Privacy Policy

1. Introduction

DhyanaTech Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use DhyanaPM ("the Service").

This policy applies to users worldwide and addresses requirements under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Data Controller

For the purposes of GDPR, the data controller is:

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Profile Information: Optional profile details like display name and avatar
• Project Data: Tasks, projects, schedules, and other content you create using the Service
• Payment Information: Billing details processed securely through our payment provider (Stripe)
• Communications: Messages you send to us for support or feedback

3.2 Information Collected Automatically

• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, features used, and interaction patterns
• Log Data: IP address, access times, and referring URLs
• Cookies: Essential cookies for authentication and session management (see our Cookie Policy)

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the Service you requested
• Legitimate Interests: To improve and secure our Service
• Consent: Where you have given explicit consent
• Legal Obligation: To comply with applicable laws

5. How We Use Your Information

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send technical notices, updates, and security alerts
• Respond to your comments, questions, and support requests
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Account Data: Retained while your account is active, plus 30 days after deletion request
• Project Data: Retained while your account is active; exportable upon request
• Log Data: Retained for up to 90 days for security purposes
• Payment Records: Retained as required by tax and accounting laws (typically 7 years)

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at hello@dhyanatech.com. We will respond within 30 days.

8. Your Rights (CCPA - California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Categories of Personal Information Collected

• Identifiers (name, email, IP address)
• Commercial information (subscription and payment history)
• Internet activity (usage data, log data)
• Professional information (project and task data you create)

Your CCPA Rights

• Right to Know: Request disclosure of personal information collected, used, or disclosed
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

9. Third-Party Services

We use the following third-party services to operate the Service:

• Supabase: Database and authentication services (USA)
• Cloudflare: Security and bot protection services (USA)
• Stripe: Payment processing (USA)
• Vercel: Hosting and deployment (USA)

These providers are contractually bound to protect your data and process it only on our behalf.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with all service providers
• Technical security measures (encryption in transit and at rest)

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing
• Regular security assessments and updates
• Access controls and employee training
• Bot protection via Cloudflare Turnstile

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately at hello@dhyanatech.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.