Legal
Privacy policy
This Privacy Policy explains how Dynamoi collects, uses, discloses, and protects information when you use our SaaS platform, iOS app, Play smart links, and related services.
- 1. Information We Collect
- 2. How We Use Your Information
- 3. Sharing and Disclosure
- 4. Data Security
- 5. Cookies and Tracking
- 6. International Transfers
- 7. Your Rights and Choices
- 8. Data Retention
- 9. Data Deletion and Play Takedown Requests
- 10. Children's Privacy
- 11. Changes to this Policy
- 12. Contact Us
Information We Collect
- Platform account data: If you create a Dynamoi account, we collect your name, email address, authentication provider metadata, and the records required to manage sessions and permissions.
- iOS app authentication data: If you use the Dynamoi iOS app, you can sign in with Sign in with Apple, Google, or email. We process the account identifiers, email address or Apple private relay email address, provider metadata, session tokens, and mobile session records needed to create, secure, refresh, and delete your account session.
- iOS app device and notification data: The iOS app sends a generated device install identifier with mobile API requests so we can rate-limit abuse, connect session-start events, troubleshoot failures, and support app functionality. If you enable push notifications when that feature is available, we may store APNs device tokens and related delivery state needed to send operational notifications, reassign tokens safely, and remove them during account deletion.
- Advertising and campaign data: When you connect Meta, Google, YouTube, or other supported networks, we process campaign configuration, performance metrics, spend, clicks, impressions, views, saves, and conversion signals to operate and optimize campaigns.
- YouTube API Services data: Dynamoi uses YouTube API Services to let you connect YouTube channels, verify YouTube channel ownership, retrieve channel and video information, validate YouTube videos and playlists for campaign setup, display YouTube content and thumbnails, and retrieve YouTube Analytics data when you grant access. Google and YouTube process information under the Google Privacy Policy at https://policies.google.com/privacy.
- YouTube data categories: YouTube data we process may include your YouTube channel ID, channel name, channel thumbnail, video and playlist identifiers, video titles, thumbnails, public statistics, YouTube Analytics reports, audience and traffic-source data, revenue or monetization metrics where you grant the required scope, OAuth tokens, granted scopes, token status, and related logs needed for security, support, quota, and troubleshooting.
- Smart-link conversion measurement: When Dynamoi runs or measures managed advertising that sends visitors to third-party smart-link pages, we may configure consent-gated conversion pixels and tag-management scripts, including Spotify Ad Analytics and Google Tag Manager on Feature.fm-powered pages, to measure page views, streaming-service clicks, save actions, and other conversion events attributed by advertising platforms. These events may include event type, page URL, opaque smart-link or release identifiers, browser and network signals, consent state, and campaign attribution parameters, but we do not intentionally send fan names, email addresses, payment details, or unrelated account content through those pixels.
- Platform connection identifiers: We store the minimum identifiers and tokens needed to keep integrations working, such as Meta page IDs, YouTube channel IDs, Spotify artist IDs, and encrypted refresh tokens when applicable.
- Music metadata and market data: We may process artist, release, genre, artwork, playlist, chart, audience, and related public music-market metadata from connected platforms, public sources, and third-party music data providers to verify artist identity, enrich Smart Links, support campaign planning, and prepare aggregate reporting.
- Public Play smart-link visits: When someone visits a public Play smart-link page or clicks a streaming-service destination, we collect analytics such as page-view or click event type, an anonymous browser identifier, opaque Play link and release identifiers, destination service, normalized UTM fields, approximate country from our edge provider, page URL path, theme, and technical logs needed for security, bot filtering, attribution, and aggregate reporting. Public Play pages do not require fan accounts or fan authentication. Unless separately disclosed for a new feature, Play analytics events do not include raw artist names, fan emails, Spotify URLs, or user-supplied notes.
- Play page creation, claim review, and takedown data: When a Dynamoi account holder creates or manages a Play page, we process Spotify artist, album, or track URLs and identifiers, Spotify-sourced metadata and cover art, Odesli or backfilled destination links, ownership or claim-review records, takedown or report records, and promote-intent records when the account holder asks about promoting a release.
- iOS Spotify preview and Smart Link data: When you paste a Spotify artist URL in the iOS app or manage Smart Links on iPhone, we process Spotify artist, album, track, artwork, and destination-link metadata; your Smart Link descriptions and settings; share or promote-intent requests; and related mobile API records needed to render, update, and report on your links.
- Analytics, logs, and support data: We use analytics, structured logging, and support systems to understand product usage, diagnose failures, answer support requests, and keep the platform secure. In the iOS app, current product analytics are limited to allowlisted mobile auth and promote events such as auth start, auth completion, auth failure, and promote CTA taps.
