Privacy Policy

DashboardDriven is operated by Pacific Ally LLC, a Washington limited liability company headquartered in Vancouver, Washington, United States. Pacific Ally LLC also does business as “DocuDriven” for our separate document-services line. References in this Privacy Policy to “we,” “us,” or “Pacific Ally” mean Pacific Ally LLC. References to the “Service” mean the websites, applications, and APIs we provide under the DashboardDriven name.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It is incorporated into our Terms of Service.

Account information. When you create an account we collect your name, email address, the authentication provider you used (for example email + password, Google, Microsoft, GitHub, or a SAML SSO provider configured by your organization), and the per-provider identifier we receive after authentication.

Organization (workspace) information. When you create or administer an organization we collect the organization name, the subdomain or custom domain you choose, any branding assets you upload (logo, primary color, login background), the member list, role and access-policy configuration, and billing contact details.

Connected data sources. When you connect a data source we store the OAuth refresh tokens or API credentials required to retrieve data on your behalf, the connection metadata you configure (for example which reports or lists to sync, which fields map to which metrics, which breakdowns to enable), and the data we retrieve from the source in your organization's isolated database. Connector types currently include — among others — QuickBooks Online, Microsoft 365 / OneDrive / SharePoint, Google Sheets, HighLevel, Clockify, monday.com, SQL databases (PostgreSQL, MySQL, MS SQL), spreadsheets you upload, and manual entry.

Dashboard content. We store the pages, tabs, widgets, filters, derivation rules, monitoring thresholds, scheduled deliveries, and other configuration you create within the Service, along with the data your widgets query.

Usage and diagnostic data. We collect application and server logs that describe how the Service is used and where errors occur — for example which pages were rendered, which connector syncs ran, response times, error traces, the IP address of the request, and the browser and operating system you use. These logs are used to operate, secure, and improve the Service.

Payment information. Billing is processed by Stripe, Inc. We do not store full payment card numbers. We receive and store transaction records, the last four digits of the card or bank account used, the brand of the card, the billing address you provide, and your subscription and invoice status.

Email-delivery records. Transactional email (invitations, billing receipts, security alerts, scheduled-delivery messages, password resets) is sent through Resend. We retain message-level metadata — delivery, bounce, complaint, and opens where the recipient's mail client reports them — to operate the Service reliably and to honor unsubscribes for marketing messages.

Demand-signal capture. When you paste a URL into our data-source detector or request a connector that does not yet exist, we record the request (the URL or text you entered, your organization identifier, and the timestamp) so we can prioritize future connector work and notify you if we ship support. We do not attempt to retrieve data from URLs we have not been authorized to connect.

• To provide, operate, secure, and improve the Service, including answering support requests;
• To authenticate you and manage your session;
• To execute the actions you take in the Service (running syncs, rendering dashboards, generating AI summaries, sending scheduled deliveries, and similar);
• To process payments and manage your subscription;
• To send transactional communications (invitations, invoices, security and billing alerts, service notices);
• To detect and prevent fraud, abuse, security incidents, and unauthorized access;
• To comply with legal obligations and respond to lawful requests;
• To monitor product use in the aggregate, plan future features, and triage demand signals; and
• With your separate consent (where required by law), to send you product update or marketing emails.

We do not sell your personal information. We do not use Your Data to train third-party AI models. We do not use Your Data to train our own machine-learning models without your separate, explicit consent.

Each organization's primary records — connectors, dashboards, widgets, data records, monitoring runs, share tokens, alert recipients, and similar — live in a database dedicated to that organization. Two organizations never share storage at the table level. Only the cross-organization platform layer (for example the list of organizations, the billing record, the user-to-organization membership, and the connector-type registry) lives in a shared platform database. This isolation reduces the blast radius of a software bug and is foundational to how we handle Your Data.

We share information only as described below. Each sub-processor is bound by a written data-protection agreement with terms substantially equivalent to those we owe you.

• Infrastructure. Google LLC (Google Cloud Platform — Cloud Run, Cloud SQL, Cloud Storage, Secret Manager) hosts our application servers, databases, files, and credentials. Our primary region is in the United States.
• Web hosting and edge. Vercel Inc. hosts the marketing site and the Next.js front-end of the Service.
• Authentication. Google Firebase Authentication handles password storage and the consumer SSO providers (Google, Microsoft, Apple, Facebook). For enterprise SSO an organization administrator may configure additional providers; we do not control those identity providers.
• Payments. Stripe, Inc. processes subscription and one-time payments and stores the payment method on its systems.
• Transactional email. Resend, Inc. delivers transactional messages (including scheduled-delivery emails) and records delivery status.
• AI. Anthropic, PBC provides the large-language-model APIs that power our AI features. Inputs we send to Anthropic are processed only to fulfill your request and are not used to train Anthropic's models, per our commercial arrangement.
• Other. Third-party data sources you authorize (for example QuickBooks, HighLevel, monday.com) receive only the OAuth tokens and API calls necessary to pull the data scopes you granted.

We may also share information when required by law or valid legal process, when necessary to defend the Service or our other customers against harm, or as part of a merger, acquisition, or sale of assets — in the latter case we will notify you so you can review the acquirer's privacy practices.

