Privacy Policy

Dino (“Dino”, “we”, “us”) provides an API quality platform — autonomous agents that test, document, and monitor APIs — available at usedino.dev and console.usedino.dev. This policy explains what we collect, why, and the choices you have.

Account data. When you sign up we collect your name, email address, and organization name. Sign-in is handled by our authentication provider (Stytch). If you sign in with Google or GitHub, we receive your basic profile (name, email) from that provider — never your password.

Customer content.The API specifications, endpoints, scan results, findings, and related configuration you submit to the platform. This is your data: we process it solely to provide the service and never use it to train models or for any purpose you haven’t asked for.

Usage data. Product analytics (pages viewed, features used) and service logs (IP address, browser type, timestamps) used for security, debugging, and improving the product.

To operate, secure, and improve the service; to authenticate you; to send transactional email (magic links, invites, alerts you configure); and to respond to support requests. We do not sell personal data, and we do not share it with third parties except the service providers below.

We rely on a small set of processors to run Dino:

• Cloudflare — hosting, storage, and network infrastructure
• Stytch — authentication and session management
• Google / GitHub — optional OAuth sign-in
• PostHog — product analytics

Each processor receives only what it needs to perform its function and is bound by its own data-protection commitments.

Organizations choose a data region at signup. Customer content is stored and processed in the selected region (for example, EU data stays in EU infrastructure). Routing metadata required to direct requests to your region is the only data stored globally.

We keep your data while your account is active. When you delete your account or organization — or ask us to — we delete associated personal data and customer content within 30 days, except where law requires longer retention or where data exists in encrypted backups that age out on a fixed schedule.

All data is encrypted in transit and at rest. Access is scoped per tenant and audited. See our security page for the full posture.

You can access, correct, export, or delete your personal data. Depending on where you live (e.g. GDPR or similar regimes), you may have additional rights such as objection or restriction of processing. Email us and we’ll honor your request: security@usedino.dev.

If we make material changes to this policy we’ll update this page and note the new date above. Significant changes will be announced to account owners by email.