Privacy

Last updated Feb, 9th 2025

Retention of Customer Data

DinMo retains customer data only for as long as necessary to fulfill the purpose of processing, ensuring minimal data storage while maintaining service functionality.

Customer Data Type

Retention Period

Notes

Customer Data

< 8 hours (typically)

We purge customer data as soon as it is successfully written to the destination, except in the cases outlined below.

Temporary Data

< 24 hours (typically)

Some data integration processes require ephemeral storage (e.g., event logs, transformation logs). Data is deleted as soon as possible, though in rare cases, retention may exceed 24 hours.

Customer Access Keys

Duration of service

Customer database credentials and OAuth tokens are stored securely using a key management system with hardware security module (HSM) backing.

Customer Metadata

Duration of service

Configuration details, table/column names, and sync settings are retained to power the DinMo platform.

Data Purging Conditions

DinMo automatically purges customer data as soon as it is written to the designated destination. However, in the following cases, data may be retained for up to 30 days before automatic deletion:

Destination Outage: If your marketing destination (CRM, ad platform, or database) is unavailable, we temporarily retain the data to prevent sync failures. Once your system is restored, we complete the sync and delete the data.
Schema Processing for Data Blocking & Hashing: If you configure data blocking or column hashing before an initial sync, we may temporarily store schema metadata until the full schema is fetched and approved.

DinMo Data Residency

DinMo allows customers to choose the cloud platform where the DinMo Sync Service is deployed. Customers can select between Amazon Web Services (AWS) or Google Cloud Platform (GCP) for their data processing, ensuring compliance with regional data protection laws (GDPR, UK DPA, etc.).

Regional Processing Locations

All data processing occurs either within the customer's data warehouse (e.g., Google BigQuery, Snowflake, or other connected sources) or within DinMo’s services deployed on the selected cloud infrastructure.

All DinMo servers are located within the European Union (EU), ensuring full compliance with GDPR and regional data protection laws.

Default Processing Location: If a customer does not explicitly choose a region, data is processed in the European Union (EU) by default.

Cloud Provider Selection

Plan

Choice of Geography

Choice of Cloud Provider

Choice of Cloud Region

Starter / Free / Standard

❌ (EU only)

❌ (Google Cloud only)

❌

Business

✅

✅ (AWS, GCP)

❌

Enterprise

✅

Sub-Processor Management

DinMo works with carefully selected sub-processors to ensure optimal performance and security. These third-party vendors provide infrastructure, authentication, and analytics services.

What is a Sub-Processor?

A sub-processor is a third-party company that processes Personal Data on behalf of DinMo. These entities play a role in enabling our services but must adhere to strict security and privacy obligations.

List of Sub-Processors

Sub-Processor

Purpose

Processing Location

Google Cloud Platform (GCP)

Cloud infrastructure (compute, storage, security)

EEA

Amazon Web Services (AWS)

Cloud infrastructure (compute, storage, security)

EEA

Firebase, Google, Inc.

Authentication & access management (Google login only)

USA

Datadog, Inc.

System monitoring & security

USA

AI Sub-Processors (If Applicable)

AI Sub-Processor

Purpose

Processing Location

OpenAI, LLC

Natural language processing & AI automation

Global

DinMo ensures that all sub-processors comply with GDPR and other relevant regulations through Data Processing Agreements (DPAs) and security audits.

Managing Sub-Processor Changes

DinMo notifies customers of any new sub-processors before engagement.
Customers can subscribe to sub-processor change alerts by contacting privacy@dinmo.com.

PII Data Management & Compliance Mechanisms

This section explains the mechanisms DinMo implements to ensure compliance with applicable data protection regulations related to transferring personally identifiable information (PII) across various platforms. It clearly outlines the responsibilities of both DinMo (Processor) and Customer (Controller).

