Privacy Policy

Effective Date: March 1st, 2026

1. Introduction

This Privacy Policy describes how Daylee.work ("we", "us", or "our") collects, uses, and protects information through Daylee, an AI-powered Slack bot that facilitates team standups, generates reports, and supports team collaboration.

Daylee operates entirely within Slack and has no separate web frontend. By installing Daylee in your Slack workspace or participating in a team that uses Daylee, you agree to the practices described in this policy.

2. Information We Collect

2.1 Slack Workspace Data

When Daylee is installed in a Slack workspace, we collect:

  • Workspace identifiers: Team ID, workspace name, domain, email domain, and workspace icon
  • Channel information: Channel names, IDs, purposes, and topics for channels Daylee is added to

2.2 Slack User Data

For users who interact with Daylee or are members of teams using Daylee, we collect:

  • Profile information: Slack user ID, username, display name, real name, email address, and avatar URLs
  • Workspace role: Admin and owner status
  • Timezone: Timezone name, label, and UTC offset
  • Account status: Whether the account is active or deactivated

2.3 Standup Content

When users participate in standups through Daylee, we collect:

  • Update text: The content of standup updates submitted by users
  • Skip reasons: If a user skips a standup, the reason provided
  • Timestamps: When prompts were sent, updates were submitted, and edits were made

2.4 AI-Generated Reports

Daylee generates summaries from standup updates using AI. These summaries are stored as report records including:

  • Summary text: AI-generated summaries of team standup updates
  • Report metadata: Team, date range, report type, and the channel where the report was posted

2.5 Team Configuration

Workspace administrators and team leads configure Daylee with:

  • Team settings: Team names, standup schedules, report channels, and timezones
  • Project context: Optional descriptive text about team projects, used to improve AI summaries
  • Custom prompts: Optional custom standup prompt text
  • Member preferences: Prompt delivery preferences and timezone overrides

2.6 Availability Data

Users may share availability information including:

  • Time-off dates: Start and end dates for out-of-office, vacation, or busy periods
  • Reasons: Optional descriptions for availability changes

2.7 Billing Data

For workspaces on paid plans, we collect:

  • Paddle identifiers: Customer ID and subscription ID (assigned by our payment processor, Paddle)
  • Billing email: The email address associated with the billing account
  • Seat count: The number of active team members, used for usage-based billing

2.8 Usage Metrics

We collect aggregated, workspace-level usage metrics such as:

  • Feature usage counts: How many standups, reports, and other features are used per billing period

2.9 Slack Messages

When Daylee reads messages in channels it has access to (for context or standup collection), the message text and associated user identifiers may be processed and temporarily stored.

3. How We Use Your Information

We use the collected information to:

  • Deliver standup prompts to team members at scheduled times via Slack direct messages
  • Collect and store standup updates submitted by team members
  • Generate AI-powered summaries of team standup updates and post them to designated Slack channels
  • Manage team membership, schedules, and configuration
  • Track availability so teams know when members are out of office
  • Process billing and manage subscription entitlements
  • Monitor usage to enforce plan limits and calculate billing
  • Improve the service through aggregated, non-personally-identifiable usage analysis

4. AI Processing

Daylee uses Amazon Web Services (AWS) Bedrock to access the Claude large language model for two purposes:

  1. Intent detection: When a user sends a message to Daylee, the message text is sent to AWS Bedrock to classify the user's intent and route the request appropriately.
  2. Standup summarization: When generating reports, standup update text (truncated to 1,000 characters per update), team member Slack user IDs, team name, and optional project context are sent to AWS Bedrock to produce an AI-generated summary.

Important:

  • Data sent to AWS Bedrock is processed under our AWS service agreement and is not used to train foundation models.
  • We do not send email addresses, real names, or other profile details to AWS Bedrock — only Slack user IDs and the content described above.
  • AI-generated summaries are stored in our database and posted to designated Slack channels.

