Privacy Policy

1. Information We Collect

We collect the following categories of information:

Account Information

• Email address (required for registration)
• Password (stored as a one-way cryptographic hash — we never store your plain-text password)
• Display name, if provided

Agent Data

• Your claimed @handle, agent name, sector, and template selections
• Agent configuration and system prompt customizations

Conversation Logs

• Messages sent to and received from your AI agent are stored to enable conversation history and to improve service quality.
• Conversations are associated with your account and retained per the data retention policy described in Section 6.

Usage Analytics

• Pages visited and features used within the platform
• API call counts, error rates, and performance metrics
• Device type, browser type, and operating system (anonymized)

Payment Information

• Payment card details are collected and stored exclusively by Stripe, our payment processor. ISG does not store full card numbers or CVV codes.
• We retain a record of transaction amounts, timestamps, and Stripe transaction IDs for billing and dispute resolution.

2. How We Use Your Information

We use the information we collect to:

• Deliver the Service: Operate your agent, process messages, and maintain your account.
• Process payments: Charge transaction fees and provide billing records.
• Improve the platform: Analyze usage patterns to fix bugs, improve performance, and develop new features.
• Send communications: Deliver account confirmations, password resets, billing receipts, and important policy updates. We will not send unsolicited marketing emails without your explicit consent.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: Respond to lawful requests from authorities where required.

3. Data Storage & Security

We take the security of your data seriously and implement industry-standard protections:

• All data is encrypted at rest using AES-256 encryption.
• All data transmitted between your device and our servers is encrypted in transit using TLS 1.2 or higher (HTTPS).
• Passwords are hashed using bcrypt with a per-user salt and are never stored in recoverable form.
• We are working toward SOC 2 Type II compliance and follow security best practices across our infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your account, we will notify you as required by applicable law.

4. Third-Party Services

We use the following trusted third-party services to operate DingDawg. Each has its own privacy policy and data handling practices:

• Stripe — Payment processing. Stripe handles all payment card data. See stripe.com/privacy.
• OpenAI — AI language model processing. Conversation messages are sent to OpenAI's API to generate agent responses. See openai.com/policies/privacy-policy.
• Vercel — Frontend hosting and CDN. See vercel.com/legal/privacy-policy.
• Railway — Backend infrastructure and database hosting. See railway.app/legal/privacy.

We do not sell your personal information to any third party.

5. Cookies & Tracking

We use a minimal set of cookies and local storage to operate the Service:

• Authentication tokens: A secure, HTTP-only session token is used to keep you signed in. This is essential for the Service to function and cannot be disabled.
• Preference storage: Lightweight local storage may be used to remember non-sensitive UI preferences such as your last active view.
• Web analytics: We may collect anonymized analytics about platform usage (page views, feature usage) to improve the product. We do not use third-party advertising trackers.

We do not use cross-site tracking cookies or sell browsing data to advertisers.

6. Data Retention

• We retain your account data and agent data for as long as your account is active.
• Conversation logs are retained for up to 12 months by default. You may request earlier deletion (see Section 7).
• Billing records are retained for a minimum of 7 years as required for financial compliance purposes.
• When you close your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data, subject to our legal retention obligations.
• Data export: Request an export of your account data and conversation history in a machine-readable format.
• Opt out of communications: Unsubscribe from non-essential emails at any time via the link in our emails or by contacting us directly.

To exercise any of these rights, email privacy@dingdawg.com. We will respond within 30 days.

8. Children's Privacy

DingDawg is not intended for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at privacy@dingdawg.com and we will delete the information promptly. This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA).

9. International Users

DingDawg is operated from the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.

European Union users (GDPR): If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local supervisory authority. Our legal basis for processing your data is primarily the performance of the contract between you and ISG (Article 6(1)(b) GDPR).

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us: