Privacy Policy

Dayla ("we", "our", "us") is a profitability analytics platform for Shopify merchants, operated by Dayla SAS. This Privacy Policy explains how we collect, use, store, share and protect your information when you use our application at app.getdayla.com and any related services.

By creating an account or using Dayla, you agree to the practices described in this policy. If you do not agree, please do not use our service.

2.1 Account Information

When you register, we collect your name, email address and an encrypted password (bcrypt-hashed). If you sign in with Google, we receive your name, email and profile picture from Google OAuth.

2.2 Shopify Store Data

When you connect your Shopify store via OAuth, we access: orders (revenue, line items, financial status, payment gateway fees), products (title, variants, prices), and refunds. We request only the read_orders and read_products scopes — we never modify your store data.

2.3 Advertising Platform Data

When you connect advertising accounts, we access read-only advertising metrics via OAuth authorization. We never create, modify or delete your campaigns or ads. The platforms we support and the data we access:

• Meta Ads (Facebook & Instagram): Daily ad spend, impressions, clicks, CTR, CPC, CPM and conversions per campaign. Accessed via the Meta Marketing API with the ads_read and ads_management (read-only usage) scopes.
• Google Ads: Daily ad spend, impressions, clicks, conversions and cost metrics per campaign. Accessed via the Google Ads API with read-only reporting scopes.
• TikTok Ads: Daily ad spend, impressions, clicks, CTR, CPC, CPM and conversions. Accessed via the TikTok Marketing API under Reporting and Ad Account Management (read-only) scopes.
• Snapchat Ads: Daily ad spend, impressions, swipe-ups and conversions. Accessed via the Snapchat Marketing API under read-only reporting scopes.
• Pinterest Ads: Daily ad spend, impressions, clicks, CTR, CPC, CPM and conversions. Accessed via the Pinterest Ads API with the ads:read scope under read-only reporting permissions.

2.4 Email & SMS Marketing Data

When you connect Klaviyo, we access read-only campaign and flow revenue attribution data via the Klaviyo API using a private API key you provide. We access: campaign names, send dates, attributed revenue and channel type (email or SMS). We never modify your Klaviyo lists, segments, campaigns or flows.

2.5 Information You Provide

Product costs (COGS), shipping costs, fixed expenses and payment fee configurations that you manually enter into Dayla.

2.6 Technical Information

We automatically collect IP address, browser type, device type and access timestamps for security and service improvement purposes.

We use your data exclusively to:

• Provide profitability dashboards, analytics and reporting
• Synchronize data from your connected platforms (Shopify, ad networks)
• Calculate net profit, ROAS and other performance metrics
• Manage your account, subscription and billing
• Send transactional emails (account verification, billing notifications)
• Improve and maintain the security of our service

We do not use your data for advertising, profiling or any purpose unrelated to the Dayla service.

We do not sell, rent or trade your personal data. We may share data only with the following categories of service providers, strictly necessary for operating Dayla:

• Hosting & Infrastructure: Vercel (application hosting), PostgreSQL database provider
• Billing: Shopify Billing API (subscription management)
• Authentication: Google OAuth (optional sign-in)
• Advertising Platforms: Meta (Facebook), Google Ads, TikTok Ads, Snapchat Ads, Pinterest Ads — we exchange OAuth tokens and read-only reporting data with these platforms solely to display analytics within Dayla
• Email & SMS Marketing: Klaviyo — we read campaign revenue attribution data via your API key solely to display analytics within Dayla

All service providers are contractually required to protect your data and use it only to perform services on our behalf.

5.1 Shopify

We comply with Shopify's API Terms of Service and Partner Program Agreement. We handle mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) and process merchant data deletion requests within 30 days. We request only read_orders and read_products scopes — we never modify your store data.

5.2 Meta (Facebook & Instagram)

Meta Ads data is accessed via the Meta Marketing API and is used exclusively within Dayla to provide profitability analytics. We do not transfer, sell or sublicense Meta data to any third party. We comply with the Meta Platform Terms and Developer Policies. You may revoke access at any time from your Facebook Business settings or from Dayla settings.

5.3 Google Ads

Our use of Google Ads data complies with the Google API Services User Data Policy, including the Limited Use requirements. We only access, use and store Google Ads data to provide and improve Dayla's analytics features for the authorized user. You may revoke access at any time from your Google Account permissions or from Dayla settings.

5.4 TikTok Ads

TikTok Ads data is accessed via the TikTok Marketing API under read-only scopes (Reporting and Ad Account Management). Data is used exclusively within Dayla to provide profitability analytics. We comply with the TikTok Marketing API Terms. We do not share TikTok data with third parties. You can revoke access from TikTok Business Center or Dayla settings.

5.5 Snapchat Ads

Snapchat Ads data is accessed via the Snapchat Marketing API under read-only reporting scopes. Data is used exclusively within Dayla for profitability analytics and is never shared with third parties. We comply with the Snap Developer Terms of Service. You can revoke access from your Snapchat Business Manager or from Dayla settings.

5.6 Pinterest Ads

Pinterest Ads data is accessed via the Pinterest Ads API under the ads:read scope. Data is used exclusively within Dayla for profitability analytics and is never shared with third parties. We comply with the Pinterest Developer Guidelines and Developer Terms of Service. You can revoke access from your Pinterest Business Hub or from Dayla settings.

5.7 Klaviyo

Klaviyo data is accessed via the Klaviyo API using a private API key you provide. We access only read-only campaign and flow revenue attribution data for profitability analytics. We comply with the Klaviyo API Terms of Use. We never modify your lists, segments, campaigns or flows. You can revoke access by removing the API key from Dayla settings.

We implement industry-standard security measures to protect your data:

• Encryption in transit: All connections use TLS/SSL (HTTPS)
• Encryption at rest: Database encryption for stored data
• Password security: Passwords are hashed with bcrypt and never stored in plain text
• OAuth tokens: Stored server-side, never exposed to client browsers
• Access controls: Role-based access (Owner, Admin, Viewer) with server-side validation on every request
• CSRF protection: Secure state parameters and HTTP-only cookies for OAuth flows
• Minimal scopes: We request only read-only permissions from connected platforms

We retain your data for as long as your account is active. When you delete your account:

• All personal data and analytics data are deleted from our servers within 30 days
• Backups containing your data are purged within 30 days of account deletion
• We may retain anonymized, aggregated data that cannot identify you for service improvement

Certain data may be retained longer if required by law or to resolve disputes.

Under GDPR (EU), CCPA (California) and applicable data protection laws, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data
• Restriction: Request restriction of processing
• Withdraw consent: Disconnect any platform or delete your account at any time

To exercise any of these rights, contact us at contact@getdayla.com. We will respond within 30 days.

Dayla uses only essential cookies required for the service to function:

• Session cookies: To maintain your authenticated session
• OAuth state cookies: Temporary, secure, HTTP-only cookies used during platform connection flows (Meta, Google, TikTok, Snapchat, Pinterest, Klaviyo)
• Preference cookies: To store your locale and timezone preferences

We do not use tracking cookies, advertising cookies or third-party analytics cookies.

Dayla is a business tool designed for Shopify merchants. Our service is not directed to individuals under 16 years of age. We do not knowingly collect data from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the application. Continued use of Dayla after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or how we handle your data, please contact us: