Privacy & Security

Your data is safe with us

How Dashello keeps your business data safe, private, and under your control. Operated by Trinitatis Licensing Inc. (doing business as Dashello)

Encrypted in transit
Encrypted at rest
AI optional
Private by default
Last updated: January 01, 2026

Table of Contents

1. How your data is protected 2. Your login & account security 3. Third-party app integrations 4. AI features & your privacy 5. Sharing & public features 6. What information we collect 7. How we use your information 8. Who we share your information with 9. Cookies & tracking technologies 10. How long we keep your data 11. Children's privacy 12. Your privacy rights 13. US state privacy rights 14. International transfers 15. Our infrastructure partners 16. Updates to this policy 17. Contact us

1. How your data is protected

In plain English: Your data is scrambled while traveling to our servers and while sitting in our database — so even if someone tried to intercept it, they'd see nothing useful.

  • Encrypted in transit: Every connection uses HTTPS/TLS — the same standard used by banks. Your data is scrambled the moment it leaves your device.
  • Encrypted at rest: Your data is also encrypted while stored in our database. Physical access to our servers wouldn't expose readable data.
  • Row-level security: Your dashboard data is locked to your account only. No other user — even on the same plan — can see your data.

2. Your login & account security

In plain English: We never store your actual password. You log in securely and get a private session that only you control.

  • Passwords are never stored in plain text. We use industry-standard hashing — your password is converted into a one-way code we can verify but never read.
  • Secure sessions: When you log in, you receive an encrypted session token with an expiry. When you log out, it's invalidated immediately.
  • Social login: If you register via Google, Facebook, or other social platforms, we only receive the profile info you authorize — name, email, and profile picture. We don't control how those platforms handle your data.

3. Third-party app integrations

In plain English: When you connect an app or bank account, Dashello never sees or stores your password for that service. You authorize access through a secure handshake, and you can revoke it anytime.

  • OAuth token-based access: You grant access through the third-party app directly — we receive a limited-use token, not your credentials.
  • Tokens stored in a secure vault: Access tokens are stored in an encrypted secrets vault, never in application code or exposed to the frontend.
  • Revoke anytime: You can disconnect any integration from your settings at any time. Access is immediately removed.
  • Minimal data access: We only request the specific data needed to populate your dashboard — nothing more.
  • Google API: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. AI features & your privacy

In plain English: AI is completely optional. If you don't turn it on, zero data ever goes to any AI system. If you do, you control exactly what it can see.

  • Off by default: No AI feature is active unless you explicitly enable it.
  • Per-metric control: You choose which individual metric blocks the AI can access.
  • Minimal data sent: When AI is enabled, we only send the specific numbers needed — never raw credentials or personal identifiers.
  • AI providers: We use third-party AI services including Google Cloud AI, Anthropic, DALL-E, and Perplexity. Your input and output may be processed by these providers under their respective privacy policies.
  • Disconnect anytime: Turning off AI is instant. No further data is sent to any AI provider.

5. Sharing & public features

In plain English: Nothing in Dashello is public unless you make it public yourself. Sharing is always your decision.

  • Private by default: Every dashboard, metric, and goal is private until you explicitly choose to share it.
  • Team sharing: When you invite team members, you control what they can see and edit. Access is role-based.
  • Public links: If you create a public share link, you will always be clearly notified. You can revoke public access at any time from settings.

6. What information we collect

In plain English: We collect what you give us when you sign up, plus some automatic technical information like your IP address and device type so the app works properly.

  • Account information you provide: Name, email address, phone number, username, password, job title, billing address, and contact preferences.
  • Payment data: Payment processing is handled entirely by Stripe. We never see or store your full card number.
  • Device & usage data: IP address, browser type, device model, operating system, pages visited, and app features used — collected automatically to keep the app running and secure.
  • Location data: Approximate location based on IP address. You can disable precise location in your device settings.
  • Third-party app data: Financial data, health data, and other metrics you choose to connect through integrations — only with your explicit authorization.

7. How we use your information

In plain English: We use your data to run the app, support you, improve the product, and keep things secure. We don't sell it.

