Back to Home

Privacy Policy

Privacy Policy

Last Updated: November 16, 2025

Your privacy matters to us. At Dashzz ("Dashzz," "we," "us," or "our"), we're committed to protecting your personal information and handling it responsibly. This policy explains what data we collect, why we collect it, how we use it, and your rights.

Got questions? Reach out to us anytime at support@dashzz.com or privacy@dashzz.com.

Who We Are

We're WAYRONE ENTERPRISES5 SRL, a Romanian company dedicated to creating the best possible productivity and habit-tracking tool to help you organize your life. We're responsible for keeping your personal data secure and ensuring it's processed in line with data protection laws.

We work with trusted third-party providers (like payment processors and AI services) to help us deliver Dashzz smoothly. When we share your data with them, we make sure they handle it with the same care and legal compliance we do.

What Data We Collect (Notice at Collection)

We only collect what's necessary to provide and improve our services. California residents: This section constitutes our CCPA "Notice at Collection" explaining what personal information we collect and how we use it.

Information You Provide

  • Email address - To create your account and communicate with you
  • Username - To identify you in the app
  • Password - Encrypted and secure (we never see your actual password)
  • Year of birth - To verify you meet the minimum age requirement (13 years old)
  • Timezone - So your habits and tasks reset at the right time for you
  • Profile preferences - Avatar, theme colors, backgrounds, language settings
  • Content you create - Dashboards, habits, widgets (notes, tasks, calendars, etc.), tracking data
  • Payment information - We work with third-party payment processors (Paddle) to handle your payments. We do not store your full payment details, and all payment transactions are handled securely by our payment partner.

Automatically Collected Data

When you use our app or website, we may automatically collect:

  • Device information - Device type, operating system, browser version
  • IP address - For security and fraud prevention
  • Usage data - How you interact with the app (features used, session duration)
  • Login timestamps - To keep your account secure
  • Technical data - If the app crashes, we collect error details to fix issues. This data isn't linked to you personally.

AI Conversation Data (Optional)

If you use our AI features (Dashee, Flowee, Guidee, Archee), we collect and send to Google Gemini:

  • Your AI messages - What you type in the chat
  • Dashboard context - To provide personalized productivity advice:
    • Dashboard names, descriptions, and emojis
    • For habit dashboards: Task widget only (task names, task notes, completion status, progress)
    • For goal dashboards: Widget names, descriptions, recent tracking data (last 5 data points), and statistics
  • Previous conversation messages - Up to the last 15 messages for context

This data is sent to Google Gemini (our AI provider) to generate personalized responses. We don't send your email, password, payment info, IP address, or full historical data to Google. You can delete AI conversations anytime.

Is Providing Data Required?

  • Required: Email, username, and year of birth are required to create an account and use Dashzz services. Without this information, we cannot provide the service (year of birth is required for age verification compliance).
  • Optional: Payment information (only if upgrading to paid plan), AI features, profile customization, Google sign-in.

Why We Collect Your Data

We collect your data to:

  • Provide Dashzz services - Create your account, save your data, display your dashboards
  • Manage subscriptions and payments - Process upgrades, handle billing
  • Improve our service - Understand how users interact with features, fix bugs, develop new functionality
  • Keep your account secure - Detect suspicious activity, prevent fraud, protect against attacks
  • Communicate with you - Password resets, payment issues, important security alerts, major feature updates

We'll never use your data for unrelated purposes without your consent. We do not send marketing emails or spam.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Account creation, service delivery, saving your dashboards and habits, subscription management
  • Consent: AI features (optional - you choose to use Dashee, Flowee, etc.), Google sign-in (optional)
  • Legitimate Interest: Security, fraud prevention, error monitoring, service improvement
  • Legal Obligation: Retaining financial records for tax compliance

You can withdraw consent for AI features by contacting support@dashzz.com with "Withdraw AI Consent" in the subject line.

Data Sharing

We do not sell your personal data. However, we may share your data with trusted third-party providers who help us deliver and improve Dashzz. These providers process your data on our behalf and are required to comply with data protection laws and keep your data safe.

Payment Processing and Merchant of Record

Paddle.com Market Limited acts as our Merchant of Record for all subscription payments.

