Privacy Policy

Last updated: May 15, 2026

This Privacy Policy describes how DayOff ("we", "our", or "us") collects, uses, and discloses your information when you use our mobile application and backend services.

1. Information We Collect

We collect the following types of information:

• Account Information: Full name, email address, and password (hashed securely) when you register.
• Profile Information: Department, join date, and manager assignment within your company.
• Leave Data: Leave requests, leave types, dates, reasons, and approval statuses.
• Usage Data: Basic interaction data to improve our service.

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve our leave management service.
• Process and manage leave requests and approvals.
• Calculate leave balances and track leave history.
• Authenticate users and secure access to the application.
• Communicate important updates related to your account.

3. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

• Within Your Organization: Managers and administrators in your company can view relevant leave data.
• Legal Compliance: If required by law or to protect our legal rights.
• Service Providers: Third-party services (e.g., cloud hosting) that are bound by confidentiality agreements.

4. Data Security

We implement appropriate security measures including:

• Encryption of data in transit (HTTPS/TLS).
• Password hashing using BCrypt.
• JWT token-based authentication with expiration.
• Token blacklisting for immediate session invalidation.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law.

6. Your Rights

You have the right to:

• Access your personal data held by us.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal obligations).
• Withdraw consent where processing is based on consent.

7. Third-Party Services

Our application uses the following third-party services:

• Microsoft Azure - Cloud hosting and database services.
• PostgreSQL - Database management.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@dayoff-app.com