Privacy Policy

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, and password when you create an account
• Project Information: Project descriptions, technical requirements, and specifications submitted through tickets
• Payment Information: Billing address and payment details (processed securely by our payment processor)
• Communications: Messages, emails, and support requests you send to us

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
• Device Information: Browser type, operating system, IP address, device identifiers
• Log Data: Access times, error logs, and performance metrics
• Cookies and Tracking: Information collected through cookies and similar technologies (see Section 5)

2.3 Information from Third Parties

• Analytics Providers: Google Analytics provides aggregated usage statistics
• Payment Processors: Transaction confirmations and payment status

3.1 Service Delivery

• Creating and managing your account
• Processing development tickets and delivering completed work
• Communicating project updates and delivery notifications
• Providing customer support and responding to inquiries
• Processing payments and managing subscriptions

3.2 Service Improvement

• Analyzing usage patterns to improve features and user experience
• Identifying and fixing technical issues
• Conducting internal research and development
• Training AI systems to improve delivery speed and quality

3.3 Business Operations

• Sending important account and service updates
• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations and enforcing our Terms of Service
• Resolving disputes and enforcing agreements

3.4 Marketing (With Your Consent)

• Sending promotional emails about new features and updates (you can opt out anytime)
• Showcasing anonymized case studies and portfolio examples

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

• Vercel: Hosting and infrastructure (United States)
• Neon Database: Data storage and management (United States)
• Resend: Email delivery service (United States)
• Google File Search: AI-powered FAQ search engine (United States)
• Google AI: AI-powered chatbot assistance (United States)
• Google Analytics: Website analytics and usage tracking (United States)
• Payment Processors: Secure payment processing (varies by processor)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other third parties when you explicitly consent to such sharing.

5.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (e.g., authentication, session management)
• Analytics Cookies: Google Analytics tracks usage patterns and performance
• Functional Cookies: Remember your preferences and settings

5.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may impact functionality)
• Clear cookies when you close your browser

Learn more about managing cookies: www.aboutcookies.org

6.1 Active Accounts

We retain your account information and project data for as long as your account is active or as needed to provide you services.

6.2 Canceled Accounts

After you cancel your subscription, we retain your data for 90 days to allow for reactivation. After 90 days, we delete your personal information unless we are required to retain it for legal, tax, or regulatory purposes.

6.3 Legal Obligations

We may retain certain information for up to 7 years to comply with legal obligations, resolve disputes, enforce our agreements, and maintain financial records.

6.4 Aggregated Data

We may retain anonymized and aggregated data indefinitely for analytics and research purposes.

7.1 GDPR Rights (European Union)

If you are located in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing at any time

7.2 CCPA/CPRA Rights (California)

If you are a California resident, you have the right to:

• Know: Request disclosure of personal information collected, used, and shared
• Delete: Request deletion of personal information (subject to exceptions)
• Opt-Out: Opt out of the sale of personal information (we do not sell your data)
• Non-Discrimination: Not be discriminated against for exercising your rights
• Correct: Request correction of inaccurate personal information
• Limit: Limit use of sensitive personal information

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at daasy@daasy.app. We will respond to your request within 30 days.

We may request verification of your identity before processing your request to protect your privacy and security.

8.1 Technical Safeguards

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and password hashing
• Regular security audits and penetration testing
• Access controls and least-privilege principles
• Automated backup and disaster recovery systems

8.2 Organizational Safeguards

• Limited employee access to personal information on a need-to-know basis
• Confidentiality agreements with employees and contractors
• Regular security training and awareness programs
• Incident response and breach notification procedures

8.3 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by applicable laws.

9.1 Data Transfer Mechanisms

For EU/EEA users, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Compliance with EU-U.S. Data Privacy Framework principles where applicable
• Agreements with service providers that meet GDPR requirements

9.2 Service Provider Locations

Our primary service providers are located in:

• United States: Vercel (hosting), Neon (database), Resend (email), Google (AI search and analytics)

12.1 Notification of Changes

We will notify you of material changes by:

• Email notification to your registered email address
• Prominent notice on our website and Service dashboard
• Updating the "Last Updated" date at the top of this policy

12.2 Your Acceptance

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may request deletion of your data.

12.3 Review Frequency

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information. We conduct annual reviews and update this policy as needed.

13.1 EU Representative (GDPR)

If you are located in the EU/EEA and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.

13.2 Response Time

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate "URGENT - Privacy Request" in your email subject line.