Privacy Policy

dinobyt provides software design and development services, including AI-assisted prototyping and integrations (the "Services"). For the purposes of most customer data, dinobyt is the data controller. For payment processing, we use Paddle as our payment provider and merchant of record. Paddle may act as an independent controller for payment data. Learn more in the Payments with Paddle section.

Contact: privacy@dinobyt.com

• Account & contact data you provide: name, email address, company, role, project details, and communications with us.
• Usage data: pages viewed, links clicked, approximate location (derived from IP), timestamps, and device/browser information. We may use privacy‑friendly analytics.
• Support & demo materials: files or data you choose to share for scoping or support.
• Payment & billing data (via Paddle): name, email, billing address, VAT/tax IDs, transaction amounts, currency, limited payment instrument details (e.g., last 4 digits or card brand), IP address, and fraud‑prevention signals. We do not collect or store full card numbers on our servers.

• Provide and improve the Services (contractual necessity).
• Process orders, invoices, and subscriptions (contractual necessity; legal obligation for tax).
• Security and fraud prevention (legitimate interests; legal obligation).
• Communications such as responding to inquiries and sending important notices (contractual necessity/legitimate interests).
• Marketing with your consent where required; you can opt out at any time.
• Compliance with legal obligations (e.g., bookkeeping, tax, sanctions screening by Paddle).

We use Paddle to securely process payments and manage taxes and compliance. Paddle acts as our merchant of record, meaning your payment is made to Paddle, who then forwards funds to us. When you make a purchase, Paddle collects and processes payment data on its systems and shares limited information with us necessary to fulfill your order.

• Data Paddle processes: contact and billing details, payment instrument data, device/IP for fraud prevention, transaction identifiers, tax/VAT information, and receipts. Paddle may conduct risk checks and comply with legal obligations as an independent controller.
• Data we receive from Paddle: your contact details, purchase details (plan, price, currency), last 4 digits/card brand where applicable, status (paid/refunded/chargeback), country for tax, and receipt/invoice identifiers.
• What we do not receive: full card numbers or full bank account details.
• Subscriptions: For recurring billing, Paddle stores subscription status and renewal dates. We may receive webhook events (e.g., payment succeeded/failed, cancellation) to manage your access.
• Paddle policies: See Paddle’s Privacy Policy and Terms for details. Paddle Privacy • Paddle Buyer Terms

• Service providers: hosting, analytics, email, customer support, and payment processing (Paddle). These providers are bound by contracts to protect your data.
• Legal: to comply with laws, enforce agreements, or protect rights, safety, and security.
• Business transfers: as part of a merger, acquisition, or asset sale, subject to this Policy.
• No selling of personal data: we do not sell or share personal information for cross‑context behavioral advertising. You can still opt out of marketing at any time.

We use essential cookies for site operation and to enable Paddle checkout. We may also use optional analytics cookies to understand product interest. You can control cookies through your browser settings. Blocking essential cookies may affect site functionality or checkout.

• Account/support records: retained for as long as necessary to provide the Services and a reasonable period thereafter (typically 24 months) or as required by law.
• Payment and invoice records: retained as required for bookkeeping and tax (typically 7 years, depending on jurisdiction).
• Marketing preferences: until you opt out or your consent is withdrawn.

We may process and store information in countries other than where you live. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful mechanisms.

We apply reasonable technical and organizational measures to protect personal information, including access controls, encryption in transit, and vulnerability management. No method of transmission or storage is 100% secure.

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing or withdraw consent. To exercise rights, contact privacy@dinobyt.com. If you are in the EEA/UK, you may also lodge a complaint with your supervisory authority.

California/US state privacy laws may provide additional rights, including a right to know, delete, correct, and opt out of certain sharing. We do not sell personal information.

Our Services are not directed to children under 13 (or the minimum age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us to request deletion.

We may update this Policy from time to time. The updated version will be indicated by a revised "Last updated" date and will be effective when posted. If material changes occur, we may provide additional notice.

Questions or requests? Email privacy@dinobyt.com or write to the address provided in your Order or invoice.