- Billing and shop checkout data: Stripe processes payment information. We receive limited billing details, customer IDs, subscription status, order status, package metadata, receipt and invoice metadata, payment status, refund or dispute records, fraud-warning or risk signals, attribution parameters, and lifecycle-email status needed to fulfill paid services, answer billing questions, and protect the service. We do not store full card numbers.
- Billing disputes and fraud evidence: We may collect and retain account, session, IP, device, campaign setup, usage, support, receipt, refund, fraud-warning, and dispute evidence records needed to investigate suspicious payments, answer billing questions, issue credits or refunds, prevent abuse, or respond to chargebacks.
How We Use Your Information
- Service delivery: Operate the Dynamoi platform, iOS app, Play smart links, reporting surfaces, campaign workflows, and related support systems.
- Campaign management and attribution: Launch, manage, measure, and improve campaigns, including conversion attribution and revenue-oriented reporting where applicable.
- Ad measurement and reporting: Measure whether advertising exposures or clicks are followed by smart-link activity, streaming-service clicks, saves, or other conversion events, including attribution reported by advertising and analytics providers.
- Product quality and security: Detect fraud, prevent abuse, troubleshoot issues, understand usage patterns, refresh mobile sessions, protect account deletion flows, and improve reliability.
- Play analytics and reporting: Measure public Play page views, streaming-service clicks, promote-intent activity, catalog ingestion, destination-link backfills, bot filtering, and daily aggregate reporting for creators. Play analytics is designed to use opaque identifiers and normalized event fields rather than raw fan identity data.
- Communications: Send essential lifecycle, transactional, billing, and support communications related to your use of Dynamoi.
- AI-assisted workflows: Generate campaign copy, content suggestions, or supporting creative workflows using approved AI providers. We do not intentionally share full payment credentials or unrelated personal data with those providers.
Sharing and Disclosure
We share information only when necessary to provide the service, comply with law, protect the platform, or work with trusted infrastructure partners such as Stripe, Supabase, Vercel, PostHog, Apple, Google, Meta, Spotify, Soundcharts, Resend, and other providers directly involved in Dynamoi operations.
For YouTube API Services data, we use this information to operate YouTube channel connections, show reporting to you and authorized team members, validate campaign inputs, maintain data freshness, troubleshoot errors, prevent abuse, and support managed campaign workflows. We may share it with Dynamoi personnel and systems that need it to provide the service, with service providers that host, secure, log, analyze, or warehouse the service for us, and with Google or YouTube when we make API requests. We do not sell YouTube API Data.
Dynamoi features may allow third parties to serve content, including advertisements, embedded players, campaign ads, analytics tags, smart-link destinations, or other provider content, depending on the feature you use.
For the iOS app, Sign in with Apple, Google sign-in, Supabase Auth, PostHog analytics, Spotify metadata lookups, APNs, and email infrastructure may process the limited data needed for authentication, app functionality, analytics, notifications, and transactional messages. Apple private relay addresses are treated as account email addresses and are used only for account, support, and transactional communications.
Play-related and campaign-link providers may include edge/CDN providers used for routing, security, country-based consent logic, and bot filtering; analytics and ad-measurement providers used for privacy-minimized event measurement and conversion attribution; music metadata, market-data, and link-resolution providers such as Spotify, Soundcharts, and Odesli; tag-management and smart-link providers such as Google Tag Manager and Feature.fm; and destination streaming services that receive a visitor when the visitor chooses to click a streaming-service link.
For billing, fraud, refund, and chargeback matters, we may share relevant account, checkout, receipt, campaign, usage, support, IP, device, provider, refund, and communications records with Stripe, card networks, banks, service providers, legal advisors, or law enforcement when appropriate to investigate, prevent abuse, respond to disputes, or enforce agreements.
We may disclose information if required by law, to enforce our agreements, or to investigate suspected fraud, abuse, or security incidents.
Data Security
We use technical, administrative, and organizational safeguards to protect data. Sensitive credentials and refresh tokens are encrypted server-side and access is restricted to authorized systems and personnel.
No system is perfectly secure, but we design our infrastructure to minimize exposure, reduce blast radius, and log security-relevant events for investigation.
Cookies and Tracking
Dynamoi uses cookies, analytics tools, conversion pixels, and related technologies on the main site, dashboard, checkout, campaign workflows, and public Play smart-link pages to support authentication, attribution, fraud prevention, service delivery, and measurement. Play uses direct PostHog browser analytics with stable anonymous browser identifiers, automatic pageview and pageleave measurement, autocapture and session replay disabled, and explicit custom events only for fan actions such as streaming-service clicks.
