Dash0 Privacy Policy

1. General Information regarding Data Processing

At Dash0, we prioritize the privacy and protection of your personal data. This Privacy Policy outlines how we collect, process, and safeguard your information in compliance with global data protection laws. Our goal is to provide you with clear and accessible information about how your data is handled, ensuring your rights and privacy are respected across all regions where we operate.

“Data Protection Laws” should be understood as a conglomerate of global regulatory frameworks governing the collection, processing, and protection of personal data, including the GDPR, UK GDPR, Swiss GDPR, CCPA, and Canadian privacy laws, in the context of this Privacy Policy.

As the data controller, we are committed to being transparent about how we process your personal data. Transparency means providing you with clear, concise, and easy-to-understand details about the types of data we collect, the purposes for which we use it, and how long we retain it. We want you to feel informed and empowered when it comes to your personal data, which is why we explain your rights and how you can exercise them, such as accessing, correcting, or deleting your information. Our practices are designed to give you confidence that your data is processed fairly, lawfully, and with your consent where required.

1.1 Dash0 Inc. as Data Controller and Data Protection Contact

The responsible controller for the processing of personal data on this website and our platform within the meaning of the Data Protection Laws is:

Dash0 Inc ("we/us" or "Dash0 Inc."), 447 Broadway, 2nd Floor, Suite 1929, New York, NY 10013, USA

For any data protection inquiries or requests that may arise, you can always contact us at hi@dash0.com.

1.2 Localized Data Protection Concerns

If you are based in the European Union (EU)

We adhere to the principles and obligations set forth by the General Data Protection Regulation (GDPR), UK GDPR, Swiss GDPR, California Consumer Privacy Act (CCPA), and other Data Protection Laws. This ensures that your personal data is processed lawfully, fairly, and transparently, and that your rights to access, correct, delete, or transfer your data are respected, irrespective of your location. We implement strict safeguards, including Standard Contractual Clauses (SCCs) where applicable, to ensure any data transfers outside of the EU meet GDPR standards.

If you are based in the United Kingdom (UK)

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act. Your personal information will be processed with the same high standards of care and security that apply under EU GDPR, ensuring your rights to access, rectify, or restrict the processing of your data. When transferring data outside the UK, appropriate safeguards such as SCCs are used to ensure your privacy is maintained.

If you are based in Switzerland

We follow the requirements of the Swiss Federal Act on Data Protection (Swiss GDPR) to ensure your personal information is handled responsibly. Your rights to access, rectify, and delete your data are protected, and we maintain strict measures to safeguard your personal information, particularly in cross-border data transfers, using appropriate mechanisms such as SCCs.

If you are based in the United States (California)

For residents of California, we comply with the California Consumer Privacy Act (CCPA), which provides you with rights regarding your personal data, including the right to know, delete, and opt-out of the sale of your information. We do not sell personal data, and we provide transparency about how your data is collected and used. If you are a California resident, you can exercise these rights by contacting us directly.

If you are based in Canada

We adhere to the requirements of Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), which grants you rights to access, correct, and control your personal data. If your personal data is transferred outside of Canada, we ensure it is protected by contractual measures or other lawful mechanisms that meet Canadian data protection standards.

Global Commitment

No matter where you are located, we are dedicated to safeguarding your personal data through comprehensive security measures and transparent data processing practices. This privacy policy provides an overview of how we comply with regional data protection laws while prioritizing your privacy across all our services.

1.3 Your Rights

In accordance with Data Protection Laws, you as the data subject have the following rights:

The right to access
The right to rectification or erasure
The right to restriction of processing
The right to data portability
The right to withdraw consent at any time, with effect for future processing
The right to object to the processing of your data, particularly for direct marketing or when the processing is based on legitimate interests, subject to reasons specific to your situation

In accordance with the California Consumer Privacy Act (CCPA), California residents also have the following additional rights:

The right to know what personal information is collected about you, including the categories of personal information, sources, and purposes of processing
The right to request the deletion of your personal information, subject to certain exceptions
The right to opt-out of the sale of your personal information (Note: Dash0 does not sell personal information)
The right to non-discrimination for exercising your CCPA rights

To exercise any of the above rights, you can contact us at any time, such as by sending an email to hi@dash0.com.

If you are located in the EU/EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

For California residents wishing to exercise their CCPA rights, you can also submit a verifiable request by contacting us at the same email address.

1.4 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

1.5 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures for our app services which you can read about in our Data Security Policy. Dash0 leverages Amazon Web Services (AWS) for cloud infrastructure, which is certified with industry-leading standards such as ISO 27001, ISO 27017, and ISO 27018, ensuring robust security controls. Furthermore, the Dash0 holds SOC II certification, demonstrating adherence to strict security, confidentiality, and integrity principles.