1. Categories of Platforms and Responsibilities

DinMo processes data transfers across two distinct categories of platforms, each with specific compliance mechanisms:

Internal Platforms (e.g., CRM, Support Tools): These platforms are typically managed directly by the Customer and already store PII. DinMo assumes these internal platforms are compliant with applicable data protection laws, including GDPR.
- Customer Responsibility:
  - Ensure that internal platforms receiving the data transfers are compliant with relevant privacy regulations.
  - Filter and validate data based on explicit consent provided by data subjects and applicable laws.
- DinMo Responsibility:
  - Secure the transfer to ensure data integrity and confidentiality.
  - Ensure timely updates and synchronization of consent data based on customer-provided information.
External Third-Party Platforms (e.g., Advertising Platforms & DSPs such as Meta Ads, Google Ads, The Trade Desk):
DinMo facilitates secure data transfers of personally identifiable information (PII) to external marketing and advertising platforms such as Meta Ads, Google Ads, and The Trade Desk. Below is a clear delineation of compliance responsibilities between DinMo and the Customer:
- Customer Responsibility:
  - Obtain and manage explicit consent from data subjects, ensuring a lawful basis to share PII with external platforms.
  - Verify and ensure compliance of third-party platforms receiving the PII with applicable data protection regulations and Customer-specific privacy requirements.
- DinMo Responsibility:
  - Ensure that data transferred to third-party platforms meets data format and security requirements compliant with applicable laws, including GDPR.
  - Maintain secure data transfer processes, applying technical measures outlined in subsequent sections to prevent unauthorized disclosure or use of PII.

2. Technical Compliance Mechanisms for Third-Party Platforms

To support compliant and secure data transfers, DinMo employs specific technical safeguards for PII transfers to third-party platforms:

Automatic Hashing of Personal Data: DinMo automatically detects any non-hashed personal data fields (e.g., emails, phone numbers) and applies industry-standard hashing algorithms during data transit, ensuring that no unencrypted PII reaches third-party destinations.
General Data Storage & Processing Policy
- DinMo does not store or retain PII beyond the transient processing required to ensure compliance (e.g., hashing, anonymization, data formatting).
- All PII handling occurs exclusively during secure data transfers, with no persistent storage of personal data within DinMo’s servers or systems.

Your Data, Your Control

DinMo provides complete transparency and control over your data. Customers can:

Choose data residency options (EU, UK, US, etc.).
Request data deletion at any time.
Access security reports on demand.

For further details on data privacy, security, or compliance, reach out to privacy@dinmo.com.

Contact Information

If you have questions about data retention, residency, or sub-processors, you can contact us at:

📧 Email: privacy@dinmo.com 🛡️ Data Protection Officer (DPO): Alexandra Augusti, alexandra@dinmo.com

PreviousNetworking NextData Processing

Last updated 1 month ago

Privacy

Last updated Feb, 9th 2025

Retention of Customer Data

DinMo retains customer data only for as long as necessary to fulfill the purpose of processing, ensuring minimal data storage while maintaining service functionality.

Customer Data Type

Retention Period

Notes

Customer Data

< 8 hours (typically)

We purge customer data as soon as it is successfully written to the destination, except in the cases outlined below.

Temporary Data

< 24 hours (typically)

Some data integration processes require ephemeral storage (e.g., event logs, transformation logs). Data is deleted as soon as possible, though in rare cases, retention may exceed 24 hours.

Customer Access Keys

Duration of service

Customer database credentials and OAuth tokens are stored securely using a key management system with hardware security module (HSM) backing.

Customer Metadata

Duration of service

Configuration details, table/column names, and sync settings are retained to power the DinMo platform.

Data Purging Conditions

DinMo automatically purges customer data as soon as it is written to the designated destination. However, in the following cases, data may be retained for up to 30 days before automatic deletion:

Destination Outage: If your marketing destination (CRM, ad platform, or database) is unavailable, we temporarily retain the data to prevent sync failures. Once your system is restored, we complete the sync and delete the data.
Schema Processing for Data Blocking & Hashing: If you configure data blocking or column hashing before an initial sync, we may temporarily store schema metadata until the full schema is fetched and approved.

DinMo Data Residency

Regional Processing Locations

All DinMo servers are located within the European Union (EU), ensuring full compliance with GDPR and regional data protection laws.

Default Processing Location: If a customer does not explicitly choose a region, data is processed in the European Union (EU) by default.

