dashn.ai
Privacy Policy

PRIVACY POLICY

Dashn.ai

Last updated: March 16, 2026

1. Introduction

This Privacy Policy describes how Dashn.ai collects, uses, stores, shares, and protects your personal data. It applies to all users of the Dashn.ai platform outside of Brazil (Brazilian users are subject to our separate Portuguese-language Privacy Policy governed by the LGPD).

This Policy is designed to comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable U.S. state and federal data protection laws. While Dashn.ai does not actively target users in the European Economic Area, we have included references to the General Data Protection Regulation (GDPR) for transparency purposes.

By using the Platform, you acknowledge that you have read and understood this Policy.

2. Data Controller

The data controller for personal data processed through the Platform is:

Dashn.ai

JOAO VITOR PENNA REIS TECNOLOGIA LTDA

CNPJ (Brazilian Tax ID): 65.704.401/0001-78

Address: Rua Pais Leme, 215, Conj. 1713 - São Paulo, SP, Brasil - CEP 05424-150

Email: support@dashn.ai

As the data controller, Dashn.ai determines the purposes and means of the processing of personal data carried out through the Platform.

3. Personal Data We Collect

3.1. Data You Provide Directly

CategoryDataPurpose
Registration dataFull name, email addressAccount creation and management
User ContentSpreadsheets, tabular data, and dashboard configurationsAI dashboard generation

3.2. Data Collected Automatically

When you use the Platform, we may automatically collect:

  • IP address and approximate geolocation
  • Browser type and operating system
  • Pages visited, session duration, and navigation patterns
  • Device identifiers
  • Access logs
  • Product usage analytics collected through analytics tools (PostHog), including session identification using your user ID and email address to associate events with your account
  • Error monitoring and performance data (Sentry)

4. Legal Basis for Processing

4.1. Territorial Scope Note

Dashn.ai is a Brazilian company incorporated and operating in Brazil. We do not actively direct our services at individuals in the European Economic Area (EEA) or United Kingdom — we do not advertise in European markets, offer pricing in euros, use European country-specific domains, or otherwise target European users.

Based on the European Data Protection Board's Guidelines 3/2018 on the territorial scope of the GDPR (Article 3), we do not believe the GDPR currently applies to our operations. The mere accessibility of our platform from within the EEA and the use of English (the internationally standard language for SaaS products, and the language of our country of incorporation's business environment) do not constitute intentional targeting of EEA users under the EDPB's criteria.

If Dashn.ai expands its operations to actively serve users in the EEA — including through EU-targeted marketing campaigns, EUR-denominated pricing, or contracts with EU-based customers — we will update this Policy to reflect applicable GDPR obligations at that time.

4.2. Under the CCPA/CPRA (California Residents)

We collect the following categories of personal information as defined by the CCPA:

  • Identifiers: name, email address, IP address
  • Professional information: company, role, company size
  • Internet activity: browsing history, interaction data

We do not sell or share your personal information for cross-context behavioral advertising purposes. We do not use sensitive personal information for purposes beyond those specified in CCPA §1798.121.

Global Privacy Control (GPC): We recognize the Global Privacy Control signal as a valid opt-out of the sale or sharing of personal information for California residents, as required by CPRA §1798.135(b). When a GPC signal is detected, we will treat it as a request to opt out of any non-essential data collection.

5. Data Sharing

5.1. AI Service Providers

User Content (spreadsheets and tabular data) is transmitted to third-party large language model (LLM) providers through the OpenRouter service for processing and dashboard generation. These providers act as data processors and are subject to contractual obligations regarding confidentiality and data protection.

5.2. Infrastructure Providers

We use Supabase for data storage. Supabase acts as a data processor and maintains appropriate security measures.

5.3. Payment Processors

To process subscriptions, we share necessary data with our payment processor (Stripe). We do not store complete credit card information.

5.4. Google Integrations

When you connect your Google account to import data from Google Sheets or Google Drive, the Platform accesses data from the spreadsheets you explicitly authorize. Access is limited to files you select.