1.6 Transmission to service providers

We engage third-party service providers to assist in delivering our services. These service providers operate strictly in accordance with our instructions and are contractually required to adhere to applicable data protection regulations. Unless otherwise specified, service providers may be engaged for the following purposes:

Fulfilling our contractual obligations.
Maintaining IT systems and providing related technical services.
Managing customer service inquiries and handling requests.
Monitoring and improving website performance.

For further details, please refer to our list of service providers.

1.7 Data Processing by Third Parties / Data Processing outside the EU

As a US-based company, we may engage third-party service providers to process your data for the purposes outlined in this privacy policy. These providers may operate within the US or other regions. For customers based in the EU, UK, Switzerland, or Canada, we ensure that appropriate data transfer mechanisms are in place to comply with the respective data protection laws. These mechanisms include, where applicable, Standard Contractual Clauses (SCCs), certifications under the Data Privacy Framework (DPF), or other legally required safeguards.

Moreover, for our EU based customers, we operate a separate AWS locally hosted service within the EU to ensure the security of your data to local standards.

For more information, please refer to our overview of processing activities below.

1.8 Profiling and automated decision making

For US based customers, when you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout

We do not use automated decision-making including profiling when processing data concerning our website or app for other geographic regions.

2. Dash0 Website

Our website offers different areas with different functionalities for the visitor, which are described in more detail below.

2.1 Server Logs / Web Server Security

Data Processed: Website name, visit date and time, data amount transferred, information on successful connections, browser type and version, user’s operating system, referrer URL, IP address, requesting provider, country code, language, device name, and operating system (if using a mobile device).

Purpose: To ensure a secure and functional connection, usability, and functionality of the website. IP addresses are also processed to detect and prevent malicious activities.

Legal Basis: Legitimate interest in quality assurance, website security, and stability, in accordance with Data Protection Laws.

Recipients: The recipient of the data is a technical service provider located in the United States who is responsible for the operation (hosting) and maintenance of our website. As a processor under a data processing agreement, the service provider is obliged to process the data only within the scope of our instructions.

Deletion: Server log files are stored for no more than 6 months before deletion.

Data Processed: Email address, first and last name, IP address, device name, mail provider, date of registration, newsletter consumption data.

Purpose: To send newsletters informing users about services and products and to analyze how users engage with the newsletter.

Legal Basis: Consent, in accordance with Data Protection Laws.

Recipients: Service providers in the EU and the United States, acting as processors under service contracts and bound to follow instructions from the controller.

Deletion: Data will be processed until consent is revoked.

Revocation of Consent: Users can unsubscribe via the "unsubscribe" link in each newsletter or by emailing hi@dash0.com.

Data Processed: Name, email address, and any additional information provided during communication.

Purpose: To respond to inquiries and follow up on questions submitted via email or the social media chat function.

Legal Basis: Legitimate interest in offering efficient communication channels or based on initiating or continuing a business relationship, in accordance with Data Protection Laws.

Recipients: A service provider in the United States, acting as a processor under a data processing agreement and bound to process data based on the controller's instructions.

Deletion: The data will be deleted when it is no longer needed to answer the request.

2.4 Analytics

Data Processed: Website activity data, including IP addresses when transmitted via analytical cookies.

Purpose: To understand how users interact with our website, improve functionality, and enhance user experience.

Legal Basis: Legitimate interest in improving website performance and functionality, in accordance with applicable data protection laws.

Recipients: Plausible does not perform any cross platform tracking and does not share data with third parties. It is an EU-based service provider.

Deletion: After 24 hours, the data is anonymized.

3. Dash0 Platform

The Dash0 Platform is distributed exclusively to companies. The majority of data processing therefore takes place as a processor for companies and on their instructions. These processing operations on behalf of companies are governed by the data processing agreement between Dash0 and its customers as data controllers, who in turn are obliged to inform data subjects about the data processing.

However, the following processing activities are carried out by Dash0 as controller.

3.1 Subscription

Dash0’s platform involves subscription-based services, where personal data (such as name, email, and payment details) is collected for account creation and service access. This data would typically be processed for maintaining the user's subscription, managing billing, and ensuring service continuity.

Data Processed: Name, email, payment info, subscription details.

Purpose: To provide access to platform services, maintain subscriptions, and send notifications related to the subscription status.

Legal Basis: Legitimate interest and contract performance.

Recipients: The recipient of the data is a cloud service provider who operates high-security data centers. As a processor, the service provider is obliged to process the data only within the scope of our instructions.

Deletion: In accordance with the relevant legislation in place, and for bookkeeping purposes, there is a standard retention period of up to 10 years.

3.2 Admin Account

Users can create an admin account for managing the platform, allowing them to invite members, assign roles, and oversee the organization’s data within the platform. In this context, the user becomes the controller of the data of the members invited, which places Dash0 as processor in relation to the members. For further information, please consult our Data Protection Agreement.

