Privacy Policy for dip.co

1. Introduction and Definitions

This Privacy Policy describes how Dip Labs LLC ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our website, dip.co, and any related services (collectively, the "Service"). By accessing or using our Service, you acknowledge that you have read, understood, and agree to our collection and use of your personal information as described in this Privacy Policy.

This policy is a legally binding document. It is essential for ensuring transparency and building trust with our users by clarifying our responsibilities regarding the handling of personal data.

Key Definitions

To ensure clarity and legal precision, the following terms will have the meanings ascribed to them below:

• Personal Data: Any information that relates to an identified or identifiable individual. This includes, but is not limited to, names, email addresses, online identifiers like IP addresses, and any other information that can be reasonably linked to a person. This definition is intended to be broad to encompass the requirements of both GDPR and CCPA/CPRA.
• Creator: A user, typically a YouTuber or social media influencer, who registers for an account on the Service to create and manage a dedicated page for their audience.
• End User: A visitor to a Creator's page who interacts with the content, such as by signing up for price alerts or entering a giveaway promotion.
• User Content: All content, including text, images, videos, and links, that a Creator posts, uploads, or otherwise makes available on their page through the Service.
• Processing: Any operation performed on Personal Data, such as collection, recording, organization, storage, use, disclosure, or erasure.
• Data Controller: The entity that determines the purposes and means of the processing of Personal Data. For the purposes of this policy, Dip Labs LLC is the Data Controller.

Data Controller Information

Dip Labs LLC is the entity responsible for your Personal Data. If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:

Email: help@dip.co

Providing clear contact information is a fundamental requirement under data protection laws, ensuring users can easily exercise their rights.

2. Data We Collect and How We Collect It

This section provides a transparent overview of the categories of Personal Data we process and the methods by which we collect it. The data collected varies depending on whether you are a Creator or an End User, reflecting the different ways each group interacts with our Service.

Data Provided Directly by You

We collect Personal Data that you voluntarily provide to us when you interact with the Service.

For Creators:

• Account Registration Data: When you create a Creator account, we collect information necessary to establish and manage your page. This includes your full name, email address, password, and information related to your YouTube channel or other social media profiles.
• Communications Data: We collect any information you provide when you contact us for support, submit feedback, or otherwise communicate with us.

For End Users:

• Giveaway and Price Alert Registration Data: When you sign up for a price dip alert or enter a giveaway hosted by a Creator on our platform, we collect the information required for that specific promotion, which typically includes your email address.
• Communications Data: If you contact us directly, we will collect the information contained in your communications.

Data Collected Automatically

When you use our Service, we automatically collect certain technical and usage information to ensure the functionality, security, and improvement of our platform.

Usage and Technical Data:

Through our servers and the use of third-party analytics tools like PostHog, we automatically log information about your device and your interaction with our Service. This includes:

• Device and Connection Information: Your browser type, operating system, device identifiers, and other technical specifications.
• Log Data: We collect hashed IP addresses and User-Agent strings for security and analytical purposes. Hashing is a security measure that obscures the original data, but it is important to note that under regulations like GDPR, hashed data is still considered Personal Data and not fully anonymous.
• Interaction Data: We record information about your activity on the Service, such as the pages you visit, the features you use, the links you click, and the time and duration of your visits.
• Session Replay Data: We use analytics tools that provide session replay capabilities. This means we may record a visual representation of your interactions with our Service, such as your mouse movements, clicks, and scrolling activity. This information is used exclusively for internal purposes to identify and resolve technical issues, improve user experience, and optimize our Service.

Summary of Data Processing Activities

The following table provides a clear and concise summary of our data processing activities, as required by the transparency principle of the GDPR. It outlines the types of data we collect, our purposes for processing, and the legal basis we rely on under GDPR for each activity.

The differentiation between legal bases for processing data from Creators and End Users is a deliberate and legally significant choice. For Creators, the processing of their account data is essential for us to provide the service they have contracted for, making "Performance of a Contract" the appropriate legal basis. For End Users, who voluntarily provide their information for optional activities like giveaways, "Consent" is the most transparent and applicable legal basis.

