Privacy Policy

Last updated: June 26, 2026

1. Who We Are

DayOneLead (“DayOneLead,” “we,” “us,” or “our”) is a service of Barn Dog Ventures LLC, a California limited liability company doing business as DayOneLead. We operate the website dayonelead.com and provide a business-to-business lead generation service that aggregates publicly available business registration data from state government sources, enriches that data with publicly available contact information, and delivers it to our subscribers.

For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar laws, Barn Dog Ventures LLC (doing business as DayOneLead) is the “data controller” of the personal data described in this policy. You can reach our privacy team at support@dayonelead.com.

Our business listings are compiled from publicly available sources, primarily public business registration records filed with state government agencies. We take the good-faith position that this information falls within the CCPA’s “publicly available” exclusion. See our data sourcing page. Whatever its classification, you can ask us to remove your listing or opt out at any time on our Remove My Information page.

2. Scope of This Policy

This policy applies to personal data we process about visitors to our website, account holders and subscribers, people who contact us, and business owners whose publicly filed information appears in our database. If you are in the European Economic Area (EEA), the United Kingdom, or California, you have specific rights that are described in Section 11.

3. Information We Collect

Information you provide to us

  • Account information: name, email address, and password when you create an account
  • Payment information: processed securely by Stripe; we do not store your full card details
  • Communications: any messages you send us through email, support channels, or onboarding

Information collected automatically

  • Usage data: pages visited, features used, and actions taken within our platform
  • Device and browser information: IP address, browser type, operating system, and device identifiers
  • Cookies and similar technologies: see Section 4 for the categories we use and how to control them

Analytics and session replay

We use third-party and first-party analytics tools to understand how people use our site so we can improve it:

  • Google Analytics to measure aggregate traffic and site usage.
  • PostHog for product analytics and, on some pages, session replay. Session replay records the pages you view and your interactions (such as clicks, scrolls, and navigation) so we can diagnose issues and improve the product. Text you type and form inputs are masked by default and are not captured.
  • First-party visit measurement: when you arrive from one of our own marketing links (a link containing campaign tags), we record the visit and the referring page so we can measure the performance of our campaigns.

Public business data we aggregate

We collect and process business registration information from publicly available government sources, including state Secretary of State filings, Division of Corporations records, and other public registries. This data includes business names, filing dates, registered agent information, officer names, and principal addresses as published by government agencies. We also collect publicly available business information from the web, including websites, phone numbers, email addresses, and business listings. Some of this information may relate to an identifiable individual (for example, a sole proprietor or a named officer), and where it does, we treat it as personal data under this policy.

4. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary: required to sign you in, keep you authenticated, and remember your preferences. The site does not work without these.
  • Analytics and performance: used by Google Analytics and PostHog to understand usage and improve the product, as described in Section 3.

You can control or delete cookies through your browser settings, and most browsers let you block them entirely. You can opt out of Google Analytics across sites using Google's browser opt-out add-on. You can also disable analytics and session replay by blocking these cookies in your browser, and we will honor recognized browser-based opt-out signals where applicable.

5. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process transactions and send related information, including confirmations and invoices
  • To send you technical notices, updates, security alerts, and administrative messages
  • To respond to your comments, questions, and customer service requests
  • To monitor and analyze trends, usage, and activities in connection with our services
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities
  • To send marketing about our own services, where permitted, which you can opt out of at any time

6. Legal Bases for Processing (EEA and UK)

If you are in the EEA or the UK, we process your personal data only when we have a legal basis to do so:

  • Performance of a contract: to create your account, provide the service, and bill you.
  • Legitimate interests: to secure and improve our service, understand usage through analytics, and market our own services. We balance these interests against your rights.
  • Consent: where required, for example certain cookies or marketing. You may withdraw consent at any time.
  • Legal obligation: to comply with applicable laws and respond to lawful requests.

For business registration data sourced from public records, we rely on our legitimate interest in providing a lead generation service built on information that is already public. You can object to this processing as described in Section 11.

7. How We Share Your Information

We do not sell your personal information. We share information in the following circumstances:

  • Service providers: we share information with third-party vendors who perform services on our behalf, including payment processing (Stripe), email delivery (Resend and Zoho), hosting and infrastructure (Vercel, Railway, and Supabase), and analytics (Google Analytics and PostHog). These providers may only use the data to perform services for us.
  • Legal requirements: we may disclose information if required to do so by law or in response to valid requests by public authorities.
  • Business transfers: in connection with any merger, sale of company assets, financing, or acquisition, your information may be transferred.
  • With your direction: when you ask us to, for example to integrate with a tool you use.

8. International Data Transfers

We are based in the United States and our service providers are primarily located in the United States. If you access our services from the EEA, the UK, or another region, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for these transfers, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. You may contact us for more information about these safeguards.

9. Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. We retain publicly sourced business data for as long as it remains useful to our service, since it is derived from public records. If you request account deletion, we will delete your personal account data within 30 days, though we may retain certain information where required by law or for legitimate business purposes such as fraud prevention, tax, and accounting.

10. Security

We implement appropriate technical and organizational measures to protect your information, including encryption in transit (TLS), secure authentication, and access controls. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Your Privacy Rights

Depending on where you live, you have rights over your personal data. We honor these rights regardless of where you are located, subject to verification and legal limits.

If you are in the EEA or the UK (GDPR)

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your personal data in certain circumstances.
  • Restriction: ask us to limit how we process your data.
  • Portability: receive your data in a portable format, where applicable.
  • Objection: object to processing based on our legitimate interests, including direct marketing.
  • Withdraw consent: withdraw any consent you have given, without affecting prior processing.
  • Complain: lodge a complaint with your local data protection supervisory authority.

If you are in California (CCPA and CPRA)

  • Know: request the categories and specific pieces of personal information we have collected.
  • Delete: request deletion of personal information we collected from you.
  • Correct: request correction of inaccurate personal information.
  • Opt out: we do not sell or share your personal information as those terms are defined under California law.
  • Non-discrimination: we will not discriminate against you for exercising your rights.

How to exercise your rights

To make a request, use our Remove My Information form or email support@dayonelead.com. You can also access and update your account information directly from your dashboard, and unsubscribe from marketing emails using the link in any marketing email. We may need to verify your identity before acting on a request, and an authorized agent may submit a request on your behalf with proper authorization.

If you are a business owner and your information appears in our database, note that it is sourced from government public records and publicly available web sources (see our data sourcing page). You can use our Remove My Information form, or contact us at the address above, to access, correct, or request removal of your information, and we will respond consistent with applicable law.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

13. Third-Party Links

Our site and the data we provide may contain links to third-party websites and services that we do not control. This policy does not apply to those sites, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party site you visit.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of our services after any changes constitutes your acceptance of the new policy.

15. Contact Us

If you have any questions about this privacy policy or want to exercise your rights, contact us at support@dayonelead.com.