Privacy
Last updated Feb, 9th 2025
Retention of Customer Data
DinMo retains customer data only for as long as necessary to fulfill the purpose of processing, ensuring minimal data storage while maintaining service functionality.
Customer Data Type
Retention Period
Notes
Customer Data
< 8 hours (typically)
We purge customer data as soon as it is successfully written to the destination, except in the cases outlined below.
Temporary Data
< 24 hours (typically)
Some data integration processes require ephemeral storage (e.g., event logs, transformation logs). Data is deleted as soon as possible, though in rare cases, retention may exceed 24 hours.
Customer Access Keys
Duration of service
Customer database credentials and OAuth tokens are stored securely using a key management system with hardware security module (HSM) backing.
Customer Metadata
Duration of service
Configuration details, table/column names, and sync settings are retained to power the DinMo platform.
Data Purging Conditions
DinMo automatically purges customer data as soon as it is written to the designated destination. However, in the following cases, data may be retained for up to 30 days before automatic deletion:
Destination Outage: If your marketing destination (CRM, ad platform, or database) is unavailable, we temporarily retain the data to prevent sync failures. Once your system is restored, we complete the sync and delete the data.
Schema Processing for Data Blocking & Hashing: If you configure data blocking or column hashing before an initial sync, we may temporarily store schema metadata until the full schema is fetched and approved.
DinMo Data Residency
DinMo allows customers to choose the cloud platform where the DinMo Sync Service is deployed. Customers can select between Amazon Web Services (AWS) or Google Cloud Platform (GCP) for their data processing, ensuring compliance with regional data protection laws (GDPR, UK DPA, etc.).
Regional Processing Locations
All data processing occurs either within the customer's data warehouse (e.g., Google BigQuery, Snowflake, or other connected sources) or within DinMoβs services deployed on the selected cloud infrastructure.
All DinMo servers are located within the European Union (EU), ensuring full compliance with GDPR and regional data protection laws.
Default Processing Location: If a customer does not explicitly choose a region, data is processed in the European Union (EU) by default.
Cloud Provider Selection
Plan
Choice of Geography
Choice of Cloud Provider
Choice of Cloud Region
Starter / Free / Standard
β (EU only)
β (Google Cloud only)
β
Business
β
β (AWS, GCP)
β
Enterprise
β
β
β
Sub-Processor Management
DinMo works with carefully selected sub-processors to ensure optimal performance and security. These third-party vendors provide infrastructure, authentication, and analytics services.
What is a Sub-Processor?
A sub-processor is a third-party company that processes Personal Data on behalf of DinMo. These entities play a role in enabling our services but must adhere to strict security and privacy obligations.
List of Sub-Processors
Sub-Processor
Purpose
Processing Location
Google Cloud Platform (GCP)
Cloud infrastructure (compute, storage, security)
EEA
Amazon Web Services (AWS)
Cloud infrastructure (compute, storage, security)
EEA
Firebase, Google, Inc.
Authentication & access management
EEA
Datadog, Inc.
System monitoring & security
EEA
AI Sub-Processors (If Applicable)
AI Sub-Processor
Purpose
Processing Location
OpenAI, LLC
Natural language processing & AI automation
Global
DinMo ensures that all sub-processors comply with GDPR and other relevant regulations through Data Processing Agreements (DPAs) and security audits.
Managing Sub-Processor Changes
DinMo notifies customers of any new sub-processors before engagement.
Customers can subscribe to sub-processor change alerts by contacting privacy@dinmo.com.
PII Data Management & Compliance Mechanisms
This section explains the mechanisms DinMo implements to ensure compliance with applicable data protection regulations related to transferring personally identifiable information (PII) across various platforms. It clearly outlines the responsibilities of both DinMo (Processor) and Customer (Controller).
1. Categories of Platforms and Responsibilities
DinMo processes data transfers across two distinct categories of platforms, each with specific compliance mechanisms:
Internal Platforms (e.g., CRM, Support Tools): These platforms are typically managed directly by the Customer and already store PII. DinMo assumes these internal platforms are compliant with applicable data protection laws, including GDPR.
Customer Responsibility:
Ensure that internal platforms receiving the data transfers are compliant with relevant privacy regulations.
Filter and validate data based on explicit consent provided by data subjects and applicable laws.
DinMo Responsibility:
Secure the transfer to ensure data integrity and confidentiality.
Ensure timely updates and synchronization of consent data based on customer-provided information.
External Third-Party Platforms (e.g., Advertising Platforms & DSPs such as Meta Ads, Google Ads, The Trade Desk):
DinMo facilitates secure data transfers of personally identifiable information (PII) to external marketing and advertising platforms such as Meta Ads, Google Ads, and The Trade Desk. Below is a clear delineation of compliance responsibilities between DinMo and the Customer:
Customer Responsibility:
Obtain and manage explicit consent from data subjects, ensuring a lawful basis to share PII with external platforms.
Verify and ensure compliance of third-party platforms receiving the PII with applicable data protection regulations and Customer-specific privacy requirements.
DinMo Responsibility:
Ensure that data transferred to third-party platforms meets data format and security requirements compliant with applicable laws, including GDPR.
Maintain secure data transfer processes, applying technical measures outlined in subsequent sections to prevent unauthorized disclosure or use of PII.
2. Technical Compliance Mechanisms for Third-Party Platforms
To support compliant and secure data transfers, DinMo employs specific technical safeguards for PII transfers to third-party platforms:
Automatic Hashing of Personal Data: DinMo automatically detects any non-hashed personal data fields (e.g., emails, phone numbers) and applies industry-standard hashing algorithms during data transit, ensuring that no unencrypted PII reaches third-party destinations.
General Data Storage & Processing Policy
DinMo does not store or retain PII beyond the transient processing required to ensure compliance (e.g., hashing, anonymization, data formatting).
All PII handling occurs exclusively during secure data transfers, with no persistent storage of personal data within DinMoβs servers or systems.
Your Data, Your Control
DinMo provides complete transparency and control over your data. Customers can:
Choose data residency options (EU, UK, US, etc.).
Request data deletion at any time.
Access security reports on demand.
For further details on data privacy, security, or compliance, reach out to privacy@dinmo.com.
Contact Information
If you have questions about data retention, residency, or sub-processors, you can contact us at:
π§ Email: privacy@dinmo.com π‘οΈ Data Protection Officer (DPO): Alexandra Augusti, alexandra@dinmo.com
Last updated