This means:

  • When you purchase a subscription, you are entering into a contract with Paddle (not directly with Dashzz)
  • Paddle processes your payment information and manages subscription billing
  • Paddle shares necessary transaction data with us (email, name, subscription status) to fulfill your order and provide the Service
  • This data sharing is based on legitimate interest for order fulfillment and does not require additional consent

What Paddle receives:

  • Email address, name, billing address
  • Payment method information (securely encrypted)
  • Subscription tier, billing cycle, transaction amounts
  • IP address (for fraud prevention)

What we receive from Paddle:

  • Your email, name, and customer ID
  • Subscription status (active, canceled, failed payment)
  • Transaction history (for customer support)

Paddle is PCI-DSS Level 1 certified and complies with GDPR. For Paddle's privacy practices, see: https://www.paddle.com/legal/privacy

For Paddle's buyer terms, see: https://www.paddle.com/legal/checkout-buyer-terms

Other Third-Party Providers

We may share data with:

  • Google Cloud Platform - AI chat features (Gemini) and optional Google sign-in
  • Resend - Email delivery for password resets and notifications
  • Sentry - Error tracking and monitoring (personal data is anonymized)

In some cases, your data may be processed outside the EU/EEA (such as in the United States). When this happens, we ensure your data is protected by:

  • Standard Contractual Clauses approved by the European Commission
  • Other equivalent safeguards in compliance with data protection laws

We only share the minimum amount of data necessary with these providers to perform their tasks.

When We Must Share Data

We may disclose your data if legally required:

  • Valid court order or subpoena
  • Government request (we'll notify you if legally allowed)
  • To protect our rights, safety, or investigate Terms of Service violations

How We Keep Your Data Safe

We take security seriously and use industry-standard measures to protect your data from unauthorized access, loss, or misuse. These measures include:

  • Encryption - Passwords encrypted with cryptographic hashing, data encrypted in transit (HTTPS/TLS) and at rest
  • Access controls - Your data is isolated by user ID, restricted access to our systems
  • Session management - Secure authentication tokens, automatic logout after inactivity
  • Rate limiting - Protection against brute force attacks and abuse
  • Regular security updates - Patches, monitoring, and intrusion detection

However, no system is 100% secure, so we encourage users to protect their accounts by keeping login details private and using strong passwords. By using Dashzz, you acknowledge the risks associated with transmitting data online.

Data Breach Notification

If a data breach occurs that may affect your rights, we will:

  • Notify relevant data protection authorities as required by law
  • Notify you directly if there's a high risk to your data
  • Explain what happened, what data was affected, and what steps you should take

How Long We Keep Your Data

We keep your data for as long as you have an active account. Here's what happens to your data:

While your account is active:

  • All your data (dashboards, habits, widgets, etc.) is stored until you delete it
  • AI conversations are auto-deleted after 90 days of inactivity (or when you manually delete them)
  • Session logs are kept for 30 days
  • Failed login attempts are kept for 24 hours

After you delete your account:

  • Your account data is deleted immediately from active systems
  • Backups are purged within 30 days
  • Payment transaction records may be retained for legal and tax compliance (typically 5-10 years depending on jurisdiction, as required by law)
  • Data shared with third parties (Paddle, Google) is deleted per their retention policies

Inactive accounts: If you don't log in for 2 years, we'll email you a reminder. After 30 days, we may delete your account. You can reactivate by logging in before deletion.

Your Rights

You have the right to:

  • Access your data - See what personal data we hold about you
  • Correct your data - Update inaccurate or incomplete information (Settings → Account)
  • Delete your data - Delete your account and all associated data (Settings → Danger Zone → Delete Account)
  • Export your data - Download your data in a standard format (JSON)
  • Restrict processing - Limit how we use your data in certain circumstances
  • Object to processing - Object to data processing based on our legitimate interests
  • Withdraw consent - Contact support@dashzz.com to withdraw consent for optional features like AI
  • Lodge a complaint - File a complaint with your data protection authority if you're unhappy with how we handle your data

How to Exercise Your Rights

Self-service (for some rights):

  • Settings → Account → Update info
  • Settings → Delete Account

Email requests (for data access and export):

  • Send to: support@dashzz.com or privacy@dashzz.com
  • Subject: "Data Export Request" or "Privacy Rights Request"
  • Include: Your email address and which right you're exercising
  • For data export: We'll send you a JSON file with all your data within 30 days

We'll respond to your request within the timeframe required by applicable law (typically within 30 days). We may need to verify your identity before processing certain requests. Exercising your rights is free (except for excessive or repetitive requests).

