Dynamicode

Deutsche Version (Datenschutzerklärung) →

Privacy Policy

Last updated: February 2026

1. Controller

The controller responsible for data processing on this website is:

dynamicode.ai
Email: privacy@dynamicode.ai

2. What Data We Collect and Why

Account Data

When you register for an account, we collect your email address, name, and password (stored as a bcrypt hash). This data is necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).

Project and Usage Data

We store the projects you create, task data, file contents, configuration settings, and activity logs. This data is processed to provide you with the development platform services as described in our terms (Art. 6(1)(b) GDPR).

Payment Data

Payment information is processed by our payment provider Stripe. We store only a reference to your Stripe customer ID and subscription status. We do not store credit card numbers or bank details on our servers. Legal basis: Art. 6(1)(b) GDPR.

GitHub Account Data

If you choose to link your GitHub account, we store your GitHub username and an OAuth access token to enable code repository operations. You can unlink your GitHub account at any time from your settings. Legal basis: Art. 6(1)(a) GDPR (consent).

Server Logs

Our servers automatically log IP addresses, browser user agents, and timestamps for security and operational purposes. These logs are retained for up to 30 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security).

Cookies

We use essential cookies for authentication and session management. With your consent, we may also use analytics cookies to understand how our platform is used. You can manage your cookie preferences at any time. Legal basis: Art. 6(1)(a) GDPR (consent) for non-essential cookies; Art. 6(1)(f) GDPR for essential cookies.

3. Data Retention

We retain your data as follows:

  • Account data: For the duration of your account and 30 days after deletion request.
  • Project data: For the duration of your account and deleted within 30 days after account deletion.
  • Payment records: 10 years as required by tax regulations.
  • Server logs: Up to 30 days.
  • Consent records: For 3 years after consent was given or revoked, as evidence of compliance.

4. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can request that inaccurate data be corrected.
  • Right to erasure (Art. 17): You can request deletion of your account and all associated data. Use the “Delete Account” feature in your account settings. After a 30-day grace period, all data will be permanently deleted.
  • Right to data portability (Art. 20): Your code is always accessible through your linked Git repositories.
  • Right to restrict processing (Art. 18): You can request that we limit how we process your data.
  • Right to object (Art. 21): You can object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@dynamicode.ai.

You also have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

5. Third-Party Processors

We use the following third-party service providers to operate our platform:

  • Hetzner Online GmbH (Germany) — Cloud infrastructure hosting for development containers and application servers. Data is processed within the EU.
  • Stripe, Inc. (USA) — Payment processing. Stripe is certified under the EU-U.S. Data Privacy Framework.
  • GitHub, Inc. (USA) — Source code hosting and OAuth authentication. GitHub is certified under the EU-U.S. Data Privacy Framework.
  • Infisical, Inc. (USA) — Secrets management for secure storage of API keys and credentials within your development environments.

6. Data Transfers Outside the EU

Where data is transferred to service providers outside the EU/EEA (Stripe, GitHub, Infisical), such transfers are protected by the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent safeguards as required by Chapter V GDPR.

7. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Tenant isolation through Kubernetes namespaces and row-level security
  • Bcrypt password hashing
  • Regular security audits and access controls
  • Network-level firewall rules restricting access to internal services

8. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or through a notice on our platform. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For any questions about this privacy policy or our data practices, contact us at: privacy@dynamicode.ai

← Back to dynamicode.ai