  • To create and manage your account
  • To provide and improve the Dashello service
  • To respond to your support requests
  • To send service-related notifications and updates
  • To process payments and manage subscriptions
  • To prevent fraud and protect security
  • To understand how the app is used so we can improve it

We have not sold or shared personal information to third parties for commercial purposes in the past 12 months, and we will not do so in the future.

8. Who we share your information with

In plain English: We only share your data with the services needed to run Dashello. We never sell it.

  • Infrastructure providers: Supabase (database) and Vercel (hosting) — both SOC 2 certified.
  • Payment processing: Stripe handles all payments under their own privacy policy.
  • AI providers: Only when you enable AI features — Google Cloud AI, Anthropic, DALL-E, or Perplexity.
  • Analytics: Google Analytics may collect usage data to help us improve the product.
  • Business transfers: If Dashello is acquired or merged, your data may transfer to the new entity under the same privacy commitments.

9. Cookies & tracking technologies

In plain English: We use cookies to keep you logged in and make the app work. We also use analytics cookies to understand how people use Dashello so we can improve it.

  • Essential cookies: Required for login sessions, security, and basic app functionality. Cannot be disabled.
  • Analytics cookies: Google Analytics tracks usage patterns to help us improve the product. You can opt out via your browser settings or Google's opt-out tool.
  • Managing cookies: Most browsers let you block or delete cookies. Blocking essential cookies may affect app functionality.

10. How long we keep your data

In plain English: We keep your data as long as you have an account. When you delete your account, we delete your data — except where the law requires us to keep certain records.

  • Your data is retained for as long as your account is active.
  • When you close your account, we will delete or anonymize your personal information within a reasonable period.
  • Some information may be retained in backup archives or to comply with legal obligations, fraud prevention, or dispute resolution.

11. Children's privacy

In plain English: Dashello is for adults and business professionals. We do not knowingly collect data from anyone under 18.

  • We do not knowingly collect data from or market to children under 18 years of age.
  • If you believe we have collected data from a minor, please contact us and we will delete it promptly.

12. Your privacy rights

In plain English: Depending on where you live, you have the right to see, correct, download, or delete your data. You can always contact us to exercise these rights.

  • Right to know — see what data we hold about you
  • Right to correct — fix inaccurate data
  • Right to delete — request removal of your data
  • Right to portability — receive a copy of your data
  • Right to opt out — of targeted advertising or profiling
  • Withdraw consent — unsubscribe or revoke AI access anytime

To exercise any right, email us or submit a data subject access request.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

13. US state privacy rights

In plain English: If you live in California, Texas, Colorado, Virginia, or many other US states, you have additional rights under state law — including the right to know, correct, delete, and opt out of data sales.

Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have specific rights under their state's privacy laws. These include the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of its use for targeted advertising.

To exercise these rights, email us or submit a data subject access request. If your request is denied, you may appeal by emailing us. If the appeal is denied, you may contact your state attorney general.

14. International data transfers

In plain English: Our servers are in the United States. If you're in the EU, UK, or elsewhere, your data may be transferred here. We follow applicable laws to protect it regardless of location.

  • Our servers are located in the United States.
  • If you are in the EEA, UK, Switzerland, Australia, or New Zealand, we take all necessary measures to protect your information in accordance with applicable data protection law.

15. Our infrastructure partners

In plain English: We build on top of trusted, enterprise-grade platforms so you get bank-level infrastructure.

  • Supabase — database platform. SOC 2 Type II certified, with built-in encryption and row-level security.
  • Vercel — hosting platform. SOC 2 certified, with automatic HTTPS and global edge security.
  • Stripe — payment processing. PCI-DSS compliant.

16. Updates to this policy

We may update this Privacy Notice from time to time. The updated version will be indicated by a revised date at the top of this page. If we make material changes, we will notify you by email or by posting a prominent notice in the app. We encourage you to review this policy periodically.

Questions about your privacy or security that aren't answered here? We're happy to talk before you commit to anything.

17. Contact us

Trinitatis Licensing Inc. (doing business as Dashello)

Email: contact@dashello.co