Privacy Policy

Last updated: 2 May 2026. Data controller: Jubelbud AS, Møllergata 6, 0179 Oslo, Norway. Org. nr. 836 329 252. Contact: VC orders contact@daymaker.com.

1. Scope

This policy describes the personal data we collect when you visit daymaker.com or use the Daymaker service, why we collect it, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).

"We", "us", and "our" refer to Jubelbud AS. By using the site or placing an order, you agree to the practices described here.

2. Information we collect

We collect the following categories of personal data, directly from you and through automated means when you interact with the site:

  • Account and order information, including name, email, billing address, payment details, the message and design files you submit for your cake, and the recipient and shipping address you provide.
  • Communications, including any emails, support tickets, chat messages, voice messages, and other correspondence you send to us.
  • Device and connection data, including IP address, browser type and version, operating system, device identifiers, language settings, time zone, screen size, and approximate location derived from IP.
  • Usage and behavioural data, including pages visited, time on page, scroll depth, clicks, hover events, referral source, search queries, sessions, conversion events, and interactions with on-site features.
  • Cookies and similar technologies, including first-party and third-party cookies, pixel tags, web beacons, local storage, session storage, and software development kits used by analytics, advertising, and product partners. See section 5.
  • Inferences drawn from any of the above for personalisation, marketing, fraud prevention, and product improvement.
  • Information received from third parties, including identity verification providers, fraud-prevention vendors, advertising platforms, social networks, business partners, and publicly available sources.

3. How we use it

We use personal data, alone or in combination, to:

  • Provide, operate, fulfil, and improve the Daymaker service.
  • Process payments, prevent fraud, and meet our legal and accounting obligations.
  • Communicate with you about your orders, our service, and changes to our policies.
  • Personalise content, recommendations, and offers; measure and improve user experience; A/B test new features.
  • Conduct analytics, research, and statistical analysis to understand usage and trends.
  • Carry out marketing, remarketing, advertising, and lookalike audience targeting on our own properties and on third-party platforms (including but not limited to Meta, Google, X, LinkedIn, TikTok), and measure the effectiveness of those campaigns.
  • Build, train, and improve internal tools, including machine-learning models.
  • Establish, exercise, or defend legal claims.
  • Any other purpose disclosed to you at the point of collection or for which you have given consent.

The legal bases under GDPR Art. 6(1) are, depending on the activity, performance of a contract with you (b), compliance with a legal obligation (c), our legitimate interests in operating, securing, marketing, and improving our service (f), and where required, your consent (a).

4. Sharing

We may share personal data with:

  • Service providers and processors that help us run the business, including payment processors (e.g. Stripe), bakery and delivery partners, hosting and infrastructure providers (e.g. Vercel, AWS, Cloudflare), email and messaging providers, customer-support tools, analytics platforms, and product-tooling vendors.
  • Advertising and marketing partners, including ad networks, social platforms, attribution and measurement providers, affiliate networks, and lookalike-audience tools. These partners may combine the data we share with data they hold to deliver and measure ads.
  • Professional advisors, including auditors, lawyers, and accountants.
  • Authorities and other parties when we believe disclosure is required by law, necessary to enforce our terms, or necessary to protect our rights, property, or safety, or that of users or the public.
  • In connection with a corporate transaction such as a merger, acquisition, financing, or sale of assets, in which case personal data may be transferred to the counterparty.
  • With your consent or at your direction, including when you ask us to share your data with a partner.

5. Cookies, analytics, and tracking

We and our partners use cookies, web beacons, pixels, SDKs, local storage, server logs, and similar technologies to operate the site, remember your preferences, measure performance, understand usage, deliver and measure marketing, and detect fraud. These technologies may be first-party (set by us) or third-party (set by our partners on our behalf).

By using the site you consent to the use of these technologies. Most browsers let you reject cookies; doing so may break parts of the service. We honour Global Privacy Control signals where required by law.

6. International transfers

Some of our processors and partners are located outside the European Economic Area, including in the United States. Where personal data is transferred internationally we rely on adequacy decisions, the EU-US Data Privacy Framework, or Standard Contractual Clauses adopted by the European Commission, with supplementary measures as appropriate.

7. Retention

We retain personal data for as long as it is needed to provide the service, operate the business, and meet our legal and accounting obligations. There is no fixed time after which data is automatically deleted.

You may request deletion at any time and we will comply, except where we are required to retain certain information (for example, to comply with the Norwegian Bookkeeping Act, to defend a legal claim, or to prevent fraud). To request deletion, see section 9.

8. Security

We use industry-standard technical and organisational measures appropriate to the sensitivity of the data, including HTTPS in transit, encryption at rest where applicable, role-based access controls, and ongoing security review. No system is perfectly secure, and we make no warranty that personal data will never be compromised.

9. Your rights

If you are in the EU, EEA, UK, or another jurisdiction with similar laws, you have the right to request access to your personal data, correction of inaccurate data, deletion (subject to the limits in section 7), restriction of processing, portability, and to object to processing based on legitimate interest. Where processing is based on consent you may withdraw that consent at any time. To exercise any of these rights, email contact@daymaker.com with the subject "Privacy Request". We will respond within the period required by applicable law.

You also have the right to lodge a complaint with your supervisory authority. In Norway that is Datatilsynet (datatilsynet.no).

10. Children

The service is not directed at children under 16 and we do not knowingly collect personal data from them.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the current version. Material changes will be communicated where required by law. Continued use of the site or service after a change constitutes acceptance of the updated policy.

12. Contact

Questions or requests: contact@daymaker.com. Postal: Jubelbud AS, Møllergata 6, 0179 Oslo, Norway.