Privacy Policy
Last updated: February 2026
Introduction
At Unveil, we take the protection of your personal data seriously. This privacy policy explains what data we collect, how we use it, and your rights.
Data Controller
The data controller is:
- Publisher: Individual
- Email: hello@unveil.day
Data Collected
Account Data
- Email address (for authentication)
Calendar Data
- Calendar title
- Recipient name
- Day content: text, photos, videos, voice messages, playlists
- Start and end dates
- Selected theme
Payment Data
- Transactions are processed by Stripe. We do not store any banking data. We only retain the Stripe transaction ID and the currency used.
Technical Data
- IP address (server logs)
- Browser type and operating system
- Language and currency preferences
- Timezone (for automatic currency detection)
Browsing Data (Trackers)
- Pages visited and actions taken (registration, purchase)
- Interaction data (clicks, scrolling) via Microsoft Clarity
- Advertising identifiers via Meta Pixel, TikTok Pixel, and Google Ads
Purpose of Processing
Your data is used to:
- Provide the service: creating, editing, and sharing calendars
- Authenticate your account: sending login links
- Process payments: managing Premium purchases
- Improve the service: usage analytics, heatmaps, performance measurement
- Advertising: conversion tracking and remarketing
- Support: responding to your requests
Legal Basis
The processing of your data is based on:
- Contract performance: to provide the service and process payments
- Your consent: for advertising cookies and optional communications
- Legitimate interest: to improve the service, ensure security, and measure audience
Data Retention
- Account data: retained as long as your account is active
- Calendars and content: retained until deleted by the user
- Payment data: retained in accordance with legal obligations (10 years)
- Technical logs: 12 months maximum
- Browsing data: according to each provider's retention periods (see below)
Processors and Data Sharing
We never sell your data. It may be shared with the following providers:
| Provider | Role | Location |
|---|---|---|
| Supabase | Database and file storage | Singapore |
| Vercel | Website hosting | United States |
| Stripe | Payment processing | United States / Ireland |
| Plausible Analytics | Audience measurement (no cookies) | EU (self-hosted) |
| Microsoft Clarity | Usage analysis and heatmaps | United States |
| Meta (Facebook) | Advertising pixel | United States |
| TikTok | Advertising pixel | Singapore / United States |
| Advertising conversion tracking | United States |
International Transfers
Some of our providers are located outside the European Economic Area (EEA), particularly in the United States and Singapore. These transfers are governed by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The EU-US Data Privacy Framework for certified providers
- Additional security measures where necessary
Your Rights
Under GDPR, you have the following rights:
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: request deletion of your data
- Portability: receive your data in a structured format
- Objection: object to the processing of your data
- Restriction: request restriction of processing
- Withdrawal of consent: withdraw your consent at any time for consent-based processing
To exercise these rights, contact us at: hello@unveil.day
You also have the right to lodge a complaint with your local data protection authority. In France: CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr.
Security
We implement appropriate security measures:
- Data encryption in transit (HTTPS/TLS)
- Secure authentication via magic link (no stored passwords)
- Restricted data access
- Secure payments via Stripe (PCI DSS certified)
Changes
This policy may be updated. In case of significant changes, we will notify you by email or via a notification on the service.
Contact
For any questions about this policy, contact us at hello@unveil.day or via our contact page.