Privacy Policy

Last updated: May 2026

Introduction

MagicDay ("we", "our", "the app") is a Walt Disney World companion app developed by Tom Halls, a sole trader based in the United Kingdom. We are committed to protecting your privacy and being transparent about how we handle your data.

This policy explains what information MagicDay collects, how it is used, and your rights regarding that data. By using MagicDay, you agree to the practices described in this policy.

MagicDay is not affiliated with, endorsed by, or sponsored by The Walt Disney Company or any of its subsidiaries.

What Data We Collect

MagicDay is designed with a privacy-first approach. We do not require user accounts, and we do not collect email addresses or passwords. Here is what we do collect:

Stored locally on your device (UserDefaults):

  • Trip dates (arrival and departure)
  • Resort selection
  • Ride preferences and route plans
  • Dining and Lightning Lane watch lists
  • App settings and preferences

This data never leaves your device unless explicitly sent to our backend for features like dining or Lightning Lane alerts.

Collected by the app:

  • Push notification tokens — if you enable notifications, Apple provides a device token so we can send dining and Lightning Lane availability alerts. This token is not linked to your identity.
  • Partner referral codes — if you arrive via a partner referral link, the referral code is stored locally and sent to our backend for attribution purposes. No personally identifiable information is linked to this code.
  • Anonymous usage analytics — minimal, anonymous app usage data to help us understand how features are used and improve the app. This data cannot be used to identify you.
  • AI plan generation context — if you use our Premium AI day-plan feature, a trip-context payload (today's date, your party size, optional child ages, hotel name, today's park, your route summary, your active dining and Lightning Lane watches, and any trip notes you've added) is sent to our backend and forwarded to Anthropic (our AI sub-processor) to generate a personalised itinerary. We do not send your name, email address, location data, or your APNs push token to Anthropic. See the AI Plan Generation section below for full detail.

What we do NOT collect:

  • Location data (no GPS tracking whatsoever)
  • Email addresses or passwords (no accounts required)
  • Contacts, photos, or other device data
  • Advertising identifiers

How We Use Your Data

The data we collect is used solely to provide and improve the MagicDay experience:

  • Push notification tokens are used to deliver dining and Lightning Lane availability alerts you have opted into
  • Partner referral codes are used to attribute referrals to the correct partner
  • Anonymous analytics help us understand feature usage patterns and prioritise improvements

Third-Party Services

MagicDay uses a small number of third-party services:

  • RevenueCat — handles in-app purchase processing. Their SDK collects anonymous purchase-related data (such as transaction identifiers) to manage subscriptions. RevenueCat does not receive your name, email, or any personal information from MagicDay. See RevenueCat's Privacy Policy.
  • Apple — the App Store handles payment processing for in-app purchases. Apple Push Notification service (APNs) delivers push notifications. See Apple's Privacy Policy.
  • Cloudflare — provides hosting for our website and API infrastructure, including security and performance services. Cloudflare may set minimal security cookies. See Cloudflare's Privacy Policy.
  • Anthropic — powers our AI day-plan generation feature. When you generate a plan, your trip context is sent to Anthropic's Claude API to produce a personalised itinerary. Anthropic does not use this data to train their models (we use the standard, non-training API). See Anthropic's Privacy Policy and their Commercial Terms of Service. If you never generate an AI plan, no data is sent to Anthropic.

We do not sell, rent, or share your data with any other third parties.

Cookies

The MagicDay website (magicday.today) does not use tracking cookies, advertising cookies, or analytics cookies. The only cookies that may be present are Cloudflare's essential security cookies, which are required for the website to function properly and cannot be used to identify you personally.

Data Storage and Retention

The vast majority of your data is stored locally on your device using Apple's UserDefaults system. This data is:

  • Stored only on your device
  • Not backed up to our servers
  • Automatically deleted when you uninstall the app

Push notification tokens are stored on our backend servers for as long as you have notifications enabled. If you disable notifications or uninstall the app, the token becomes invalid and is purged from our systems.

AI Plan Generation

MagicDay's Premium AI day-plan feature is powered by Claude (made by Anthropic). It generates a personalised itinerary for your park day based on your party profile and live conditions.

AI plans are opt-in. Plan generation only runs when you tap "Generate My Plan" or "Quick Plan" inside the app. If you never generate a plan, no data is sent to Anthropic.

What we send to Anthropic when you generate a plan:

  • A trip-context payload built from data you've already entered into MagicDay: today's date, your local timezone and language, your destination (Walt Disney World / Disneyland / Disneyland Paris), trip phase, party makeup (number of adults and children, optional child ages and heights, optional trip priorities, accessibility considerations, and any trip notes you've added), your hotel, today's park, your planned route summary, your active Lightning Lane and dining watch lists, and live wait times for today's park.

What we do NOT send to Anthropic:

  • Your name, email, or any account credentials (MagicDay doesn't have accounts).
  • Your APNs push token or any other device identifier.
  • Your precise location (we don't collect it).
  • Your payment or subscription information.

How Anthropic handles the data: we use Anthropic's standard commercial API. Per Anthropic's Commercial Terms, your plan generation requests are not used to train Anthropic's models. Anthropic may retain prompts and outputs for up to 30 days for trust-and-safety review. See Anthropic's Privacy Policy for full detail.

Children's Privacy

MagicDay is designed for use by families visiting Walt Disney World, and may be used by children as part of a family group. However, we do not knowingly collect personal data from children under the age of 13. Since MagicDay does not require user accounts and does not collect personally identifiable information, children can use the app without providing personal data.

AI plan generation: the AI plan feature is intended to be used by adult trip planners. Generated plans are stored locally on your device only.

If you believe a child under 13 has provided personal information to us, please contact us at tom@magicday.today and we will take steps to delete such information promptly.

Your Rights (GDPR and UK GDPR)

If you are located in the United Kingdom or European Economic Area, you have the following rights under the UK GDPR and EU GDPR:

  • Right of access — you can request a copy of any data we hold about you
  • Right to erasure — you can request that we delete any data we hold about you
  • Right to rectification — you can request correction of inaccurate data
  • Right to data portability — you can request your data in a machine-readable format
  • Right to object — you can object to processing of your data
  • Right to restrict processing — you can request that we limit how we use your data

Since MagicDay stores almost all data locally on your device, you can exercise most of these rights simply by deleting the app or clearing its data in your device settings.

For any data held on our servers (such as push notification tokens), contact us at tom@magicday.today and we will respond within 30 days.

Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

  • Right to know — you can request details about the personal information we collect and how it is used
  • Right to delete — you can request deletion of your personal information
  • Right to opt out of sale — MagicDay does not sell your personal information to third parties
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at tom@magicday.today.

Data Security

We take reasonable measures to protect the limited data we handle. Our API infrastructure is hosted on Cloudflare with HTTPS encryption for all data in transit. Local data on your device is protected by your device's own security measures (passcode, Face ID, etc.).

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

MagicAgent CRM

MagicDay also operates MagicAgent CRM (crm.magicday.today), a separate subscription product for Disney and Universal specialist travel agents. MagicAgent has its own comprehensive privacy and data processing policy that covers the agent–client data relationship, GDPR controller/processor obligations, sub-processors, and data residency.

If you are a travel agent evaluating MagicAgent for your agency, please read the MagicAgent Privacy & Data Processing Policy.

Contact Us

If you have any questions about this privacy policy or how MagicDay handles your data, please contact:

Tom Halls
Email: tom@magicday.today
Website: magicday.today