Privacy Policy

This Privacy Policy explains how Daisy, Inc. (“Daisy”, “we”) collects, uses, and shares information when you use the Daisy website, canvas, API, and related services (the “Service”).

We try to collect only what we need to make Daisy work, keep it secure, and improve it. We do not sell your personal information.

Account information. When you sign up, we collect your name, email address, and authentication identifiers from your sign-in provider.

Billing information. If you purchase a paid plan, our payment processor collects your payment details. We store only what we need to manage your subscription — typically a customer ID, last four digits, and country.

Content you submit. Prompts, descriptions, images, files, projects, and the AI outputs we generate for you.

Usage data. Pages visited, features used, generation counts, API requests, timestamps, IP address, browser, and device. We use this to operate the Service and to improve it.

Support communications. Messages you send us via email or community channels, including any attachments.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Generate AI outputs in response to your prompts.
• Process payments and manage subscriptions.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Send transactional emails — receipts, security notices, product updates you opted into.
• Measure aggregate product usage and improve the Service.
• Comply with legal obligations and enforce our Terms.

To generate outputs, your prompts and reference inputs are sent to first- and third-party AI model providers. These providers process the data on our behalf under their data-processing terms and do not use it to train their public models.

We do not use the contents of your prompts or generations to train our general models without your explicit opt-in. We may use aggregated, de-identified telemetry — such as which features users engage with — to evaluate and improve the Service.

We share information only in these cases:

• Service providers who run infrastructure, payments, analytics, email, support, and AI inference on our behalf, under contract.
• Legal requests when required to comply with a valid legal process or to protect rights, property, or safety.
• Business transfers in connection with a merger, acquisition, or sale of assets, with notice to you when feasible.
• With your consent for anything else.

We do not sell your personal information and do not share it for cross-context behavioral advertising.

We use a small number of cookies and similar technologies to keep you signed in, remember preferences, and measure aggregate product usage. You can control cookies through your browser settings; blocking essential cookies will affect the Service.

We keep your account information and content for as long as your account is active. After you delete your account, we delete or anonymize your content within 30 days, except where retention is required by law, needed to resolve disputes, or necessary to enforce our agreements. Backups may persist for a short period after that.

We use industry-standard administrative, technical, and physical safeguards — including encryption in transit, scoped access controls, audit logging, and regular review of our third-party providers — to protect your information.

No system is perfectly secure. If you believe your account has been compromised or you’ve found a vulnerability, please write to security@daisy.now.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your account and associated personal information.
• Export a copy of your content.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.

You can exercise most of these directly from your dashboard. For anything else, email hi@daisy.now and we will respond within 30 days.

Daisy is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact hi@daisy.now and we will delete it.

Daisy is operated from the United States and our service providers may process data in other countries. Where required, we rely on appropriate transfer mechanisms — such as the EU Standard Contractual Clauses — to protect your information when it moves across borders.

We may update this Privacy Policy from time to time. If a change is material, we will give you reasonable notice — for example by email or an in-product notice — before it takes effect. The “Effective” date above always reflects the latest version.

For privacy questions or requests, write to hi@daisy.now. For security disclosures, write to security@daisy.now.