← daymesh

Privacy Policy

Last updated: March 17, 2026

daymesh ("we", "us", or "our") operates daymesh.com. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using daymesh, you agree to the practices described here.

1. Data We Collect

Account Information

When you create an account, we collect your email address, a display name, and a username you choose. If you sign in with Google or Apple, we receive your name, email address, and a unique identifier from that provider. We store OAuth access tokens and refresh tokens necessary to maintain your authenticated session.

Calendar Feed URLs

You provide iCal subscription URLs (source feeds) that daymesh fetches and merges on your behalf. We store these URLs and periodically retrieve the calendar event data they contain in order to generate your merged feed. Event data (titles, times, locations, descriptions, attendees) is processed in memory and cached temporarily; it is not stored permanently in our database beyond the raw iCal text in our feed cache.

Analytics Data

Every request to a .ics feed URL is logged. For each request we collect:

  • Timestamp of the request
  • IP address of the requester
  • Country, region, and city (derived from the IP address via GeoIP lookup)
  • User-Agent header (the calendar application making the request)
  • HTTP Referer header, if present
  • Response size in bytes and response time in milliseconds
  • Whether the response was served from cache

Usage Data

We collect standard web server logs, including your IP address and browser information, when you visit daymesh.com and use the dashboard. We do not use third-party tracking pixels or advertising networks.

2. How We Use Your Data

  • Providing the service: Fetching and merging your calendar feeds, serving your merged .ics URLs, and maintaining your account.
  • Analytics: Showing you how many times your calendar feeds have been accessed, by which clients and from which regions, so you can understand your audience.
  • Email communications: Sending account verification emails, password reset emails, and feed error alerts (on paid plans). We do not send marketing emails without your explicit consent.
  • Security and abuse prevention: Detecting and blocking abusive usage patterns using IP-level and account-level rate limiting.
  • Service improvement: Aggregated, anonymised usage statistics help us understand how daymesh is used and prioritise improvements.

3. Data Retention

We retain different categories of data for different periods:

  • Raw access logs (IP addresses, User-Agents, Referers): Retained for 90 days. After 90 days, IP addresses are irreversibly hashed (SHA-256) and User-Agent and Referer data is dropped. Hashed IPs cannot be reversed to identify individuals.
  • Aggregated daily analytics: Retained according to your plan — 7 days on Free, 90 days on Pro, 365 days on Business. Daily rollups contain only aggregate counts and top-N summaries; no individual IP addresses.
  • Feed cache: Cached iCal data is stored temporarily and refreshed on your plan's schedule (60 minutes / 15 minutes / 5 minutes). Cache entries are deleted when you remove a source feed.
  • Account data: Retained for as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days.

4. Third-Party Services

We use a small number of third-party services to operate daymesh:

  • MaxMind GeoLite2: We use a locally hosted copy of the MaxMind GeoLite2 City database to convert IP addresses into geographic locations (country, region, city). This lookup happens entirely on our servers; your IP address is never sent to MaxMind.
  • Postmark (email delivery): Transactional emails (verification, password reset, feed error alerts) are sent via Postmark. Your email address is transmitted to Postmark for this purpose. See Postmark's Privacy Policy.
  • Google OAuth / Apple Sign In: If you use social sign-in, your authentication is handled by Google or Apple respectively. We receive only the data those providers share with us (name, email, unique ID). We do not receive your social account password.
  • Hosting provider: daymesh runs on dedicated infrastructure. Our hosting provider has access to server-level data as a matter of operating the infrastructure, subject to their own privacy practices.

5. Data Sharing

We do not sell your personal data. We do not share your data with third parties except as described in Section 4 (service providers), or as required by law (such as a valid legal process, court order, or law enforcement request). In the event of a merger or acquisition, we will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Cookies and Sessions

daymesh uses a single, secure HttpOnly session cookie to keep you logged in. This cookie contains a random session identifier; it does not contain any personal data. Sessions expire after 30 days of inactivity. We do not use advertising cookies or cross-site tracking cookies.

7. Your Rights

You have the following rights with respect to your personal data:

  • Access: You can view the data associated with your account at any time in your dashboard and settings.
  • Correction: You can update your display name, username, and email address in account settings.
  • Deletion: Deleting your account removes all your calendars, feeds, analytics data, and personal information. This action is permanent and cannot be undone.
  • Portability: Business plan users can export their analytics data in CSV format via the dashboard.

To exercise any of these rights or make a data request, contact us at [email protected].

8. Security

We use industry-standard practices to protect your data: HTTPS for all connections, bcrypt for password hashing, secure session cookies, and server-side session validation. No system is perfectly secure; if you discover a security vulnerability, please report it to [email protected].

9. Children's Privacy

daymesh is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of daymesh after changes are posted constitutes your acceptance of the revised policy.

11. Contact

Questions, data requests, or privacy concerns can be sent to:
[email protected]

daymesh Terms of Service [email protected]