Cloud Provider Selection

Plan

Choice of Geography

Choice of Cloud Provider

Choice of Cloud Region

Starter / Free / Standard

❌ (EU only)

❌ (Google Cloud only)

❌

Business

✅

✅ (AWS, GCP)

❌

Enterprise

✅

Sub-Processor Management

DinMo works with carefully selected sub-processors to ensure optimal performance and security. These third-party vendors provide infrastructure, authentication, and analytics services.

What is a Sub-Processor?

List of Sub-Processors

Sub-Processor

Purpose

Processing Location

Google Cloud Platform (GCP)

Cloud infrastructure (compute, storage, security)

EEA

Amazon Web Services (AWS)

Cloud infrastructure (compute, storage, security)

EEA

Firebase, Google, Inc.

Authentication & access management (Google login only)

USA

Datadog, Inc.

System monitoring & security

USA

AI Sub-Processors (If Applicable)

AI Sub-Processor

Purpose

Processing Location

OpenAI, LLC

Natural language processing & AI automation

Global

DinMo ensures that all sub-processors comply with GDPR and other relevant regulations through Data Processing Agreements (DPAs) and security audits.

Managing Sub-Processor Changes

DinMo notifies customers of any new sub-processors before engagement.
Customers can subscribe to sub-processor change alerts by contacting privacy@dinmo.com.

PII Data Management & Compliance Mechanisms

1. Categories of Platforms and Responsibilities

DinMo processes data transfers across two distinct categories of platforms, each with specific compliance mechanisms:

Internal Platforms (e.g., CRM, Support Tools): These platforms are typically managed directly by the Customer and already store PII. DinMo assumes these internal platforms are compliant with applicable data protection laws, including GDPR.
- Customer Responsibility:
  - Ensure that internal platforms receiving the data transfers are compliant with relevant privacy regulations.
  - Filter and validate data based on explicit consent provided by data subjects and applicable laws.
- DinMo Responsibility:
  - Secure the transfer to ensure data integrity and confidentiality.
  - Ensure timely updates and synchronization of consent data based on customer-provided information.
External Third-Party Platforms (e.g., Advertising Platforms & DSPs such as Meta Ads, Google Ads, The Trade Desk):
DinMo facilitates secure data transfers of personally identifiable information (PII) to external marketing and advertising platforms such as Meta Ads, Google Ads, and The Trade Desk. Below is a clear delineation of compliance responsibilities between DinMo and the Customer:
- Customer Responsibility:
  - Obtain and manage explicit consent from data subjects, ensuring a lawful basis to share PII with external platforms.
  - Verify and ensure compliance of third-party platforms receiving the PII with applicable data protection regulations and Customer-specific privacy requirements.
- DinMo Responsibility:
  - Ensure that data transferred to third-party platforms meets data format and security requirements compliant with applicable laws, including GDPR.
  - Maintain secure data transfer processes, applying technical measures outlined in subsequent sections to prevent unauthorized disclosure or use of PII.

2. Technical Compliance Mechanisms for Third-Party Platforms

To support compliant and secure data transfers, DinMo employs specific technical safeguards for PII transfers to third-party platforms:

Automatic Hashing of Personal Data: DinMo automatically detects any non-hashed personal data fields (e.g., emails, phone numbers) and applies industry-standard hashing algorithms during data transit, ensuring that no unencrypted PII reaches third-party destinations.
General Data Storage & Processing Policy
- DinMo does not store or retain PII beyond the transient processing required to ensure compliance (e.g., hashing, anonymization, data formatting).
- All PII handling occurs exclusively during secure data transfers, with no persistent storage of personal data within DinMo’s servers or systems.

Your Data, Your Control

DinMo provides complete transparency and control over your data. Customers can:

Choose data residency options (EU, UK, US, etc.).
Request data deletion at any time.
Access security reports on demand.

For further details on data privacy, security, or compliance, reach out to privacy@dinmo.com.

Contact Information

If you have questions about data retention, residency, or sub-processors, you can contact us at:

📧 Email: privacy@dinmo.com 🛡️ Data Protection Officer (DPO): Alexandra Augusti, alexandra@dinmo.com

PreviousNetworking NextData Processing

Last updated 1 month ago