1. Introduction

Daily Sweepstakes Manager (“DSM,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website at dailysweepstakesmanager.com and our sophisticated countdown timer management services (collectively, the “Service”).

Our website address is: https://dailysweepstakesmanager.com

Service Description: DSM provides countdown timer and organization tools to help you track daily sweepstakes entries and related deadlines. We may include links to third-party sweepstakes or promotions; some links may be associated with non-cash incentives on those platforms (for example, “Sweepstakes Coins” governed by the operator). We do not operate those third-party promotions.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

1.1 Features we do not use (WordPress defaults)

We do not operate public blog comments, Gravatar integration for comments, or user media uploads on pages covered by this Policy. Generic WordPress disclosures about comments, EXIF metadata in uploads, and embedded post content do not apply to those features here. If you follow a link to a third-party site, that site’s own privacy policy and cookies apply.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Username and display name
• Email address
• Password (encrypted)
• Timezone and location preferences with automatic detection capabilities
• Profile customization settings and theme preferences
• Age attestation where our registration flow asks you to confirm you are 18+ (see Section 8)
• Optional guest session indicators if you use guest mode without a full account

User Preferences:

• Theme and display preferences with responsive design options
• Comprehensive notification settings including email and push notification preferences per device
• Advanced timer customization options including display formats, auto-restart settings, and custom durations
• Language and accessibility preferences with keyboard navigation and screen reader support
• Timer grid preferences including pagination, sorting, and search settings
• Favorites and timer collection management
• Multi-device synchronization preferences and UUID management

Communications:

• Messages sent to customer support
• Feedback and survey responses
• Newsletter and marketing preferences

Contact Form Submissions (DSM Compliance):

• Name, email, subject, and message body you submit
• IP address and browser user agent
• Submission timestamp
• Stored in a database table dedicated to contact submissions

Referral and incentive links (if applicable):

• Clicks or attribution signals on referral or incentive links (for example, links that may credit non-cash benefits such as “Sweepstakes Coins” on a third-party operator)
• Basic referral or campaign metadata needed to operate or improve our linking disclosures

2.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on the Service
• Click patterns and navigation paths
• Device and browser information
• IP address and approximate location
• Referral sources

Timer and Activity Data:

• Timer creation, completion, and restart records
• Personalized timer collections and favorites management
• Notification interaction history across multiple devices
• Login and session information with timezone detection
• Feature usage statistics including grid interactions, search queries, and preference changes
• Guest session activity where guest mode is used

Push Notification Identifiers (Perfecty Push):

• Anonymous push subscription UUIDs associated to your device/browser when you enable push notifications
• Used solely to deliver notifications you opt into

Referral and incentive telemetry (if applicable):

• Clicks or similar signals tied to referral or incentive links you use from our Service

Technical Information:

• Browser type and version
• Operating system
• Device identifiers
• Screen resolution and device capabilities
• Network connection information

2.3 Information from Third Parties

Payment processing (if introduced): If we later offer paid DSM plans, we may receive limited transaction or fraud-prevention data from a payment processor (for example, Stripe) as described in an updated version of this Policy. At launch we do not bill you for DSM access and do not collect payment card data for DSM fees.

Authentication Services:

• Information from Google OAuth (if used)
• Social media profile data (if connected)

Third-Party Services (minimal):

• Basic referral tracking data (where applicable)
• Service integration information
• User preference coordination

Analytics Services:

• Aggregated usage statistics
• Performance metrics
• Error reporting data

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account with comprehensive preference management
• Provide advanced timer management with custom durations, auto-restart functionality, and personalized collections
• Deliver multi-device notification services including email and browser push notifications
• Customize your user experience with themes, accessibility options, and synchronized preferences
• Provide customer support through integrated contact systems
• Record 18+ attestation when you complete our account registration acknowledgements (see Section 8)
• Support optional guest usage where offered, without replacing a full registered account where features require login
• Coordinate multi-device synchronization and preference management