3. Third-Party Services and Data Sub-processors

To provide and improve our Service, we engage certain third-party services that may process your Personal Data on our behalf. We are committed to transparency regarding these sub-processors and have vetted them to ensure they meet our privacy and security standards.

Analytics (PostHog)

We use PostHog as our product analytics platform to help us understand how users interact with our Service. This allows us to identify areas for improvement, diagnose technical issues, and enhance the overall user experience.

Session Replay: As mentioned, our use of PostHog includes session replay technology. To protect your privacy, we have implemented robust privacy-preserving measures. By default, all user input fields are masked, which means any text you type into forms (such as names, emails, or passwords) is obscured and never sent to or recorded by PostHog. We may also programmatically redact other specific elements on a page to prevent the capture of potentially sensitive information.

Embedded Content (YouTube)

Creator pages on our Service may feature embedded video content from YouTube. When you interact with an embedded YouTube video player, you are interacting directly with Google's services.

• Data Collection by Google: Playing an embedded YouTube video may result in Google collecting data about your activity, such as your IP address and viewing history, in accordance with its own privacy policy. We do not control this data collection. We strongly encourage you to review Google's Privacy Policy to understand their practices.
• Privacy-Enhanced Mode: To minimize data collection, we embed all YouTube videos using YouTube's "privacy-enhanced mode" (via the youtube-nocookie.com domain). This mode is designed to prevent YouTube from placing tracking cookies on your device until you click to play the video. However, it is important to understand that once you play the video, YouTube may still collect data and place cookies on your device.

Other Service Providers

We may also share Personal Data with other categories of service providers who perform functions on our behalf, such as:

• Cloud hosting and infrastructure providers (e.g., Amazon Web Services, Google Cloud, Vercel, etc).
• Email delivery services for transactional and marketing communications.

These providers are contractually obligated to process your Personal Data only on our instructions and to implement appropriate security measures to protect it.

4. How We Use and Share Your Data

We process your Personal Data for specific, legitimate business purposes and only share it under limited circumstances, as outlined below.

Purposes of Use

Your Personal Data is used for the following purposes:

• Service Provision and Maintenance: To create and manage user accounts, provide the core functionalities of the Service, and deliver customer support.
• Service Improvement and Personalization: To analyze usage patterns, diagnose problems, and develop new features to improve and personalize your experience.
• Communication: To send you important service-related notices, updates, and security alerts. We may also send you marketing communications about our products and services, from which you can opt out at any time.
• Security and Legal Compliance: To prevent fraud, protect the security of our Service and users, and comply with our legal obligations, such as responding to lawful requests from public authorities.

Circumstances of Data Sharing

We do not sell your Personal Data. We only share it in the following situations:

• With Creators: This is a critical aspect of our Service. When an End User signs up for a price alert or enters a giveaway, we will share the Personal Data they provided (e.g., name and email address) with the specific Creator who is running that promotion. The Creator needs this information to administer the giveaway and contact the winner. Creators are independently responsible for how they handle this data.
• With Service Providers: As described above, we share data with third-party vendors who are acting as our data processors.
• Business Transfers: In the event of a merger, acquisition, sale of assets, or other corporate transaction, your Personal Data may be transferred to the successor entity. We will notify you of any such change in control.
• Legal Requirements and Rights Protection: We may disclose your Personal Data if we believe in good faith that it is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Service, or protect the personal safety of users or the public.

5. Cookies and Tracking Technologies

Our Service uses cookies and similar tracking technologies to function effectively and to gather analytics data.

What are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you use our Service.

Types of Cookies We Use:

• Strictly Necessary Cookies: Essential for the basic operation of our Service, such as for user authentication and security.
• Performance and Analytics Cookies: Help us collect data on how you interact with our Service, which we use to improve its performance (e.g., via PostHog).
• Functional Cookies: Used to remember your preferences and provide enhanced functionality.