The current Dynamoi iOS app does not use the IDFA, does not request App Tracking Transparency permission, and does not intentionally use iOS app data to track users across other companies' apps or websites for advertising. Mobile analytics events are used for app functionality, reliability, and product analytics, and App Store privacy answers should be kept in sync if this changes.
Some managed campaign links are hosted by third-party smart-link providers rather than Play. Where those pages use Dynamoi-controlled tags or pixels, such as a Spotify Ad Analytics pixel installed through Google Tag Manager on Feature.fm-powered pages, the purpose is advertising measurement and conversion attribution. Non-essential advertising tags should respect the consent controls available on the smart-link page where required by applicable law.
For visitors in regions where consent is required for non-essential cookies or similar technologies, Play may use country information from our edge provider to decide whether to show a consent banner before setting non-essential storage. Visitors can decline non-essential storage without losing access to public Play pages.
You can control many browser-level cookies directly in your browser settings. On Apple devices, you can also manage Sign in with Apple and Hide My Email forwarding in Apple Account settings. Blocking some cookies or platform controls may degrade product behavior.
International Transfers
Dynamoi and its infrastructure partners may process data in the United States and other countries where our providers operate. By using the service, you understand that your information may be transferred to jurisdictions with different privacy laws than your home country.
Your Rights and Choices
- Access and correction: You may request access to the personal data we hold about you and ask us to correct inaccurate information.
- Deletion: You may request deletion of eligible personal data, subject to legal, contractual, security, and fraud-prevention retention requirements.
- Marketing preferences: You can opt out of non-essential marketing emails using unsubscribe links or by contacting us directly.
- Additional rights by location: Depending on where you live and how we process your data, you may also have rights to object to certain processing, restrict processing, request portability, withdraw consent where processing is based on consent, or appeal a privacy decision.
Data Retention
We retain data only as long as necessary to operate the service, comply with legal obligations, resolve disputes, enforce agreements, and preserve financial or security records. Exact retention periods vary by data type.
YouTube authorization tokens are stored only as long as needed to provide YouTube-connected features based on active user consent. When we detect revocation or that a YouTube authorization token can no longer be refreshed, we delete related YouTube API Data as soon as possible and within 30 calendar days.
Billing, refund, fraud, dispute, campaign, usage, and support records may be retained for the time needed to satisfy payment-processor, card-network, accounting, tax, legal, fraud-prevention, security, and dispute-resolution requirements, even after an account is closed or deleted.
Mobile session records, device install identifiers, APNs tokens, and mobile analytics records are retained only as long as needed for app functionality, security, troubleshooting, reporting, and legal or operational obligations. APNs tokens and active mobile sessions are removed or invalidated as part of verified account deletion where technically possible.
Play analytics may be retained as event-level records long enough to produce daily aggregate reporting, troubleshoot abuse, and maintain platform integrity; aggregate analytics, promote-intent records, takedown records, and tombstone records may be retained longer where needed for reporting, dispute resolution, fraud prevention, legal obligations, or service integrity.
Data Deletion and Play Takedown Requests
To request account or data deletion, email support@dynamoi.com from the email address associated with the account, use the in-app deletion flow in the iOS app when signed in, or include enough information for us to verify ownership. Some records may be retained where required for billing, fraud prevention, legal obligations, or legitimate business recordkeeping.
You can disconnect YouTube in Dynamoi or contact support to request deletion of stored YouTube data associated with your connection. When you request deletion or disconnect through Dynamoi, we delete eligible stored YouTube Authorized Data as soon as possible and within 7 calendar days. You can also revoke Dynamoi's access in your Google Account third-party connections settings at https://myaccount.google.com/connections?filters=3,4&hl=en. Deleting data stored by Dynamoi does not delete data stored by YouTube; to delete content or data from YouTube, use YouTube's own applications and controls.
For accounts created or signed in with Sign in with Apple, Dynamoi attempts to revoke the associated Sign in with Apple token during verified account deletion when the required Apple credential material and revocable token are available. You can also manage or stop using Sign in with Apple for Dynamoi in your Apple Account settings.
Public Play page takedown requests are handled separately from account deletion requests. A takedown request may cause a Play page to be unpublished, return a 410/tombstone response, or be removed from public indexes, while Dynamoi may retain limited records needed to process the request, prevent abuse, resolve disputes, comply with law, or document platform integrity decisions.
Children's Privacy
Dynamoi is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will investigate promptly.
Changes to this Policy
We may update this Privacy Policy as the service evolves. Material changes will be reflected by updating the effective date and, where appropriate, by providing additional notice.
Contact Us
For privacy questions, deletion requests, or security concerns, email support@dynamoi.com. For privacy requests, mark your message as "Privacy Request." For Play page rights, impersonation, or takedown requests, use the takedown link on the relevant Play page where available or include "Play Takedown Request" in your email.