5. Third-Party Services

5.1 AWS Bedrock (AI Processing)

Standup text and message content are transmitted to AWS Bedrock for AI processing as described in Section 4. AWS processes this data under our service agreement and does not use it for model training. See the AWS Data Privacy FAQ for details.

5.2 Paddle (Payment Processing)

For paid subscriptions, we share the following with Paddle, our payment processor:

  • Slack workspace ID and installer user ID (as custom metadata on the transaction)
  • Active user count (seat quantity for billing)
  • Billing email address

Paddle handles all payment card processing. We never receive or store credit card numbers, CVVs, or other payment card details. See Paddle's Privacy Policy for how Paddle handles payment data.

5.3 Infrastructure Services

Our application infrastructure (PostgreSQL database, Redis cache, and RabbitMQ message broker) is hosted on infrastructure we control. These are not third-party SaaS services that independently access your data.

6. Data Retention

  • Standup updates and reports: Retained according to your workspace's plan:
    • Free plan: 7 days of report history
    • Pro plan: 90 days of report history
    • Enterprise plan: Unlimited report history
  • Team configuration: Retained while the team exists. Deleted teams are soft-deleted and can be restored.
  • Slack user profiles: Retained while the workspace has Daylee installed. Deactivated Slack users are marked as deleted in our records.
  • OAuth tokens: Retained while the workspace has Daylee installed. Removed upon uninstallation.
  • Billing records: Retained as required for financial record-keeping and dispute resolution.
  • Redis cache: Ephemeral data only (idempotency markers and distributed locks) with automatic expiry, typically within 24 hours. No personal data is stored in the cache.

7. Data Sharing

We do not sell your personal data to third parties.

We share data only with the third-party services described in Section 5 (AWS Bedrock and Paddle), strictly for the purposes of providing the Daylee service.

We may disclose information if required by law, legal process, or governmental request.

8. Security

We implement the following security measures to protect your data:

  • OAuth-based authentication: Daylee uses Slack's official OAuth 2.0 flow. Bot tokens and refresh tokens are stored in our database.
  • No direct payment handling: All payment processing is handled by Paddle. We never store payment card data.
  • Database security: Data is stored in a PostgreSQL database with access restricted to our application services.
  • Ephemeral caching: Redis cache entries auto-expire and contain no personal data.
  • Event-driven architecture: Messages are processed through RabbitMQ, decoupling ingestion from processing for reliability.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data. Workspace administrators can remove teams and members. Individual users can request data deletion by contacting us.
  • Opt-out of prompts: Team members can disable standup prompts through their preference settings within Daylee.
  • Uninstallation: Workspace administrators can uninstall Daylee from the Slack workspace, which revokes all OAuth tokens and stops all data collection.

To exercise any of these rights, contact us at support@daylee.work.

10. Slack Permissions

Daylee requests the following Slack OAuth bot scopes during installation:

Scope Purpose
chat:write Send standup prompts, reports, and responses
chat:write.public Post reports to public channels Daylee hasn't joined
channels:history Read message history in public channels for context
channels:read List and read public channel metadata
groups:history Read message history in private channels Daylee is added to
groups:read Read private channel metadata
im:history Read direct message history (for standup collection)
im:read Read direct message channel metadata
im:write Open direct message conversations to send prompts
incoming-webhook Receive webhook events
links:read Read shared links in conversations
reactions:read Read emoji reactions on messages
team:read Read workspace name, domain, and icon
users:read Read user profiles (names, emails, timezones)
commands Respond to slash commands

Daylee does not request user-level OAuth tokens. All actions are performed using the bot token granted during workspace installation.

11. Children's Privacy

Daylee is a workplace productivity tool and is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@daylee.work so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify affected workspaces through a Daylee message to workspace administrators. The "Effective Date" at the top of this policy indicates when the latest revision took effect.

We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

This privacy policy was last updated on March 1st, 2026.