3.2 Referral and incentive links (if applicable)

• Operate and improve referral or incentive linking features (for example, links that may credit non-cash benefits on a third-party operator)
• Measure basic effectiveness of disclosures and help prevent abuse

3.3 Communication

• Send service-related notifications including timer completions and deadline reminders
• Deliver requested newsletters and updates through email and browser push notifications
• Respond to your inquiries and support requests through integrated contact systems
• Notify you of important account changes and preference modifications
• Send marketing communications (with consent) with per-device preference management where applicable
• Provide information about relevant timer features and service updates
• Coordinate multi-device notification delivery based on user preferences

3.4 Service Improvement

• Analyze usage patterns and preferences
• Develop new features and functionality
• Improve Service performance and reliability
• Conduct user research and testing
• Generate anonymized analytics
• Improve referral and incentive disclosures and user education

3.5 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Resolve disputes and legal claims
• Maintain Service security and integrity
• Comply with applicable transparency requirements for endorsements, incentives, and referrals (including FTC guidance), as interpreted with counsel for your specific programs

4. Information Sharing and Disclosure

4.1 Internal Access

The site administrator has access to information needed to operate the Service, including:

• Account information such as your name, email address, and profile or preference data you provide
• Support communications and account history
• Usage data and preferences for troubleshooting purposes

This information is accessed only as needed to provide customer support and maintain the service. All data is handled in accordance with this Privacy Policy and applicable data protection laws.

4.2 Third-Party Service Providers

We may share information with service providers who process data on our behalf:

Payment processing (if introduced): If paid DSM plans are offered, we may use a payment processor (for example, Stripe). We will describe categories of data shared at that time. At launch we do not use a payment processor to charge you for DSM access.

Push Notifications:

• Perfecty Push (push notifications service) used to send notifications you opt into
• Information shared: Anonymous subscription endpoint data and UUIDs necessary to deliver notifications
• Purpose: Deliver opted-in push notifications about timers and updates
• Data protection: Uses the browser’s Web Push infrastructure; you can revoke permission in your browser at any time

Email Services:

• Email service providers for notifications
• Information shared: Email addresses, notification preferences
• Purpose: Deliver service notifications and marketing communications
• Data protection: Encrypted transmission and storage

Third-party operators (sweepstakes / promotions you choose): When you leave our Service to participate on a third-party site, that operator’s privacy policy and tracking technologies apply. We may share limited referral or attribution signals with an operator or its technology providers only to the extent required to run links or incentives we disclose to you.

Analytics and Performance:

• Analytics service providers (when enabled and, where required, with appropriate consent)
• Information shared: Anonymized or aggregated usage data, performance metrics
• Purpose: Service improvement and optimization
• Data protection: Data anonymization and aggregation where feasible

Customer Support:

• Support platform providers (if used)
• Information shared: Support communications, account information
• Purpose: Provide customer assistance
• Data protection: Secure data transmission and access controls

WordPress core features we use:

• Password reset emails: If you request a password reset, your IP address may be included in the reset email as part of WordPress core behavior
• Contact and security tooling: IP address and user agent may be processed for spam prevention on forms we operate

4.3 Referral and incentive disclosures

Some links may connect you to third-party sweepstakes or promotions and may be associated with non-cash incentives (for example, platform credits such as “Sweepstakes Coins”) governed by the third party. We describe the Service as a tool; we do not operate those third-party promotions. Clear and conspicuous disclosures may appear near links or in our Terms—counsel should review incentive mechanics and FTC endorsement guidance for your specific programs.

4.4 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal process (subpoenas, court orders)
• Government investigations
• Regulatory compliance requirements
• Law enforcement requests
• Protection of rights and safety
• FTC compliance and disclosure requirements

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

4.6 Consent-Based Sharing

We may share information with your explicit consent for specific purposes not covered in this policy.

