Privacy Policy

This Policy covers:

• Information collected through the Website (dynabase.ai)
• Information collected through the Service (Dynabase product, including the web application, mobile applications, APIs, and any related interfaces)
• Information collected through communications with us by email or through customer support

Some aspects of how we process customer data are also governed by your Master Services Agreement, Data Processing Agreement, or other customer-specific contractual terms. Where those terms conflict with this Policy, the contractual terms prevail for the customer to whom they apply.

We collect information in several categories:

Information you provide directly. When you sign up for an account, communicate with us, fill out a form, or use the Service, we receive information such as your name, email address, phone number (if shared), company or organisation, role, and any other details you choose to share.

Account and subscription data. When you create or manage an account, we receive billing information, plan details, payment method (processed by our payment processor — we do not store full card details), invoices, and usage records.

Business data you enter into Dynabase. As part of using the Service, you and the people you authorise may upload, enter, or generate data within Dynabase — including chart-of-accounts information, transactions, invoices, bills, ledgers, payroll details, vendor and customer records, documents, files, and other business records ("Customer Data"). Customer Data is processed under instructions from you (the customer); see Section 6 below.

AI inputs and outputs. When you or our agents perform tasks within Dynabase, the Service processes inputs (instructions, prompts, queries) and produces outputs (categorisations, journal entries, reports, responses). Some of this processing involves third-party AI model providers — see Section 5.

Information from integrations. If you connect Dynabase to third-party systems (such as banks, payment processors, accounting software, or other enterprise systems), we receive data from those systems as authorised by you. Specifics are described at the time of connection.

Information from your use of the Website or Service. Standard web and application logs (IP address, user agent, pages and screens visited, actions taken, timestamps, device identifiers), and cookie-based or local-storage identifiers used for session management, analytics, security, and feature delivery.

We use the information we collect to:

• Provide, operate, maintain, secure, and improve the Service and the Website
• Process subscriptions, billing, payments, and related transactions
• Authenticate users, manage accounts, and enforce account security
• Respond to support requests, inquiries, and customer communications
• Generate outputs through the Service (for example, agent-produced categorisations, suggestions, or reports based on Customer Data)
• Communicate about service updates, security notices, billing, and (with consent) marketing
• Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity
• Comply with applicable law, regulation, court orders, or other legal process
• Protect our rights, property, or safety, or that of our users or the public

You retain ownership of Customer Data. We process Customer Data on your behalf and under your instructions to provide and improve the Service, as set out in our customer agreements.

We do not sell Customer Data. We do not use Customer Data to develop generally available products or services that benefit third parties, except as expressly permitted by your customer agreement.

The Service uses artificial intelligence — including large language models, agentic frameworks, and machine-learning models — to perform tasks within Dynabase.

Third-party model providers. Some AI processing is performed by third-party model providers operating under contractual confidentiality and security obligations. Inputs and outputs may be transmitted to and processed by those providers for the purpose of generating a response or output to you.

No training on your data by default. We do not allow third-party AI model providers to train their general-purpose models on Customer Data. Where a model provider's enterprise terms support a "no-train" or zero-retention setting, we configure our integration accordingly.

Internal improvement. We may use aggregated, de-identified, or otherwise non-identifying information derived from Service usage to improve the Service — for example, to evaluate model performance, fix errors, or improve feature quality. Where we use Customer Data for such purposes, we do so consistent with your customer agreement.

Human review. In limited circumstances, our personnel may need to review specific Service interactions to investigate a bug, address a support request, respond to abuse, or comply with law. Access is logged, role-restricted, and minimised.

We use cookies, local storage, and similar technologies to operate the Website and Service.

Essential cookies and storage. Keep you signed in, preserve preferences, and ensure core functionality. These cannot be disabled without breaking the Service.

Analytics cookies. Help us understand usage patterns and improve the Service. We use privacy-respecting analytics that minimises identification of individual users.

Third-party cookies. Limited third-party cookies may be set by our content delivery network, font provider, payment processor, and customer-support tooling. Each is selected with privacy and security in mind.

You can control cookies in your browser settings. We respect Do Not Track signals where technically feasible. We do not use cookies for cross-site advertising or to sell information.

We share information only when needed to operate the Service, comply with law, or protect our rights:

• Service providers and sub-processors. Cloud infrastructure, AI model providers, payment processors, email and SMS delivery, customer support, analytics, applicant tracking, and similar — each under contractual confidentiality and security obligations.
• Integrations you authorise. Information shared with third-party systems you connect to Dynabase, as directed by you.
• Legal requirements. When required to comply with applicable law, regulation, or valid legal process.
• Protection of rights. To protect our rights, property, or safety, or those of users or the public.
• Business transfers. In connection with a merger, acquisition, financing, or sale of assets — with appropriate notice.

A current list of sub-processors is available on request. We do not sell personal information.

We use a range of administrative, technical, and physical safeguards to protect information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls and least-privilege principles, multi-factor authentication for administrative access, network segmentation, monitoring, regular backups, and periodic security reviews.

Customers on paid plans receive additional security commitments under our Master Services Agreement and Data Processing Agreement. Detailed security and infrastructure documentation is available inside the Dynabase app and on request.

No method of internet transmission or storage is one hundred percent secure, but we treat the data you entrust to us with care.

Subject to the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable law, you have the following rights with respect to personal data we hold about you:

• Right to access information about the personal data we process about you
• Right to correction of inaccurate or incomplete personal data
• Right to erasure of personal data no longer necessary for the purposes for which it was collected, subject to legal and contractual retention requirements
• Right to grievance redressal — to raise a complaint about how your personal data has been processed
• Right to nominate another individual to exercise your rights in the event of your death or incapacity
• Right to withdraw consent where processing is based on consent
• Right to data portability where required by applicable law

To exercise these rights, write to legal@dynabase.ai. We will respond within the timeframe required by applicable law. If you are an end user of a customer's Dynabase account (for example, an employee of a company that subscribes to Dynabase), please direct your request to that customer in the first instance; we will support them in responding.

We are based in India. Our service providers and sub-processors may be located in India or in other jurisdictions, including the United States and the European Union. Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable law.

The Service is not directed at children under the age of eighteen. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please write to legal@dynabase.ai so we can delete it.

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained according to the customer's instructions and the terms of the applicable customer agreement.

When a Dynabase account is cancelled or terminated, Customer Data is retained for a limited period (typically thirty days unless otherwise agreed) to allow for export, after which it is deleted in accordance with our deletion procedures.

In accordance with the Information Technology Act, 2000 (as amended), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the contact details of our Grievance Officer and Data Protection Officer are:

• Name: Vibhor Rastogi
• Role: Grievance Officer & Data Protection Officer
• Company: Stencil Computing Private Limited
• Address: Floor 19, C-001/A2, Sector 16B, Noida, UP 201301, India
• Email: legal@dynabase.ai

Complaints are acknowledged within 24 hours and resolved within 15 days of receipt, in accordance with applicable rules.

We may update this Policy from time to time. Material changes will be notified through the Website, the Service, or by email. The "Last updated" date at the top of this Policy reflects the most recent change. Continued use of the Website or Service after changes constitutes acknowledgement of the updated Policy.

For questions about this Privacy Policy or our handling of your information:

• Privacy and grievance: legal@dynabase.ai
• General contact: contact@dynabase.ai
• Product support: support@dynabase.ai

Or write to the registered address listed above.