Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Create an account (name, email address, password);
• Subscribe to a paid plan (billing name, billing address);
• Contact us for support (name, email, message content);
• Fill out forms or surveys (any information you voluntarily submit);
• Connect your business (company name, industry, revenue range).

1.2 Customer Data from Third-Party Integrations

When you connect Third-Party Services (such as Shopify, Amazon Seller Central, Meta Ads, Google Ads, Klaviyo, WooCommerce, or others), we collect and process data from those platforms on your behalf to provide the Service. This includes sales data, order data, advertising data, inventory data, customer analytics, and other business data you have authorized us to access. This data is your Customer Data and is processed solely to deliver the Service to you.

1.3 Usage Data We Collect Automatically

When you access or use the Service, we automatically collect certain information, including:

• Log data: IP address, browser type and version, pages visited, time and date of visit, time spent on pages, referring URL;
• Device data: Hardware model, operating system, unique device identifiers;
• Usage data: Features accessed, actions taken within the Service, errors encountered;
• Cookies and similar technologies: See Section 6 for details.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service;
• Process payments and manage your subscription;
• Generate AI-powered insights, summaries, and the Dashified Score based on your Customer Data;
• Send you transactional communications (receipts, account notifications);
• Send you product updates, newsletters, and marketing communications (you may opt out at any time);
• Respond to your support requests and inquiries;
• Monitor and analyze usage patterns to improve the Service;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations;
• Enforce our Terms of Service and other applicable policies.

We do not use your Customer Data to train machine learning or AI models that are shared across customers without your explicit opt-in consent. AI features within your account process your data to generate insights for you, within your account only.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases to process your personal data:

• Contract: Processing necessary to perform our contract with you (providing the Service, processing payments, managing your account);
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security — where these interests are not overridden by your rights;
• Legal Obligation: Processing necessary to comply with applicable law (tax records, regulatory requirements);
• Consent: Processing for marketing communications or optional features, where we have obtained your consent. You may withdraw consent at any time.

4. How We Share Your Information

We do not sell your personal data or Customer Data to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with third-party vendors and service providers that help us deliver the Service, including cloud hosting providers (AWS), payment processors (Stripe), email delivery services, analytics providers, and customer support tools. These parties are contractually obligated to use your data only as necessary to provide services to us and in compliance with applicable law.

4.2 Business Transfers

If Dashified is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you by email and/or a prominent notice on our website of any change in ownership or uses of your personal data.

4.3 Legal Requirements

We may disclose your information when required to do so by law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Dashified, our customers, or others; or to detect, prevent, or address fraud, security, or technical issues.

4.4 With Your Consent

We may share your information with your explicit consent for any other purpose not described in this policy.

5. Data Retention

We retain your personal data and Customer Data for as long as your account is active or as needed to provide you the Service. If you cancel your account, we will retain your data for 30 days to allow you to export it, after which we will delete it from our systems except where we are required by law to retain it longer (such as financial records, which we retain for seven years).

Aggregated, anonymized data derived from Customer Data may be retained indefinitely for product improvement and statistical purposes, as this data cannot be used to identify you.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small data files stored on your device. We use:

• Strictly necessary cookies: Essential for the Service to function (authentication, session management). These cannot be disabled.
• Functional cookies: Remember your preferences and settings (theme, language).
• Analytics cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-preserving analytics.
• Marketing cookies: Used to deliver relevant advertisements on our website. These are only set with your consent.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. For full details, see our Cookie Policy at dashified.com/cookies.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit using TLS 1.2 or higher;
• Encryption of data at rest using AES-256;
• Read-only API connections to Third-Party Services;
• Access controls and least-privilege principles for our team;
• Regular review of security practices as the platform scales.

No method of transmission or storage is 100% secure. If you become aware of any security vulnerability or breach, please notify us immediately at security@dashified.com.

8. International Data Transfers

Dashified is based in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure that such transfers comply with applicable data protection laws by using Standard Contractual Clauses approved by the European Commission for transfers from the EEA, and equivalent mechanisms for transfers from other jurisdictions.

9. Your Privacy Rights

9.1 All Users

Regardless of location, you have the right to:

• Access and export your Customer Data at any time from your account settings;
• Update or correct your personal information;
• Delete your account and associated data;
• Opt out of marketing communications at any time via the unsubscribe link or account settings.

9.2 EEA, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the additional rights to:

• Access: Request a copy of the personal data we hold about you;
• Rectification: Request correction of inaccurate personal data;
• Erasure: Request deletion of your personal data ("right to be forgotten");
• Restriction: Request that we restrict processing of your personal data;
• Portability: Receive your personal data in a structured, machine-readable format;
• Objection: Object to processing of your personal data for legitimate interest purposes;
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@dashified.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: The categories and specific pieces of personal information we have collected about you, the sources, our purposes, and the categories of third parties with whom we share it;
• Right to Delete: Request deletion of personal information we have collected from you (subject to certain exceptions);
• Right to Correct: Request correction of inaccurate personal information;
• Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising;
• Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond the purposes permitted by the CPRA;
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California rights, contact us at privacy@dashified.com or use the "Do Not Sell or Share My Personal Information" link in the footer of our website. We will verify your identity before processing requests.

10. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 18, please contact us at privacy@dashified.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

For EEA residents, our EU Representative can be reached at: eu-rep@dashified.com.