AI features include — among others — narrative summaries of dashboards and tabs, the “Ask AI to add a chart” flow, AI-mapped spreadsheet columns, suggestions for normalizing dimension values, tracking suggestions, forecasting pattern detection, AI-proposed target / budget / planned values for manual entry, and AI-assisted onboarding flows. Each of these features sends to our AI provider the specific inputs needed to fulfill the request, which may include a slice of Your Data (for example the periods, dimensions, and values shown on a dashboard, the column headers and sample rows of a spreadsheet, or your prompt text).

We do not send to the AI provider data outside the scope of your request, and the AI provider does not use your inputs to train its models. AI outputs are generated automatically and may be incomplete, inaccurate, or misleading; you are responsible for reviewing them before relying on them. Organization administrators can disable AI features for the organization in workspace settings, restrict who within the organization may use AI features, and cap monthly AI usage at the plan level or stop usage at the cap.

You can schedule a dashboard or page to be delivered to a list of email addresses on a cadence you choose (for example weekly to your board). When you do, we store the recipient list, the delivery cadence, the most recent delivery status, and the rendered artifact (PDF, PowerPoint, or share-link) for the period required to retry failed sends and to provide audit history. Recipients can unsubscribe themselves from any individual delivery; an organization administrator can also remove a delivery from the Service.

You can also publish a public share link that lets anyone with the URL view a snapshot of a specific dashboard without signing in. Public share links are rate-limited at the per-token level to protect against abuse, do not render AI widgets, and can be revoked at any time. Treat a public share link the same way you would treat any URL you choose to share publicly.

To reach data sources that live on a private network — for example a SQL database that is not exposed to the public internet — we offer an optional local agent. The agent is a small program you install on a machine inside your network. It opens an outbound, authenticated connection to our backend and pipes byte streams between that backend and the private data source. The agent stores its pairing credential in the host operating system's native credential store (Windows DPAPI, the macOS Keychain when available, or a machine-bound encrypted file on Linux). The agent does not store the data that passes through it, beyond the operating-system buffers required for the transfer.

We support email + password and the consumer SSO providers Google, Microsoft, Apple, and Facebook through Firebase Authentication. Enterprise organizations may configure additional providers — for example a tenant-specific Microsoft Entra (Azure AD), Google Workspace, or GitHub OAuth application — directly with their identity provider; we store the configuration but do not control the identity provider.

When you sign in we record the sign-in provider, the per-provider identifier, your email, your name (if the provider returns it), and the IP address and user-agent of the sign-in. We store a per-user Firebase identifier in our platform database to link your account across sessions and providers.

We retain Your Data for as long as your account or organization is active. After an organization is closed or a paid subscription lapses without renewal, we retain Your Data for thirty (30) days to allow you to restore the workspace, after which we permanently delete it from our active systems. Standard backup rotations may retain Your Data for an additional period of up to sixty (60) days before the backups are overwritten in the ordinary course.

Server and application logs (including security and audit logs) are retained for up to twelve (12) months. Stripe payment and tax records, and email-delivery records held by Resend, are retained for the periods required by our sub-processors and by applicable financial and tax laws. Demand-signal records and aggregated, de-identified usage statistics may be retained on an ongoing basis to inform future product work.

We apply the security measures we believe are reasonable for the data we process, including encryption in transit (TLS 1.2 or higher), encryption of databases at rest, encryption of connector credentials with envelope encryption keyed to per-organization material, secrets management through Google Cloud Secret Manager, role-based access control within the application, and least-privilege access for our personnel. No system is perfectly secure; we cannot guarantee that an attacker will never gain access to Your Data, and we cannot guarantee that data we transmit to or from a third-party integration will not be intercepted by a third party. You are responsible for using strong authentication on your account and for the access roles you grant within your organization.

Depending on where you live you may have rights to access, correct, delete, export, or restrict the processing of personal information we hold about you, and to object to certain uses. To exercise these rights, contact us at privacy@dashboarddriven.com. We will verify your identity before acting and will respond within the period required by law (and in no event longer than 45 days). Organization administrators can also export or delete their organization's data directly from the organization settings page.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). You can submit a verifiable consumer request as described above. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly process the personal information of minors under the age of 16 for marketing purposes.

We use a single first-party session cookie (dd_session) that is strictly necessary to keep you signed in. Firebase Authentication stores a small amount of authentication state in your browser's IndexedDB so we can refresh your sign-in token; signing out of the Service clears this state. Stripe Checkout and any third-party integration you initiate may set their own cookies during their flows.

We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that profile individual users. We use first-party server logs to understand how the Service is used in the aggregate.

Our primary infrastructure is hosted in the United States. If you access the Service from outside the United States, Your Data will be transferred to, processed in, and stored in the United States. We rely on the European Commission's Standard Contractual Clauses and equivalent mechanisms where required to lawfully transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States. By using the Service from a jurisdiction whose law permits the transfer with your consent, you consent to the transfer.

The Service is not directed to and may not be used by children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it. Parents or guardians who believe a minor has provided us with personal information should contact us at the address below.

We may update this Privacy Policy from time to time. For material changes we will notify you by email or by a prominent notice in the Service before the changes take effect. Your continued use of the Service after the effective date of an updated version is your acceptance of the updates. The “Effective date” at the top of this page indicates when the most recent version became effective.

Questions or concerns about this Privacy Policy or our handling of your information? Contact us at privacy@dashboarddriven.com, or by mail at:

Pacific Ally LLC
PO Box 823102
Vancouver, WA 98682
United States