Your Choices and Consent

We provide you with control over non-essential cookies. When you first visit our site, you will be presented with a cookie consent banner where you can accept or reject different categories of cookies. You can change your preferences at any time through our cookie management tool or your browser settings.

6. Data Security, Retention, and International Transfers

We are committed to protecting your Personal Data and have implemented appropriate measures to safeguard it.

Data Security

We use a combination of technical, administrative, and physical security measures to protect your Personal Data from unauthorized access, use, or disclosure. These measures include:

• Encryption: We use Transport Layer Security (TLS) to encrypt data in transit between your device and our servers. Data at rest is also encrypted.
• Access Controls: Access to Personal Data is restricted to authorized personnel who have a legitimate business need.
• Data Hashing: As a security measure, we hash sensitive data points like IP addresses. It is important to reiterate that hashing is a form of pseudonymization that enhances security, but it does not render the data anonymous.

Data Retention

We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected. Our retention periods are determined by factors such as:

• The duration of your relationship with us (e.g., as long as you maintain an active account).
• Our legal and regulatory obligations (e.g., for tax, accounting, or to defend against legal claims).

When we no longer have a legitimate business need to process your Personal Data, we will either delete or anonymize it.

International Data Transfers

Dip Labs LLC is based in the United States. If you are accessing our Service from outside the U.S., please be aware that your Personal Data will be transferred to, stored, and processed in the United States. Data protection laws in the U.S. may differ from those in your jurisdiction.

For users located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we ensure that any such transfers are lawful and that your data is adequately protected. We rely on legal mechanisms such as the EU-U.S. Data Privacy Framework and/or the Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize these data transfers.

7. Your Data Protection Rights

We respect your rights over your Personal Data. Depending on your location, you may have the following rights. We have separated them by jurisdiction for clarity.

Rights for Residents of the European Economic Area (EEA), UK, and Switzerland (under GDPR)

If you are a resident of the EEA, UK, or Switzerland, you have the following rights under the GDPR:

• The Right to be Informed: The right to receive clear, transparent, and easily understandable information about how we process your Personal Data (which is the purpose of this Privacy Policy).
• The Right of Access: The right to obtain a copy of the Personal Data we hold about you.
• The Right to Rectification: The right to have inaccurate Personal Data corrected or completed.
• The Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your Personal Data in certain circumstances.
• The Right to Restrict Processing: The right to request that we temporarily or permanently stop processing all or some of your Personal Data.
• The Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• The Right to Object: The right to object, on grounds relating to your particular situation, to our processing of your Personal Data where we are relying on legitimate interests as our legal basis.
• Rights in Relation to Automated Decision-Making and Profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you.

To exercise any of these rights, please contact us at help@dip.co. We will respond to your request within one month, as required by law.

Rights for Residents of California (under CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA/CPRA:

• The Right to Know: The right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we have shared it.
• The Right to Delete: The right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• The Right to Correct: The right to request the correction of inaccurate personal information we maintain about you.
• The Right to Opt-Out of Sale/Sharing: The right to direct us not to "sell" or "share" your personal information. "Sharing" under the CPRA refers to sharing for cross-context behavioral advertising. We do not sell your personal information for monetary consideration.
• The Right to Limit Use of Sensitive Personal Information: The right to limit our use and disclosure of your sensitive personal information to purposes necessary to provide the services you requested.
• The Right to Non-Discrimination: The right not to be discriminated against for exercising any of your CCPA/CPRA rights.

To exercise these rights, please contact us at help@dip.co or visit our "Delete My Data" page. We are required to update this policy at least every 12 months to reflect our data practices.

8. Children's Privacy

Our Service is not intended for or directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect Personal Data from children. If we learn that we have inadvertently collected Personal Data from a child under the applicable age limit, we will take commercially reasonable steps to delete that information as soon as possible.

9. Policy Updates and Contact Information

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, by other means, such as email. We encourage you to review this policy periodically.

Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please do not hesitate to contact us:

Email: help@dip.co