Privacy Policy

1. Scope

This Privacy Policy explains how Dregs ("we", "us", "our") handles information about website visitors, prospective customers, account holders, and business contacts. It also explains, at a high level, how we handle information our customers submit through the Dregs platform ("Service").

When we handle account, billing, support, and website usage information for our own business purposes, Dregs acts as a controller or business. When we process personal data our customers submit through the Service ("Customer Data"), Dregs generally acts as a processor or service provider on the customer's behalf. In that case, the customer's instructions, our Data Processing Agreement, and the customer's own privacy disclosures govern that processing.

2. Information We Collect

Account and Business Contact Information

When you create an account, request a demo, contact us, or otherwise interact with Dregs, we may collect your name, email address, team or company name, billing contact details, subscription information, support communications, and account credentials. Passwords are stored in hashed form rather than plaintext.

Customer Data You Submit Through the Service

Through the Dregs tracking script, API, dashboard, or related features, customers may submit event data, device and browser information, IP addresses, user identifiers, names, emails, and other profile or fraud-analysis data they choose to send to the Service.

Please do not submit passwords, full payment card numbers, government-issued identification numbers, or special-category or similarly sensitive personal data unless we have expressly agreed in writing that the Service is intended to receive it and you are legally permitted to provide it.

Automatically Collected Information

When you use our website or dashboard, we may collect server logs, approximate location derived from IP address, browser and device information, pages or features accessed, and information stored using session storage, local storage, or similar browser technologies.

3. How We Use Information

We use information we collect to:

• Provide, operate, authenticate, and support the Service
• Process billing, manage accounts, and communicate with customers and prospects
• Detect, investigate, and prevent fraud, abuse, misuse, and security incidents
• Maintain, troubleshoot, monitor, and improve the reliability and usability of the Service
• Develop product features using feedback and, where practicable, aggregated or de-identified information
• Comply with law, enforce our agreements, and protect our rights and the rights of others

We do not sell Customer Data, and we do not use Customer Data for third-party advertising.

4. Legal Bases

Where Dregs acts as controller for account, website, support, or business contact information, we typically rely on one or more of the following legal bases: performance of a contract, legitimate interests such as securing and improving the Service, consent where required, and compliance with legal obligations.

Our customers are responsible for establishing an appropriate legal basis for the Customer Data they choose to submit through the Service.

5. Sharing Information and Sub-Processors

We share information only as reasonably necessary to operate the Service and our business, including with infrastructure providers, payment processors, email providers, professional advisers, and service providers that support optional features you request. Our current customer-data sub-processors are listed on our Sub-Processors page.

If you request an AI-assisted identity review, relevant Customer Data may be shared with the applicable model provider for that review. We may also disclose information if required by law, to respond to lawful requests, in connection with a merger, acquisition, financing, or reorganization, or to protect the Service, Dregs, our customers, or others.

6. International Transfers

We and our service providers may process information in the European Union, the United States, and other countries where we or our providers operate. Where required, we use contractual or other legally recognized safeguards for cross-border transfers.

7. Data Retention

We retain account, billing, sales, and support information for as long as needed to provide the Service, maintain our relationship with you, comply with law, resolve disputes, and enforce agreements.

Customer Data is generally retained for the duration of the applicable account or subscription. After account closure or a verified deletion request, we delete or de-identify Customer Data within a reasonable period, subject to legal obligations, fraud-prevention needs, and routine backup or disaster recovery retention.

8. Data Security

We use administrative, technical, and organizational safeguards designed to protect information, including measures such as encryption in transit, access controls, authentication protections, and rate limiting. Additional details are available in our Security Policy.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Cookies and Similar Technologies

The dashboard uses browser storage, including session storage and local storage, for authentication and user experience features. The Dregs tracking components may use browser storage and device or browser fingerprinting techniques to help distinguish devices and sessions for fraud detection and security analysis.

We do not use Customer Data collected through the Service for cross-context behavioral advertising. You are responsible for determining what notices, consents, and configuration choices are appropriate for your implementation of the Dregs tracking script.

10. Advertising

We run paid advertising campaigns and use third-party advertising services to measure the effectiveness of those campaigns. This may involve capturing campaign and click attribution information from URL parameters and your browsing context, associating that information with your account if you create one, and sharing attributed conversion data with our advertising providers. We may limit these activities to certain regions where we run campaigns.

We do not use any of this data for cross-context behavioral advertising. You can opt out of personalized advertising through your ad platform's settings, or contact us at privacy@dregs.com to request deletion of attribution data associated with your account.

11. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or object to certain processing of personal data that Dregs controls directly. You may also have the right to data portability or to withdraw consent where processing is based on consent.

If your request relates to Customer Data that Dregs processes on behalf of one of our customers, you should direct the request to that customer first. We will assist our customers with such requests where required by law or contract.

To exercise privacy rights or make a request, contact us at privacy@dregs.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version here and update the "Last updated" date. Material changes will become effective when posted unless a later date is stated.

13. Contact

If you have questions about this Privacy Policy or our privacy practices, contact us at privacy@dregs.com.