Privacy Policy

1. Introduction

dyia ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform ("the Service").

2. Information We Collect

Account Information

When you create an account, we collect:

• Name, email address (via Clerk authentication)
• Profile photo (if provided via social login)
• Payment information (processed and stored by Stripe; we do not store card numbers)

Business Data

Data you enter into the Service:

• Jobs (dates, customer names, revenue, expenses)
• Quotes (customer info, pricing, photos)
• Follow-ups and customer interactions
• Business settings (name, phone, address, tax rate, goals)
• Fixed expenses and price templates

AI Interaction Data

If you use the Dyia AI Assistant, your conversation messages and uploaded files are processed by OpenAI to generate responses. We store conversation history for continuity.

Automatically Collected Data

• Browser type, device information
• IP address (for security and rate limiting)
• Pages visited and features used (usage analytics)
• Cookies for authentication and preferences (theme, session)

3. How We Use Your Information

• Provide the Service: Process jobs, generate quotes, track finances, deliver AI insights.
• Authentication: Verify your identity and manage your account via Clerk.
• Billing: Process payments and manage subscriptions via Stripe.
• Communication: Send transactional emails (welcome, trial reminders, weekly insights, support responses) via Resend.
• Improvement: Analyze aggregated, anonymized usage patterns to improve features.
• Security: Detect and prevent fraud, abuse, and security threats.

4. Third-Party Services

We use the following third-party services to operate:

5. Cookies

We use the following cookies:

• Authentication cookies: Managed by Clerk for session management (essential).
• Theme preference: Stored in localStorage to remember your light/dark mode choice.
• Demo mode: A cookie to enable the demo experience (optional).

We do not use advertising cookies or third-party tracking cookies.

6. Data Retention

• Your data is retained for as long as your account is active.
• If you delete your account, we will delete your personal data within 30 days.
• Some data may be retained in backups for up to 90 days.
• Anonymized, aggregated data may be retained indefinitely for analytics.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Secure authentication via Clerk
• Database access controlled by Row Level Security (RLS) policies
• API route protection with authentication checks
• Webhook signature verification (Svix for Clerk, Stripe signatures)

8. Your Rights

You have the right to:

• Access: Request a copy of your personal data.
• Export: Download your data as CSV from Settings.
• Correction: Update your information in Settings.
• Deletion: Request deletion of your account and data by contacting dyia.io.app@gmail.com.
• Portability: Export and take your data to another service.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected about you.
• Request deletion of your personal information.
• Opt out of the sale of personal information (we do not sell your data).
• Non-discrimination for exercising your privacy rights.

10. Children's Privacy

The Service is not intended for use by individuals under 18. We do not knowingly collect personal information from children under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates when changes were last made.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at: dyia.io.app@gmail.com