Privacy Policy

Version 1.0 · Effective: 27 April 2026

Data controllerDisplaydev OÜ, Ankru 8-23, Tallinn, 11713, Estonia
Privacy contact[email protected]
Primary regulationEU General Data Protection Regulation (GDPR)
Data collectedAccount info, organisation info, usage events, billing status, page views, session replay recordings, guest access events, aggregate artifact view counts, security/audit logs
Key sub-processorsNeon (US + SCC), PostHog (EU), Stripe (US + SCC), Cloudflare (global + SCC), Fly.io (US + SCC), Postmark (US + SCC)
Key user rightsAccess, rectification, erasure, restriction, portability, objection, supervisory authority complaint
Retention (overview)Account data: until deletion + 30 days; Billing: 7 years; Usage events: account lifetime; Session replay: 30 days; View counts: account lifetime; Guest events: account lifetime; Audit logs: account lifetime
Data sellingWe do not sell personal data

Introduction

This Privacy Policy explains how Displaydev OÜ ("Displaydev", "we", "us", "our"), a company registered in Estonia (EU), collects, uses, stores, and shares personal data when you use display.dev and its associated services (collectively, the "Service").

Displaydev OÜ is the data controller for personal data processed under this policy.

We are subject to the EU General Data Protection Regulation (GDPR) and, where applicable, other national data protection laws. If you have questions or wish to exercise your rights, contact us at [email protected].

1. What Personal Data We Collect and Why

We collect only the data necessary to provide and improve the Service.

Data categoryWhat we collectPurposeLegal basis (GDPR Art. 6)Retention
Account dataFull name, email address, account creation timestampCreate and manage your account; authenticate youContract — Art. 6(1)(b)Until account deleted, then purged within 30 days
Organisation dataOrganisation name, URL slug, email domainProvision your organisation; associate membersContract — Art. 6(1)(b)Until organisation deleted, then purged within 30 days
Usage eventsActions taken in the product: artifact publish, update, delete, rollback; organisation creation; API key creation; onboarding completion; branding changesUnderstand how the product is used; improve features; detect abuseLegitimate interest — Art. 6(1)(f)Account lifetime
Billing dataSubscription plan, billing tier, payment status — payment card details are handled exclusively by Stripe and never stored on our serversProcess payments; enforce plan limitsContract — Art. 6(1)(b)7 years (Estonian Accounting Act obligation)
Page views and navigation (in-app, signed-in users)URLs visited inside the authenticated product; page-leave eventsMeasure engagement; improve UXLegitimate interest — Art. 6(1)(f)Account lifetime
Page views and navigation (display.dev marketing site)URLs visited on display.dev; page-leave eventsMeasure engagement; improve UXConsent — Art. 6(1)(a), collected only if you accept the cookie banner2 years (only for visitors who accepted)
Session replay (in-app, signed-in users)Recordings of authenticated app sessions: mouse movements, clicks, scroll position, page structure, and DOM state via PostHog's rrweb-based session replay. Form input values are masked in-browser before transmission. Browser console logs are captured alongside the recordingDiagnose user-facing issues; understand product frictionLegitimate interest — Art. 6(1)(f)30 days
Session replay (display.dev marketing site)As above, recorded only when you accept the cookie bannerDiagnose marketing-site UX issuesConsent — Art. 6(1)(a), collected only if you accept the cookie banner30 days
Guest access eventsEmail address of guest viewers who authenticate via one-time code; identifier of the artifact accessedGate access to private artifactsContract — Art. 6(1)(b)Account lifetime
Artifact view countsAggregate view count per artifact per day — no viewer identity is storedShow publishers how their content is performingContract — Art. 6(1)(b)Account lifetime
Security and audit logsAdministrative actions: member invites, permission changes, SSO configurationSecurity monitoring; complianceLegitimate interest — Art. 6(1)(f)Account lifetime

Where we rely on legitimate interest (Art. 6(1)(f)), the processing is proportionate and limited to what is necessary. Data is aggregated where possible. You retain the right to object at any time (see Section 4).

2. How We Collect Personal Data

Directly from you — when you create an account, set up an organisation, configure billing, contact support, or otherwise interact with the Service.

Automatically inside the authenticated product — when you use the signed-in Service, we collect usage events, page views, and device/session information through our analytics tooling (PostHog) on a legitimate-interest basis.

On the display.dev marketing site — only with your consent — PostHog is not loaded until you click Accept in our cookie banner. If you decline, we do not initialise PostHog and do not send any analytics events from the marketing site. You can change your choice at any time from the Cookie settings link in the footer.

Via social login — if you sign in with Google or Microsoft, those providers share your name and email address with us to create or authenticate your account. Google and Microsoft act as independent data controllers for their own authentication services and are not sub-processors of display.dev.

From third parties — Stripe provides payment-related status signals (e.g. subscription renewal success or failure). We do not purchase or receive personal data from data brokers.

3. Cookies and Tracking

Cookie / trackerPurposeTypeConsent required?
Session cookie (HTTP-only)Maintains your authenticated session after loginStrictly necessaryNo
PostHog analytics (in-app, identified users)Tracks product usage for identified (logged-in) usersAnalyticsNo (legitimate interest; opt-out available)
PostHog analytics (display.dev marketing site)Tracks page views and navigation on the marketing siteAnalyticsYes — opt-in via cookie banner
PostHog session replay (in-app, identified users)Records in-app sessions (inputs masked) for diagnostics and UX researchAnalyticsNo (legitimate interest; opt-out available)
PostHog session replay (display.dev marketing site)Records marketing-site sessions (inputs masked)AnalyticsYes — opt-in via cookie banner

Analytics on display.dev (PostHog) is loaded only after you accept via our cookie banner. If you decline, we do not initialize PostHog and do not send any analytics events. You can change your choice at any time from the Cookie settings link in the footer.