5.5. Other Circumstances

We may share personal data when:

  • Required by law, court order, or competent authority
  • Necessary to protect the rights, property, or safety of Dashn.ai or third parties
  • In connection with a merger, acquisition, or corporate reorganization, subject to applicable data protection laws

6. International Data Transfers

As Dashn.ai is based in Brazil and uses third-party services (OpenRouter, Supabase), your personal data may be transferred to and processed in countries outside of your country of residence, including countries that may not provide the same level of data protection.

We implement contractual safeguards with all third-party service providers and ensure they maintain adequate security standards for the protection of your personal data. Our data processing agreements require service providers to use your data only as instructed and to maintain appropriate technical and organizational security measures.

7. Data Security

Dashn.ai implements appropriate technical and organizational measures to protect personal data against unauthorized access, destruction, loss, alteration, or any form of improper processing, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Role-based access control (RBAC)
  • Continuous security monitoring and audit logging
  • Internal data access restriction policies

Despite these measures, no system is completely secure. Dashn.ai cannot guarantee absolute data security.

7.5. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, Dashn.ai commits to:

  • Notifying the Brazilian National Data Protection Authority (ANPD) within a reasonable timeframe, as required by the LGPD (Art. 48)
  • Notifying affected individuals without undue delay where the breach is likely to result in relevant risk or damage to them
  • Documenting all breaches, including their effects and the remedial actions taken

If and when Dashn.ai becomes subject to the GDPR, we will additionally comply with the 72-hour supervisory authority notification requirement under GDPR Art. 33.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

  • Account data: retained while the account is active and for 6 months after closure
  • Access logs: retained for 6 months
  • Billing and tax data: retained for the applicable statutory period (up to 5 years)
  • User Content: deleted within 30 days of account deletion request

9. Your Rights

9.1. CCPA/CPRA Rights (California Residents)

Under the CCPA/CPRA, you have the right to:

  • Know: request disclosure of the categories and specific pieces of personal information collected
  • Delete: request deletion of your personal information
  • Correct: request correction of inaccurate personal information
  • Opt-out: opt out of the sale or sharing of personal information (note: we do not sell personal information)
  • Non-discrimination: exercise your rights without facing discriminatory treatment

We will acknowledge your request within 10 business days and respond substantively within 45 calendar days.

9.2. All Users

Regardless of your location, you may request access to, correction of, or deletion of your personal data at any time by contacting us.

9.3. EEA/UK Residents

As described in Section 4.1, Dashn.ai does not currently direct its services at individuals in the European Economic Area or United Kingdom and does not consider the GDPR to apply to its current operations.

If you are located in the EEA or UK and have accessed the Platform, the rights described in Section 9.2 (access, correction, and deletion) apply to you on the same basis as all other users. We will respond to any reasonable privacy request regardless of your location.

We do not make specific representations regarding GDPR rights (such as portability or restriction of processing) at this time, as doing so would create obligations we have not operationally prepared for. If this changes, this Policy will be updated accordingly.

9.4. How to Exercise Your Rights

To exercise any of these rights, please contact us at the email address provided in the Contact section. We may need to verify your identity before processing your request.

10. Cookies and Similar Technologies

The Platform may use cookies and similar technologies for:

  • Essential cookies: necessary for Platform functionality (authentication, security)
  • Performance cookies: for usage analytics and Platform improvement
  • Functionality cookies: to remember your preferences

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

11. Children's Privacy

Dashn.ai is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Privacy Contact

Dashn.ai maintains a dedicated privacy contact for handling data subject requests, responding to inquiries, and addressing concerns about our data processing practices:

Email: support@dashn.ai

We are committed to responding to all requests within the applicable legal timeframes.

13. Changes to This Policy

Dashn.ai may update this Privacy Policy from time to time. Material changes will be communicated at least 30 (thirty) days in advance via notification on the Platform or by email.

Continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

14. Contact

For questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact:

Dashn.ai

Email: support@dashn.ai

Address: Rua Pais Leme, 215, Conj. 1713 - São Paulo, SP, Brasil - CEP 05424-150

© 2026 Dashn.aisupport@dashn.ai