5. Data Security

5.1 Security Measures

We implement reasonable technical and organizational measures to protect your information:

Technical Safeguards:

• SSL/TLS encryption for data transmitted to and from our site
• Secure authentication and authorization within our platform
• Least-privilege access to production systems

Administrative Safeguards:

• Access controls for site administrators
• Incident response and breach notification procedures

Physical/Platform Safeguards:

• Hosting provider safeguards and regular backups

5.2 Data Breach Response

In the event of a personal data breach, we will take reasonable steps to investigate and mitigate harm, notify affected users as required by applicable law, and report to authorities where required. Timing and content of notices depend on the nature of the incident and your jurisdiction.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data in a portable format
• Review how your information is being used
• Verify the accuracy of your data

6.2 Correction and Updates

You may:

• Update your account information at any time
• Correct inaccurate or incomplete data
• Request assistance with data updates
• Modify your preferences and settings

6.3 Deletion and Retention

You have the right to:

• Request deletion of your personal information
• Close your account and remove associated data
• Understand our data retention practices
• Request specific data deletion (subject to legal requirements)

6.4 Marketing Communications

You may:

• Opt out of marketing emails at any time
• Modify your communication preferences
• Unsubscribe from newsletters and promotions
• Control notification settings

6.5 Data Export and Deletion Rights

For registered users: If you have an account, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase personal data we hold about you, subject to exceptions (for example, data we must keep for administrative, legal, or security purposes).

6.6 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@dailysweepstakesmanager.com
• Response time: Within 30 days of request
• Identity verification may be required
• No fee for reasonable requests

6.7 Additional Data Subject Rights

As a data subject, you have additional rights under applicable data protection laws:

Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it.

Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete.

Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so.

Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data.

Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another organisation. This would be sent in a structured, commonly used, electronic form.

Right to object: You can object to us using your personal data for a particular purpose.

Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain situations.

7. Cookies and Tracking Technologies

Note: We are finalizing our cookie preference center and measurement stack. This Section describes categories we may use and first-party cookies we do use today; we will update this Section and our Cookie Preferences page together when those tools are finalized.

7.1 Types of Cookies

We use the following categories:

Essential Cookies:

• Required for Service functionality
• Authentication and security
• Cannot be disabled without affecting core Service behavior

Authentication and session cookies (WordPress / DSM):

• A temporary cookie may be set on the login page to test whether your browser accepts cookies; it typically contains no personal data and is discarded when you close your browser
• When you log in, WordPress may set cookies to save login state and screen options (for example, “Remember Me” for up to two weeks, or shorter sessions when not selected). If you log out, login cookies are removed

Preference Cookies:

• Remember your settings and preferences where we offer preference storage
• Can be disabled in browser settings (some features may degrade)

Analytics Cookies (if enabled):

• May collect usage statistics when you opt in through our cookie controls and we load an analytics tool
• Can be disabled through cookie preferences when that tooling is active

Referral / third-party cookies:

• Third-party operators you visit from our links may set their own cookies; those are governed by the third party’s policies

7.2 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Our cookie preference center (when enabled on the site)
• Third-party opt-out tools where available

Disabling optional cookies may limit certain convenience features but should not block core timer functionality you are entitled to use without charge at launch.

7.3 Do Not Track

“Do Not Track” signals are not consistently standardized. We configure our own first-party analytics (if any) to respect the choices you make in our cookie preference UI when that UI is available. Third-party sites and partners may not honor the same signals.

7.4 Service Cookies We Set

We set first-party cookies for the following purposes (typical expiration: up to 1 year unless otherwise noted):

• Session identifier for associating cookie consent with your visit
• Flags that remember your cookie preferences (essential, analytics, marketing)
• A timestamp of your most recent consent action

We also use standard WordPress authentication and display preference cookies as described in Section 7.1.