Data Processed: Admin details (name, email), organization information.

Purpose: To grant users access to the platform’s administrative features, manage members, and assign permissions.

Legal Basis: Contract performance and legitimate interest.

Deletion: The personal data will be stored as long as your account exists. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. If necessary, we are obliged to process individual data longer due to legal retention periods (esp. tax obligations).

3.3 Payment

Payment processing will involve third-party payment processors that handle sensitive financial data like credit card details. The platform itself may not store this information directly but will manage billing cycles, invoices, and payment confirmations.

Data Processed: Payment details (bank account, credit card info), billing addresses.

Purpose: To process payments for subscriptions or additional services.

Legal Basis: Contract performance.

Recipients: We pass on your payment data to the commissioned credit institution as part of the payment processing, insofar as this is necessary for the payment processing. Further recipients of the data are payment and invoice service providers such as Stripe, Inc.

Deletion: In accordance with the relevant legislation in place, and for bookkeeping purposes, there is a standard retention period of up to 10 years.

3.4 Support

Dash0 offers a support function where users submit issues or queries through a form. This form collects user information to provide technical support or answer questions.

Data Processed: Email, subject, description of the issue.

Purpose: To respond to customer queries, provide technical support, and track issues.

Legal Basis: Consent (for queries) and legitimate interest (for issue resolution).

Recipients: A service provider in the United States, acting as a processor under a data processing agreement and bound to process data based on the controller's instructions.

Deletion: According to the relevant data protection laws, the data will be deleted after the purpose has ceased to apply if the data is no longer required to process the support request.

3.5 Analytics

The platform conducts analysis on usage patterns and performance data to continuously improve services. This is done through analytics tools.

Data Processed: IP address, cookie data, Usage data, website traffic, platform performance metrics.

Purpose: To analyze platform performance and make data-driven improvements.

Legal Basis: Consent (for analytics cookies). You can find more information under the item "

You can find more information under the item "4. Cookies & Cookie Management".

At Dash0, we use cookies and tracking technologies to provide, personalize, and improve our services.

What are Cookies?

Cookies are small data files that are placed on your device when you visit a website. These files help the website to recognize your device and store information about your preferences or past actions.

Types of Cookies We Use

We use the following types of cookies on our website:

Necessary Cookies: These cookies are essential for the basic functionalities of the site, such as accessing secure areas and ensuring the site works as expected. For instance, cookies related to authentication and session management.
Performance Cookies: These cookies collect anonymous data on how visitors use our site, including which pages are visited most often. This will help us improve the performance and user experience of our website. We use tools like Google Analytics for this purpose.
Functional Cookies: These cookies remember your preferences and choices, such as language settings or previously viewed items, enhancing your browsing experience.
Targeting/Advertising Cookies: These cookies help to identify which campaigns are effective.

We use the so-called Consent Management Platform from Usercentrics to set and save individual settings for the different cookie categories. As part of this, a cookie is placed on your end device to register your selection/consent. The legal basis for consent management for cookies and comparable technologies is a legitimate interest, as storing the consent decision only slightly restricts the rights of visitors and at the same time simplifies the use of the pages on repeated visits. The legal basis for Targeting/Advertising Cookies is the consent of the user. All relevant Cookies are described in the Cookie Bot Tool of Usercentrics.

Social Media Platforms:

We operate pages on several social media platforms, including:

Twitter: X Corp, Market Square, 1355 Market St #900, San Francisco, CA 94103, USA.For more information, please refer to Twitter’s privacy policy at https://twitter.com/en/privacy.
LinkedIn: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA. For more information, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
GitHub: GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA. For more information, please refer to GitHub’s privacy policy at https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement.
YouTube: Google LLC (owner of YouTube), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For more information, please refer to YouTube’s privacy policy at https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/ .

When you visit our social media pages, data is processed both by us and the respective social media provider. The social media provider is primarily responsible for processing your data, particularly in terms of data protection and exercising your rights. They are best positioned to provide detailed information on how they handle your data.

Data Processing and Legal Basis:

On our social media pages, we interact with users and share relevant information. If you engage with us through comments, likes, shared content, or direct messages, we may process that data to communicate with you and manage inquiries.

Data processing occurs based on:

Your consent: when you engage with our social media content.
Contractual obligations: when the communication pertains to specific inquiries or services.
Legitimate interests: in improving our services and online presence.

Social media providers may also use cookies and other tracking technologies to analyze user behavior and enhance their services. Please refer to each provider’s privacy policy for details on how they manage data and the use of tracking technologies.

6. Changes to our privacy policy

We reserve the right to adapt this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g., when introducing new services. The current data protection declaration applies to every visit to the website.