Privacy Policy

1. Introduction

dast ("we," "our," or "us") respects your privacy. This policy explains how we collect, use, and protect your information when you visit our website or sign up for early access. By using our site or submitting your email, you consent to the practices described in this policy. We are committed to protecting your personal data in accordance with applicable data protection laws, including the GDPR and CCPA.

2. Information We Collect

Waitlist signup: When you join our early access waitlist, we collect your email address via a form on our site. This is stored securely in Supabase, our database provider.

Website analytics: We do not currently use tracking cookies, analytics scripts, or any third-party tracking tools. If we add them in the future, we will update this policy and, where required, request your consent.

No account data: dast is currently in pre-launch. We do not process payments, store account credentials, or collect any personal data beyond email addresses submitted via the waitlist form.

3. How We Use Your Email

• To notify you when dast becomes available
• To send occasional updates about development progress
• To respond to support inquiries sent to our contact email

We will never sell, rent, or share your email with third parties for marketing purposes. You may unsubscribe at any time by replying to any email or contacting us directly.

4. Lawful Basis (GDPR)

If you are located in the European Economic Area (EEA), our lawful basis for processing your email is yourconsent, which you give by submitting the waitlist form. You have the right to withdraw consent at any time by contacting us.

5. Data Storage and Security

Waitlist emails are stored in Supabase, which encrypts data at rest (AES-256) and in transit (TLS 1.3). Access is restricted to authorized personnel only, and row-level security policies prevent unauthorized reads. We have a Data Processing Agreement (DPA) in place with Supabase.

International transfers: Supabase servers are located in the United States. For users in the EEA, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism, as Supabase provides these safeguards.

6. Data Retention

We retain your email until you request removal or until 12 months after the public launch of dast, whichever comes first. To request deletion, email us at the address below.

7. Your Rights

Under the GDPR and CCPA, you have the right to:

• Request access to the data we hold about you
• Request correction or deletion of your data
• Withdraw consent at any time
• Data portability
• Lodge a complaint with your local data protection authority

To exercise these rights, contact us at the email below. We will respond within 30 days.

8. Children’s Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us so we can delete it.

9. Third-Party Services

Supabase: Our database provider. Your email is stored on their US-based infrastructure. Supabase is SOC 2 compliant and provides a DPA covering GDPR requirements. See their privacy policy at supabase.com/privacy.

Cloudflare: Our DNS, CDN, and DDoS protection provider. When you visit our site, Cloudflare may process your IP address and request metadata for security and performance purposes. See their privacy policy at cloudflare.com/privacypolicy.

Vercel: Our hosting provider. Standard server logs (IP address, browser user agent, request timestamps, pages visited) may be collected as part of normal operations. See vercel.com/privacy.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Material changes will be notified via email to our waitlist subscribers.

11. Contact

For privacy inquiries or data deletion requests, contact us at contact@getdast.tech.