7.5 LocalStorage and Similar Technologies

We use browser storage (e.g., LocalStorage) to store non-sensitive preferences and performance caches, such as:

• Push Notification User ID (for delivering opted-in push notifications)
• Last Activity Timestamp (for idle reminder and UX features)
• User Timer Settings Cache and Available Timers Cache (to improve loading performance)
• Timer Sort Preference and Available Timers Sort Preference (to remember your choices)
• Client-side timer state keys (to improve resilience across reloads)

These values stay on your device and can be cleared via your browser settings.

8. Children’s Privacy and linked third-party sites

8.1 Not directed at children under 13

Our Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in connection with the DSM Service. If you believe a child under 13 has provided us personal information, contact privacy@dailysweepstakesmanager.com and we will take appropriate steps.

8.2 Teen and adult users; DSM registration attestation

DSM is intended for users who can understand and agree to our Terms and this Policy. Our account registration flow may ask you to confirm you are 18 or older and to agree to the Terms of Service. That attestation helps align expectations for contracting and for tools that relate to promotions that often require adult participants.

8.3 Third-party operators may require 18+ or 21+

Many sweepstakes and promotions are operated by third parties that impose 18+ or 21+ eligibility (and other residency or entry rules). Those rules are set by the operator, not by DSM. DSM does not operate those promotions. You are responsible for complying with each operator’s official rules.

8.4 No standalone “COPPA program” claim

COPPA protections focus on sites or services directed to children under 13 (and certain other cases). DSM is a timer and organization tool aimed at general audiences who use third-party promotions at their own choice. Do not interpret Section 8 as a guarantee that every linked promotion is lawful, appropriate, or available in your jurisdiction—operators are responsible for their own compliance.

8.5 Parental / guardian contact

If you are a parent or guardian and have questions about information associated with your household’s use of DSM, contact privacy@dailysweepstakesmanager.com.

9. Automated Decision Making

9.1 Automated Processing

We do not use your personal data in any automated processes to make decisions about you that would have legal or similarly significant effects.

9.2 Profiling

Any profiling we conduct is limited to:
• Service personalization and customization
• Analytics for service improvement
• Fraud prevention and security
• Marketing optimization (with appropriate consent)

You have the right to object to profiling and request human review of any automated decisions that affect you.

10. Technical and Operational Security

10.1 What we do today

We take security seriously, but no online service is perfectly secure. At launch, we do not offer end-user two-factor authentication (2FA) inside DSM accounts. Depending on configuration, we may rely on:

• Transport security (HTTPS/TLS) between your browser and our servers for normal site usage
• Industry-standard password hashing for DSM account passwords (handled by WordPress and our application code)
• Access controls for administrative accounts and hosting interfaces (specific controls depend on our hosting provider and configuration)
• Reasonable monitoring and patching practices appropriate to the size and risk of the Service

10.2 Administrator responsibilities

If you are an administrator of a DSM deployment, you are responsible for securing administrator credentials, keeping WordPress and plugins updated, and following your host’s security recommendations.

10.3 Incident handling

If we become aware of an incident that affects personal data, we work to mitigate harm and provide notices as required by applicable law (see Section 5.2).

11. Business Transfers and Changes

11.1 Ownership Changes

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of DSM. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

11.2 Notification of Changes

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. We will ensure that any acquiring party agrees to protect your personal data in accordance with this Privacy Policy.

12. International Data Transfers

12.1 Data Processing Locations

Your information may be processed in:

• United States (primary location)
• Other countries where our service providers operate
• Countries with adequate data protection laws

12.2 Transfer safeguards (deferred update)

We are completing an inventory of subprocessors, processing locations, and transfer mechanisms (for example, Standard Contractual Clauses or other lawful transfer tools) for personal data that may be accessed from the EU/UK or other regions. Until this Section is updated, if you need information about international transfers for a specific jurisdiction, contact privacy@dailysweepstakesmanager.com and we will respond consistent with applicable law.

