Privacy Policy

Last updated: April 2026

Introduction

MagicDay ("we", "our", "the app") is a Walt Disney World companion app developed by Tom Halls, a sole trader based in the United Kingdom. We are committed to protecting your privacy and being transparent about how we handle your data.

This policy explains what information MagicDay collects, how it is used, and your rights regarding that data. By using MagicDay, you agree to the practices described in this policy.

MagicDay is not affiliated with, endorsed by, or sponsored by The Walt Disney Company or any of its subsidiaries.

What Data We Collect

MagicDay is designed with a privacy-first approach. We do not require user accounts, and we do not collect email addresses or passwords. Here is what we do collect:

Stored locally on your device (UserDefaults):

  • Trip dates (arrival and departure)
  • Resort selection
  • Ride preferences and route plans
  • Dining and Lightning Lane watch lists
  • App settings and preferences

This data never leaves your device unless explicitly sent to our backend for features like dining or Lightning Lane alerts.

Collected by the app:

  • Push notification tokens — if you enable notifications, Apple provides a device token so we can send dining and Lightning Lane availability alerts. This token is not linked to your identity.
  • Partner referral codes — if you arrive via a partner referral link, the referral code is stored locally and sent to our backend for attribution purposes. No personally identifiable information is linked to this code.
  • Anonymous usage analytics — minimal, anonymous app usage data to help us understand how features are used and improve the app. This data cannot be used to identify you.

What we do NOT collect:

  • Location data (no GPS tracking whatsoever)
  • Email addresses or passwords (no accounts required)
  • Contacts, photos, or other device data
  • Advertising identifiers

How We Use Your Data

The data we collect is used solely to provide and improve the MagicDay experience:

  • Push notification tokens are used to deliver dining and Lightning Lane availability alerts you have opted into
  • Partner referral codes are used to attribute referrals to the correct partner
  • Anonymous analytics help us understand feature usage patterns and prioritise improvements

Third-Party Services

MagicDay uses a small number of third-party services:

  • RevenueCat — handles in-app purchase processing. Their SDK collects anonymous purchase-related data (such as transaction identifiers) to manage subscriptions. RevenueCat does not receive your name, email, or any personal information from MagicDay. See RevenueCat's Privacy Policy.
  • Apple — the App Store handles payment processing for in-app purchases. Apple Push Notification service (APNs) delivers push notifications. See Apple's Privacy Policy.
  • Cloudflare — provides hosting for our website and API infrastructure, including security and performance services. Cloudflare may set minimal security cookies. See Cloudflare's Privacy Policy.

We do not sell, rent, or share your data with any other third parties.

Cookies

The MagicDay website (magicday.today) does not use tracking cookies, advertising cookies, or analytics cookies. The only cookies that may be present are Cloudflare's essential security cookies, which are required for the website to function properly and cannot be used to identify you personally.

Data Storage and Retention

The vast majority of your data is stored locally on your device using Apple's UserDefaults system. This data is:

  • Stored only on your device
  • Not backed up to our servers
  • Automatically deleted when you uninstall the app

Push notification tokens are stored on our backend servers for as long as you have notifications enabled. If you disable notifications or uninstall the app, the token becomes invalid and is purged from our systems.

Children's Privacy

MagicDay is designed for use by families visiting Walt Disney World, and may be used by children as part of a family group. However, we do not knowingly collect personal data from children under the age of 13. Since MagicDay does not require user accounts and does not collect personally identifiable information, children can use the app without providing personal data.

If you believe a child under 13 has provided personal information to us, please contact us at tom@magicday.today and we will take steps to delete such information promptly.

Your Rights (GDPR and UK GDPR)

If you are located in the United Kingdom or European Economic Area, you have the following rights under the UK GDPR and EU GDPR:

  • Right of access — you can request a copy of any data we hold about you
  • Right to erasure — you can request that we delete any data we hold about you
  • Right to rectification — you can request correction of inaccurate data
  • Right to data portability — you can request your data in a machine-readable format
  • Right to object — you can object to processing of your data
  • Right to restrict processing — you can request that we limit how we use your data

Since MagicDay stores almost all data locally on your device, you can exercise most of these rights simply by deleting the app or clearing its data in your device settings.

For any data held on our servers (such as push notification tokens), contact us at tom@magicday.today and we will respond within 30 days.

Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

  • Right to know — you can request details about the personal information we collect and how it is used
  • Right to delete — you can request deletion of your personal information
  • Right to opt out of sale — MagicDay does not sell your personal information to third parties
  • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at tom@magicday.today.

Data Security

We take reasonable measures to protect the limited data we handle. Our API infrastructure is hosted on Cloudflare with HTTPS encryption for all data in transit. Local data on your device is protected by your device's own security measures (passcode, Face ID, etc.).

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or how MagicDay handles your data, please contact:

Tom Halls
Email: tom@magicday.today
Website: magicday.today