Privacy Policy

Last Updated: October 4, 2025

1. Introduction

At Dib AI Inc ("we," "our," or "us"), we are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, website, and applications (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

We may collect several types of information from and about users of our Services, including:

2.1 Personal Information

• Contact information (such as name, email address, phone number)
• Account credentials (such as usernames and passwords)
• Payment information (we use secure third-party payment processors)
• Property information (address, details about your home)
• Inventory data (items, documents, manuals)
• Task information
• Notes and runbooks created within the platform
• Financial information (such as loan details, when provided)

2.2 Technical and Usage Information

• Device Information: Browser type, operating system, device type, screen resolution, mobile device identifiers
• Usage Analytics: Pages visited, features used, time spent on pages, click patterns, scroll behavior, navigation paths
• Performance Data: Page load times, application errors, crash reports, system performance metrics
• Network Information: IP address, browser type, referring/exit pages, connection type, geographic location (country/region level)
• Cookies and Tracking Technologies: Session cookies, persistent cookies, local storage, web beacons, pixel tags

2.3 Mobile Application Data

• Device Permissions: Camera access for photo capture, photo library access, file system access, device storage access
• Media Content: Photos of inventory items, documents, receipts, property features
• Device Capabilities: Available storage, camera specifications, network connectivity status
• App Performance: Crash logs, error reports, feature usage statistics, offline storage data

2.4 Biometric and Behavioral Data

• Session Recordings: With consent, we may record user sessions including screen interactions, mouse movements, clicks, and scrolls
• Behavioral Patterns: User interaction patterns, feature adoption rates, workflow preferences, engagement metrics
• Photo Analysis: When users upload photos, we may analyze image content for categorization and organization purposes

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we collect and process your personal information based on one or more of the following legal grounds:

• Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you, including providing our Services.
• Legitimate Interests: Processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests.
• Consent: You have given us specific consent to process your personal information for a particular purpose.
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

4. How We Use Your Information

We may use the information we collect for various purposes, including to:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Send administrative notifications, such as security or support messages
• Respond to your comments, questions, and requests
• Provide customer support
• Send promotional communications (with your consent)
• Monitor and analyze trends, usage, and activities in connection with our Services
• Personalize and improve your experience
• Protect the security and integrity of our Services
• Comply with legal obligations

5. AI Features and Model Training

Our Services include AI-powered features that help manage your home inventory, tasks, and documents. To provide and improve these features, we process your data in the following ways:

5.1 How We Use Your Data with AI

• Personalized Assistance: We process your home data, inventory items, and tasks to provide AI-powered assistance through our chat interface and other features.
• Data Vectorization: We convert certain text data into vector embeddings (numerical representations) to enable semantic search and AI reasoning about your home information.
• AI Model Training: We may use aggregated and anonymized data derived from user interactions to improve our AI models and features. This helps us enhance the quality, accuracy, and capabilities of our AI services.

5.2 Data Safeguards for AI Processing

We implement strong safeguards when processing data for AI purposes:

• Data Minimization: We only use the data necessary to provide and improve our AI features.
• Anonymization: When data is used for model improvement, it is aggregated and anonymized to remove personally identifiable information.
• Security Measures: We employ strict security protocols for all AI data processing activities.
• Selective Training: Not all user data is used for model training; we focus on non-sensitive data patterns that help improve general functionality.

5.3 Your Control Over AI Data Usage

You have control over how your data is used with our AI features:

• Opt-Out Rights: You can opt out of having your data used for AI model improvement while still using our core services. To opt out, visit your Privacy Settings page.
• Data Deletion: When you delete your data through our Privacy Settings, it is also removed from our AI systems and will not be used for future model improvements.
• Transparency: We strive to be transparent about which features use AI processing and how your data contributes to these services.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. Under the GDPR and similar regulations, you may have the following rights:

• Right to Access: You have the right to request copies of your personal information.
• Right to Rectification: You have the right to request that we correct inaccurate information about you or complete information that is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer the information you've provided to us to another organization or directly to you.
• Right to Object: You have the right to object to the processing of your personal information in certain circumstances.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
• Right to Withdraw Consent: If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
• Right to Opt Out of Sales: You have the right to opt out of having your personal information sold to third parties. California residents and residents of certain other jurisdictions have additional rights regarding data sales.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority.