_(Previous generic references to defunct frameworks are intentionally removed pending counsel-approved wording.)_

12.3 EU and UK Users

For users in the European Union and United Kingdom:

• We comply with GDPR requirements
• Legal basis for processing is provided
• Additional rights may apply
• Contact our Data Protection Officer: dpo@dailysweepstakesmanager.com

13. State-Specific Privacy Rights

13.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

Right to Know:

• Categories of personal information collected
• Purposes for collecting information
• Third parties with whom information is shared
• Specific pieces of information collected

Right to Delete:

• Request deletion of personal information
• Exceptions for legal requirements
• Confirmation of deletion upon request

Right to Opt-Out:

• Opt out of sale of personal information
• We do not sell personal information

Non-Discrimination:

• No discrimination for exercising CCPA rights
• Same service quality regardless of privacy choices

13.2 Oregon Residents

Oregon residents may have additional rights under state privacy laws:

• Right to access personal information
• Right to correct inaccurate information
• Right to data portability
• Right to opt out of certain data processing

13.3 Other State Laws

We comply with applicable state privacy laws and will update this policy as new laws take effect.

14. Data Retention

14.1 Retention Periods

We retain your information for the following periods:

Account Information:

• Active accounts: Until account deletion
• Closed accounts: 30 days after closure
• Legal requirements: As required by law

Payment records (if billing is introduced): If we begin charging for DSM, we will retain payment and tax records only as long as required by law and our processor relationships. At launch we do not bill for DSM access; this bullet may not apply until billing exists.

Referral and incentive telemetry (if used): We may retain click or attribution logs long enough to operate disclosures, prevent abuse, and satisfy recordkeeping that applies to our programs. Exact periods depend on implementation; contact privacy@dailysweepstakesmanager.com for details relevant to your account.

Usage Data:

• Analytics data: 24 months
• Log files: 12 months
• Support communications: 3 years

Account and profile data:

• For registered users, we store profile and preference information you provide until you delete your account or ask us to delete it, subject to legal exceptions
• WordPress may restrict changing certain identifiers (such as usernames) for technical reasons

Cookie Consent Records:

• We retain records of your cookie preferences (including a session identifier, IP address, user agent, consent flags, and consent date) in a dedicated database table for compliance and auditing

Contact Form Submissions:

• We retain your contact submission data (name, email, subject, message, IP, user agent, submission time) in a dedicated database table to provide support and maintain records

Optional guest sessions: If guest mode is enabled, guest session rows and related data are retained for operational purposes (including inactivity cleanup policies) and are described further in our internal data map (`INTERNAL_LEGAL_TRUTH_TABLE.md`).

Premium / payment metadata (legacy or future): The codebase may support premium or payment features. If those features are not used for your account, we may still retain minimal historical metadata if it exists from prior testing or legacy operations. If you need a specific deletion review, contact privacy@dailysweepstakesmanager.com.

14.2 Deletion Process

When retention periods expire, we:

• Securely delete personal information
• Anonymize data where possible
• Maintain anonymized analytics where appropriate
• Provide deletion confirmation upon request when feasible
• Coordinate with third-party operators only where we have an ongoing obligation or technical ability related to a lawful request

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New legal requirements
• Service improvements
• User feedback

15.2 Notification of Changes

We will notify you of material changes by:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications
• Updated effective date

15.3 Continued Use

Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

16. Contact Information

16.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

Email: privacy@dailysweepstakesmanager.com Subject Line: Privacy Policy Inquiry Response Time: Within 5 business days

16.2 Data Protection Officer

For GDPR-related inquiries:

Email: dpo@dailysweepstakesmanager.com Subject Line: GDPR Inquiry Response Time: Within 30 days

16.3 Regulatory complaints

You have the right to file complaints with:

• Oregon Attorney General’s Office
• Federal Trade Commission
• Your local data protection authority (for EU residents)

17. Effective Date and Acknowledgment

This Privacy Policy is effective as of 2026-04-30 and applies to all users of the Daily Sweepstakes Manager service.

By using our Service, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data practices.

—

This Privacy Policy was last updated on 2026-04-30. We encourage you to review this policy periodically for any changes.