We do not set advertising cookies, cross-site tracking cookies, or third-party social media pixels. You can manage cookies through your browser settings. Disabling the session cookie will prevent you from logging in.

The full inventory of cookies and browser-storage keys across display.dev and dsp.so is listed in our Cookie Policy.

3a. Aggregate analytics on dsp.so

We operate a separate public-artifact origin, dsp.so, where published artifacts are served to viewers. On that origin we run no third-party client-side analytics. We do record two streams of server-side telemetry, without setting cookies on your browser:

  • Aggregate view counts — per-artifact, daily view buckets, so publishers can see how many people read their content. No viewer identity is stored.
  • Publish-to-claim funnel — for publicly-claimable artifacts we record the first and second distinct IP (hashed with a server-side secret before persistence) to measure whether viewers actually claim the URL. Exactly two events per artifact, then no further tracking.

Both are processed on a legitimate interest basis under GDPR Art. 6(1)(f): pseudonymised inputs, capped scope, no behavioural profiling. You have the right to object (see Section 4). For the full enumeration of cookies and storage keys on dsp.so, see the Cookie Policy.

4. Your Rights Under GDPR

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data, subject to our retention obligations (e.g. billing records retained for 7 years by law).
  • Right to restriction of processing — request that we limit how we use your data while a dispute is resolved.
  • Right to data portability — receive your personal data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest (Art. 6(1)(f)). We will stop processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or the supervisory authority in your EU member state of residence.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

4a. Rights for US State Residents

If you are a resident of California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (CDPA), or Utah (UCPA), you have rights under your state's privacy statute that parallel the GDPR rights in §4:

  • Right to know — request the categories of personal data we collect, the sources, purposes, and the sub-processors we share it with (see §5).
  • Right to delete — request deletion of your personal data, subject to the retention obligations in §10.
  • Right to correct — request correction of inaccurate data.
  • Right to opt out of sale or sharing — we do not sell personal data or share it for cross-context behavioural advertising, so no opt-out is needed.
  • Right to limit use of sensitive personal information — we do not process sensitive categories as defined by these statutes.
  • Right to non-discrimination — exercising any of these rights will not change your service or pricing.

To exercise any right, email [email protected]. We respond within 45 days as required by CCPA; for complex requests we may extend by a further 45 days and will notify you.

5. Sub-processors and Data Sharing

We share personal data only with the sub-processors listed below, each bound by a Data Processing Agreement. We do not sell personal data to third parties.

ProcessorData sharedPurposeLocationTransfer mechanism
NeonUser accounts, org data, viewer access events, billing records, audit logsPrimary databaseUnited StatesStandard Contractual Clauses (SCCs)
PostHogUser ID, email, usage events, page viewsProduct analyticsEU (eu.posthog.com)— (EU region; no third-country transfer)
StripeBilling contact details, subscription statusPayment processingUnited StatesStandard Contractual Clauses (SCCs)
CloudflareArtifact view counts (aggregate); CDN cacheCDN, artifact deliveryGlobal (EU primary where available)Standard Contractual Clauses (SCCs)
Fly.ioAll data processed by the APIApplication hostingUnited States (Ashburn, VA)Standard Contractual Clauses (SCCs)
PostmarkEmail address, one-time-password codes, invite recipient addressesTransactional email (sign-in OTPs, guest invites, account notifications)United StatesStandard Contractual Clauses (SCCs)

We may also disclose personal data to legal authorities if required by applicable law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights or the safety of others.

6. International Data Transfers

Displaydev OÜ is based in Estonia (EU/EEA). Some sub-processors are located in or process data in the United States or other third countries outside the EU/EEA. Where we transfer personal data to third countries, we rely on EU Standard Contractual Clauses (SCCs) as the transfer mechanism. You may request a copy of the applicable SCCs by contacting [email protected].

7. Data Security

We apply industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. This includes encryption of data in transit and at rest, access controls on production systems, and security monitoring of administrative actions.

No system is completely secure. If you believe your account has been compromised, contact us immediately at [email protected].

8. Children's Privacy

The Service is not directed at children under the age of 16 and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly. Contact us at [email protected] if you believe we have inadvertently collected such data.

The Service may contain links to third-party websites or services. This Privacy Policy applies only to display.dev. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies.

10. Data Retention

Data categoryRetention period
Account and organisation dataDuration of account/organisation, then purged within 30 days of deletion
Usage events and in-app page viewsAccount lifetime
Session replay recordings30 days
Billing records7 years (Estonian Accounting Act obligation)
Guest access eventsAccount lifetime
Artifact view counts (aggregate)Account lifetime
Security and audit logsAccount lifetime

Data subject to a fixed retention period is deleted or anonymised once that period elapses. Data retained for the lifetime of your account is deleted within 30 days of account closure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by a prominent notice within the Service, at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

Displaydev OÜ Ankru 8-23, Tallinn, 11713, Estonia

[email protected]

We aim to respond to all requests within 30 days. For complex requests, we may extend this period by a further two months and will notify you accordingly.