Udayta
Cart
Provider LoginFor Business

Legal

Privacy Policy

Effective date: June 9, 2026

Summary: Udayta collects your name, email, phone, and service preferences to match you with local providers and process bookings. We use Stripe for payments, Twilio for SMS, Resend for email, and Supabase for secure data storage. We do not sell your personal information. You can request deletion at any time.

1. Who We Are

Udayta (“Udayta,” “we,” “our,” or “us”) operates the Udayta marketplace at www.udayta.com, a platform that helps consumers in the Naperville/Chicago metro area discover and book local beauty, wellness, and lifestyle service providers. Our SmartMatch technology recommends providers based on your preferences, location, and availability.

Questions about this policy? Contact us at privacy@udayta.com or support@udayta.com.

2. Information We Collect

2a. Information you provide directly

  • Account registration: When you sign in with Google, we receive your name, email address, and profile picture from Google OAuth. We store this to create and maintain your Udayta account.
  • Service requests and bookings: When you submit an availability request, lead, or appointment request, we collect your name, email address, phone number (if provided), preferred service, requested date and time window, and any notes you include.
  • Contact form: When you contact us, we collect your name, email, phone (optional), and message.
  • Provider signup: Businesses that apply to join Udayta provide their company name, email, phone, service category, city, state, ZIP, and website. Providers who claim an existing listing also provide their role, contact information, verification details, and any supporting documents.
  • Plans and saved items: If you create a plan (e.g., “Date Night”) or save providers, listings, or experiences, we store those preferences to your account.
  • Payment information: Payments are processed by Stripe, Inc. Udayta does not store your full card number, CVV, or bank account details. Stripe handles all payment data under their own privacy policy.

2b. Information collected automatically

  • Usage data: Pages visited, features used, search queries, and service preferences — used to personalize SmartMatch recommendations.
  • Device and log data: IP address, browser type, and referrer URL — used for security, fraud prevention, and debugging.
  • Session cookies: We use session tokens (stored in HTTP-only cookies) to keep you logged in. Provider sessions use a token-based system; consumer sessions use Supabase Auth.
  • Affiliate tracking: We partner with Impact.com for affiliate referral tracking. Impact's script may set cookies to track whether you arrived via an affiliate link. See Section 7 for more detail.

2c. Information from third parties

  • Google Places API: We import publicly available business data (name, address, phone, website, photos, ratings) to populate our provider directory. This is public data; no personal consumer information is received via this integration.
  • Ticketmaster API: We import publicly available event data (title, date, venue, image, ticket URL) to display local events. No personal consumer information is received from Ticketmaster.

3. How We Use Your Information

  • SmartMatch recommendations: Your service preferences, location, timing, and activity history are used to rank and recommend local providers that best fit your needs.
  • Connecting you with providers: When you submit a booking or availability request, your name, contact information, and request details are shared with the provider you selected so they can follow up.
  • Account management: To authenticate you, maintain saved items and plans, and display your booking history.
  • Transactional communications: We send confirmation emails, booking updates, and account notifications via Resend. We send SMS updates via Twilio only when you have explicitly opted in.
  • Fraud and spam prevention: We use your IP address and submission data to detect abusive or automated submissions, particularly for claim listing and lead generation forms.
  • Platform improvement: Aggregated, de-identified usage data helps us understand which features are most useful and how to improve SmartMatch accuracy.
  • Legal compliance: We may process your data to comply with applicable laws, respond to legal process, or protect our rights and the safety of our users.

4. How We Share Your Information

  • With providers you contact: When you submit a booking, availability request, or lead, the provider receives your name, contact information, requested service, and notes. Providers are independent businesses, not Udayta employees.
  • Service providers (sub-processors): We share data with trusted vendors who help us operate the platform:
    • Supabase: Database hosting and file storage (provider photos and documents).
    • Stripe, Inc.: Payment processing. Stripe is a PCI-DSS compliant payment processor.
    • Resend: Transactional email delivery (booking confirmations, account notifications).
    • Twilio, Inc.: SMS messaging when you have opted in to text updates.
    • Google LLC: OAuth sign-in and Google Places data for provider listings.
    • Impact.com: Affiliate tracking and referral attribution. See Section 7.
  • Business transfers: If Udayta is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is transferred and subject to a different privacy policy.
  • Legal requirements: We may disclose your information if required by law, subpoena, or to protect the safety of any person.
  • We do not sell your personal information to advertisers or data brokers.

5. Text Messages (SMS)

Udayta uses Twilio to send SMS messages. We send text messages only when you have explicitly opted in — either by checking an SMS consent checkbox on a booking form or by indicating your preference during provider signup.

  • Message frequency varies based on your bookings and requests.
  • Message and data rates may apply.
  • To opt out, reply STOP to any message. To get help, reply HELP.
  • Opting out of SMS does not affect other services or email communications.

6. Cookies and Tracking

  • Authentication cookies: HTTP-only session cookies that keep you logged in. These are essential to the service and cannot be disabled without logging out.
  • Preference storage: We may use localStorage to remember your SmartMatch search preferences between sessions.
  • Affiliate tracking (Impact.com): The Impact.com script on our site sets cookies to track whether you arrived through an affiliate or referral link. This helps us attribute credit to referring partners. Impact.com may collect your IP address and device information for this purpose. You may opt out of Impact tracking via their privacy portal at impact.com/privacy.

We do not use advertising trackers (Google Ads, Meta Pixel) or behavioral profiling cookies beyond what is described above.

7. Affiliate Links and Sponsored Content

Udayta participates in affiliate programs. Some links on our site — including links to events, tickets, products, or restaurants — may be affiliate links, which means we may earn a commission if you click through and make a purchase.

  • Event ticket links: Links to Ticketmaster and affiliated ticketing platforms may be affiliate links. Clicking these links does not cost you anything extra.
  • Shopping links: Links to products in our Shop section may be affiliate links.
  • Experiences: Restaurant and venue suggestions in our Experiences section may include affiliate or referral links.

Affiliate relationships do not influence which providers or events appear in SmartMatch results. SmartMatch rankings are based solely on provider quality, availability, and fit signals.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until you delete your account or request deletion.
  • Booking and request records: Retained for up to 3 years to support dispute resolution and service history.
  • Lead data: Retained for up to 2 years unless you request earlier deletion.
  • Provider claim data: Retained indefinitely as part of our platform integrity records.
  • Server logs (IP, user agent): Retained for up to 90 days for security and debugging.
  • Payment records: Stripe retains payment data subject to their retention policies and legal obligations.

9. Your Rights and Choices

Depending on where you live, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate data.
  • Deletion: Request that we delete your personal data. We will honor deletion requests within 30 days except where we are required to retain data by law.
  • Opt-out of SMS: Reply STOP to any text message.
  • Delete your account: Email support@udayta.com to request account deletion.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, to delete it, to correct it, and to opt out of the “sale” or “sharing” of your personal information. Udayta does not sell personal information. We do not discriminate against you for exercising these rights.

10. Data Security

We implement reasonable technical and organizational measures to protect your information, including HTTPS encryption, HTTP-only session cookies, server-side rate limiting, and access controls on our database. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Udayta is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe we have collected such information, please contact support@udayta.com.

12. Third-Party Links

Our platform contains links to third-party websites and services (Ticketmaster, Google Maps, provider websites). Udayta is not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or an in-app notice. Your continued use of Udayta after changes take effect constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:

HomeTerms of ServiceContact