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights:

  • Right to Know - Request disclosure of personal information we've collected about you in the past 12 months
  • Right to Delete - Request deletion of your personal information (with some exceptions)
  • Right to Opt-Out - We do NOT sell your personal information. You have the right to opt-out if we ever do.
  • Right to Non-Discrimination - We will not discriminate against you for exercising your privacy rights

Categories of Personal Information We Collect:

  • Identifiers (email, username)
  • Personal information (year of birth, timezone)
  • Commercial information (subscription status, payment records via Paddle)
  • Internet activity (usage data, device information, IP address)
  • User-generated content (dashboards, habits, tracking data, AI messages)

Service Providers (Third Parties We Share Data With):

  • Paddle.com Market Limited - Payment processing and billing
  • Google Gemini - AI features (optional, only if you use AI assistants)
  • Google OAuth - Authentication (optional, only if you sign in with Google)
  • Cloudflare, Inc. - Security, DDoS protection, and bot management (essential for service availability)

These service providers are contractually required to use your data only for providing services to us and cannot use it for their own purposes.

We Do Not Sell Your Personal Information. We have not sold personal information in the past 12 months and do not sell personal information.

To Exercise Your Rights: Email support@dashzz.com or privacy@dashzz.com with "CCPA Request" in the subject line. We'll respond within 45 days as required by CCPA.

Children's Privacy

Dashzz is not for children under 13 years of age. We do not knowingly collect personal data from children under 13.

If you're under 13: Please do not create an account or use Dashzz.

Parents: If your child under 13 has created an account, contact us immediately at support@dashzz.com. We'll delete the account and all data promptly, in compliance with applicable laws.

Ages 13-18: We recommend parental guidance. Parents can contact us to request access to or deletion of their teen's data.

Cookies and Tracking

We use cookies and similar technologies to improve your experience, keep you logged in, and ensure security.

Essential Cookies (required for the service):

  • Authentication tokens - Keep you logged in (2 hours to 90 days)
  • Session management - Maintain your session securely
  • Security features - Protect against attacks (CSRF tokens)

We do NOT use:

  • Tracking cookies
  • Advertising cookies
  • Third-party analytics cookies

You can manage cookies through your browser settings, but disabling essential cookies will prevent you from logging in.

For more details, see our Cookie Policy.

AI Data Processing (Google Gemini)

When you use AI features, your messages and limited dashboard context are sent to Google Gemini to generate responses.

What Google receives:

  • Your AI chat messages
  • Dashboard context:
    • Dashboard names, descriptions, and emojis
    • For habit dashboards: Task widget only (task names, task notes, completion status, progress)
    • For goal dashboards: Widget names, descriptions, recent tracking data (last 5 data points), statistics
  • Previous conversation messages (up to 15 messages for context)

What Google does NOT receive:

  • Your email address or password
  • Payment information
  • IP address or device identifiers
  • Full historical tracking data (only recent summary data)

How Google uses this data: According to Google's policy, they process your request, generate responses, and may use data to improve AI models (you can opt-out through Google's settings). Google does not sell your data to third parties.

Your control:

  • Don't use AI features if you prefer not to share data with Google
  • Delete AI conversations anytime (Settings → AI Chat → Clear History)
  • Data is auto-deleted after 90 days of inactivity

Read Google's privacy policy: https://policies.google.com/privacy

Updates to This Privacy Policy

We may update this policy from time to time to reflect changes in our service or legal requirements.

Minor changes (clarifications, typos):

  • We'll update the "Last Updated" date at the top
  • No additional notification

Material changes (affects your rights or how we use data):

  • We'll notify you by email or in-app notification
  • We'll give you at least 30 days' notice before changes take effect
  • Continuing to use Dashzz after an update means you agree to the revised policy

You can always:

  • Request a data export before changes take effect (contact support@dashzz.com)
  • Delete your account if you disagree with changes
  • Contact us with concerns

Contact Us

If you have any questions or concerns about this policy, you can contact us at:

Email:

Postal Address: Dashzz WAYRONE ENTERPRISES5 SRL Str. Pandurilor 185 Sat Closani, Gorj 217329 Romania

Data Protection Authorities:

If we can't resolve your concern, you can contact your local data protection authority:

This Privacy Policy is effective as of November 16, 2025 and applies to all users of Dashzz services worldwide.

Thank you for trusting Dashzz with your productivity journey. We're committed to protecting your privacy and helping you stay organized.