate data
  • Withdraw consent and request deletion of your data

To exercise any of these rights, contact us via the contact page.

7. Security

We use HTTPS for all traffic, encrypted database connections, and OAuth-based authentication. While we apply industry-standard safeguards, no online service is completely secure — please use a strong account on Google for protection.

8. Children’s privacy

DearDay is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us for removal.

9. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated via the site or email.

10. Contact

For questions about this Privacy Policy, please use our contact page.