6.1 California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information, including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of your personal information
• The right to opt-out of the sale of your personal information
• The right to non-discrimination for exercising your CCPA rights

To exercise your California privacy rights, please visit our Privacy Settings page or contact us at privacy@dib.io.

7. Third-Party Services and Data Sharing

7.1 Payment Processing

Stripe, Inc.: We use Stripe for payment processing. When you make a purchase, Stripe collects and processes your payment information according to their privacy policy (https://stripe.com/privacy). We do not store complete credit card information on our servers.

7.2 Analytics and Performance Monitoring

Amplitude, Inc.: We use Amplitude for user behavior analytics, including:

• Session recording and replay (with user consent)
• User interaction tracking and behavioral analysis
• Error monitoring and performance analytics
• Cross-device user identification and tracking
• Custom event tracking for product improvement

Google Analytics: We use Google Analytics to understand website usage patterns. Google may use this data for their own advertising purposes. You can opt-out using Google's Ad Settings or browser tools.

Vercel Analytics: We use Vercel for performance monitoring, including page load times, user experience metrics, and application performance data.

7.3 Artificial Intelligence Services

OpenAI: We send user content and prompts to OpenAI's API for AI-powered features. OpenAI may use this data according to their privacy policy and data usage policies.

Anthropic: We use Anthropic's Claude models for AI assistance. User interactions with AI features may be processed by Anthropic according to their privacy policies.

Pinecone: We may use Pinecone for vector database services to enhance AI search capabilities. User data processed through Pinecone is subject to their privacy policies.

7.4 External Data Sources

AirNow (U.S. EPA): We retrieve air quality data from the EPA's AirNow service based on user location to provide environmental information.

Weather Services: We integrate with weather data providers to offer weather-related home management insights.

7.5 Infrastructure and Hosting

Vercel: Our application is hosted on Vercel's infrastructure. User data is processed and stored on Vercel's servers according to their privacy policies.

Supabase: We use Supabase for database services and authentication. User data is stored and processed according to Supabase's privacy policies.

Amazon Web Services (AWS): We use AWS for file storage, email services, and additional infrastructure needs.

7.6 Communication Services

Email Services: We may use third-party email service providers (such as AWS SES) to send transactional emails, notifications, and marketing communications.

Slack Integration: We may send notifications to internal Slack channels for operational purposes, which may include anonymized usage statistics and system alerts.

8. Data Retention and Deletion

8.1 Data Retention Periods

We retain personal information for different periods depending on the type of data and purpose of processing:

• Account Information: Retained until account deletion, plus 30 days for recovery purposes
• Inventory and Property Data: Retained until user deletion or account termination
• Analytics Data: Aggregated data retained indefinitely; individual user data retained for 26 months
• Payment Information: Stored by payment processors according to their retention policies
• Communication Logs: Retained for 7 years for legal and compliance purposes
• Session Recordings: Retained for 12 months, then automatically deleted

8.2 Data Deletion Process

When you request data deletion or terminate your account:

• Personal data is deleted from our primary systems within 30 days
• Backup systems are purged within 90 days
• Some data may be retained longer for legal compliance or legitimate business purposes
• Aggregated and anonymized data may be retained indefinitely for product improvement
• Third-party services may retain data according to their own policies

9. International Data Transfers

Your information may be transferred to, processed, and stored in countries other than your own, including the United States. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Privacy Shield or similar certification programs where applicable
• Other appropriate safeguards as required by applicable law

10. Children's Privacy

Our Services are not intended for children under 13 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe we have collected information from a child, please contact us immediately at privacy@dib.io.

11. Security Measures

We implement comprehensive security measures to protect your personal information:

• Encryption: Data is encrypted in transit using TLS and at rest using industry-standard encryption
• Access Controls: Strict access controls and authentication requirements for our systems
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Regular security assessments and penetration testing
• Employee Training: Security awareness training for all personnel with access to personal data

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through our Services of material changes
• Provide you with the opportunity to review the changes before they take effect
• For significant changes, we may require your renewed consent

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at: