Privacy policy
Last updated: 29/09/2025
1 · Who We Are
Dizno, Inc. (“Dizno,” “we,” “us,” “our”) operates a cloud-based design platform delivered via web, mobile applications, and public APIs.
Registered address: Via Espana, Edificio Delta Bank, Piso 6 Suite 604D Panama
2 · Scope
This Policy explains how we collect, use, disclose, store, and protect personal data (“Personal Data”) when you
visit our websites or apps,
create or manage an account,
use any service feature, or
interact with us by e-mail, chat, or social media.
A separate, short Notice at Collection appears at every point where we first request Personal Data, summarizing the categories collected, the purposes, retention periods and a link to this Policy, as required by California Civil Code § 1798.100.
3 · Personal Data We Collect, Legal Bases, and Retention
We collect or generate the following categories:
Identifiers: name, e-mail address, Internet-Protocol address, device identifiers, and transaction IDs. We process these to create and secure your account (contract) and to prevent fraud (legitimate interest, balancing test performed). They are kept while the account is open and for six months after deletion.
Commercial information: subscription plan, payment status, and metadata received from PayPal or Stripe. We process this to perform the contract and to meet tax and bookkeeping obligations (legal obligation). Records are stored for ten years.
Usage and device data: pages viewed, clicks, timestamps, crash logs, diagnostics. We process this under our legitimate interest in improving the Service (balancing test performed) and retain pseudonymized records for twenty-six months.
Authentication data: hashed one-time passwords (OTP) and login-attempt logs, processed for contract performance and fraud prevention (legitimate interest). Logs are kept for ninety days.
Preferences and consents: cookie choices and marketing opt-ins/outs, processed to honor your consent and legal rights. Stored until withdrawn plus six months.
Support content: messages, file attachments, and call recordings supplied to our support team, processed under our legitimate interest in customer support (balancing test performed), and retained for twenty-four months after the case closes.
We do not knowingly collect data from children under sixteen in the EEA/UK/Switzerland or under thirteen in the United States; any such data will be erased.
4 · How We Use Personal Data
We use Personal Data only when an appropriate GDPR lawful basis and a permitted CPRA business purpose apply. Specifically, we process data to:
register and authenticate users;
deliver, maintain, and improve the Service;
provide customer support and security alerts;
process payments and issue invoices;
send essential transactional communications;
conduct optional analytics (only with your consent);
deliver optional marketing you have expressly opted into.
You may withdraw consent at any time in the Preference Centre or by contacting us.
5 · Sale, Sharing, and Sensitive Personal Data
Dizno does not sell Personal Data, does not share it for cross-context behavioural advertising, and does not use it for automated profiling that produces legal or similarly significant effects. If these practices ever change, we will (i) update this Policy, (ii) publish a “Do Not Sell/Share My Personal Information” link, and (iii) honour the “Limit Use of My Sensitive Personal Information” right if we begin processing sensitive data beyond the narrowly-defined purposes in Cal. Civ. Code § 1798.121.
6 · Cookies and Similar Technologies
We use cookies, SDKs, and local-storage objects (“Trackers”) to run essential site functions, protect against fraud, perform anonymised analytics, and remember your preferences. In the EEA, UK, and Switzerland, non-essential Trackers load only after you click “Accept”; our banner also offers “Reject All” and “Customise” options before any non-essential cookie fires. You can modify choices at any time via the Cookie Preference Centre linked in the footer.
7 · Disclosures and Recipients
Personal Data is disclosed only to:
Service providers (AWS, Mailgun, PayPal, Stripe, Google Analytics, Hotjar, and similar) under written data-processing agreements that include Standard Contractual Clauses.
Affiliates or successors in the event of a merger, acquisition, or asset sale.
Public authorities when compelled by law or required to protect rights, safety, or property.
We require every recipient to safeguard Personal Data as mandated by the GDPR and CPRA.
8 · International Transfers
When Personal Data leaves the EEA/UK/Switzerland we rely on (a) the European Commission’s Standard Contractual Clauses (Decision EU 2021/914) plus the UK International Data-Transfer Addendum, (b) adequacy decisions such as the EU–US Data Privacy Framework, or (c) your explicit Article 49 consent for occasional transfers. You may request a copy of the SCCs by emailing privacy@dizno.com.
9 · Security and Audits
We employ administrative, technical, and physical safeguards aligned with ISO-27001, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, least-privilege access with multi-factor authentication, 24 × 7 monitoring, automated vulnerability scans, and annual penetration tests. If Dizno meets the statutory “significant risk” thresholds, we will perform yearly cybersecurity audits and documented risk assessments and will file the required CPPA attestations.
10 · Automated Decision-Making
Dizno does not make automated decisions that produce legal or similarly significant effects under GDPR Article 22. If we introduce any automated decision-making technology, we will provide advance notice, meaningful information about the logic involved and a simple opt-out mechanism, in line with the CPPA draft regulations.
11 · Your Privacy Rights and How to Exercise Them
Residents of the EEA, UK and Switzerland may request access, rectification, erasure, restriction, portability, objection or withdrawal of consent.
California residents may request to know, access, delete, correct, or port Personal Data; to opt out of sale or sharing; to limit use of sensitive data; and to be free from discrimination for exercising these rights.
Residents of other U.S. states with privacy laws enjoy comparable rights, including an internal appeal process.
To submit any request, e-mail privacy@dizno.com or use the footer links. We verify identity before acting and respond within 30–45 days, extendable as permitted. If we deny a request, you may appeal by replying to our decision; unresolved EEA/UK complaints may be lodged with your supervisory authority.
12 · Metrics Reporting
If Dizno handles ten million or more California consumer records in any calendar year, we will publish annual statistics on privacy requests and our average response times as required by § 999.317(g) CPRA regulations.
13 · Financial Incentives
We do not offer discounts, payments, or other benefits in exchange for Personal Data. Should we create such a program, we will provide a detailed description of material terms and obtain opt-in consent as required by California law.
14 · Changes to This Policy
We may amend this Policy periodically. Material changes will appear here and, where legally required, we will notify you by e-mail at least thirty (30) days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
15 · Contact
E-mail: privacy@dizno.com
Mail: Dizno, Inc., Via Espana, Edificio Delta Bank, Piso 6 Suite 604D Panama
EU and UK representatives: see Section 1 above
1 · Who We Are
Dizno, Inc. (“Dizno,” “we,” “us,” “our”) operates a cloud-based design platform delivered via web, mobile applications, and public APIs.
Registered address: Via Espana, Edificio Delta Bank, Piso 6 Suite 604D Panama
2 · Scope
This Policy explains how we collect, use, disclose, store, and protect personal data (“Personal Data”) when you
visit our websites or apps,
create or manage an account,
use any service feature, or
interact with us by e-mail, chat, or social media.
A separate, short Notice at Collection appears at every point where we first request Personal Data, summarizing the categories collected, the purposes, retention periods and a link to this Policy, as required by California Civil Code § 1798.100.
3 · Personal Data We Collect, Legal Bases, and Retention
We collect or generate the following categories:
Identifiers: name, e-mail address, Internet-Protocol address, device identifiers, and transaction IDs. We process these to create and secure your account (contract) and to prevent fraud (legitimate interest, balancing test performed). They are kept while the account is open and for six months after deletion.
Commercial information: subscription plan, payment status, and metadata received from PayPal or Stripe. We process this to perform the contract and to meet tax and bookkeeping obligations (legal obligation). Records are stored for ten years.
Usage and device data: pages viewed, clicks, timestamps, crash logs, diagnostics. We process this under our legitimate interest in improving the Service (balancing test performed) and retain pseudonymized records for twenty-six months.
Authentication data: hashed one-time passwords (OTP) and login-attempt logs, processed for contract performance and fraud prevention (legitimate interest). Logs are kept for ninety days.
Preferences and consents: cookie choices and marketing opt-ins/outs, processed to honor your consent and legal rights. Stored until withdrawn plus six months.
Support content: messages, file attachments, and call recordings supplied to our support team, processed under our legitimate interest in customer support (balancing test performed), and retained for twenty-four months after the case closes.
We do not knowingly collect data from children under sixteen in the EEA/UK/Switzerland or under thirteen in the United States; any such data will be erased.
4 · How We Use Personal Data
We use Personal Data only when an appropriate GDPR lawful basis and a permitted CPRA business purpose apply. Specifically, we process data to:
register and authenticate users;
deliver, maintain, and improve the Service;
provide customer support and security alerts;
process payments and issue invoices;
send essential transactional communications;
conduct optional analytics (only with your consent);
deliver optional marketing you have expressly opted into.
You may withdraw consent at any time in the Preference Centre or by contacting us.
5 · Sale, Sharing, and Sensitive Personal Data
Dizno does not sell Personal Data, does not share it for cross-context behavioural advertising, and does not use it for automated profiling that produces legal or similarly significant effects. If these practices ever change, we will (i) update this Policy, (ii) publish a “Do Not Sell/Share My Personal Information” link, and (iii) honour the “Limit Use of My Sensitive Personal Information” right if we begin processing sensitive data beyond the narrowly-defined purposes in Cal. Civ. Code § 1798.121.
6 · Cookies and Similar Technologies
We use cookies, SDKs, and local-storage objects (“Trackers”) to run essential site functions, protect against fraud, perform anonymised analytics, and remember your preferences. In the EEA, UK, and Switzerland, non-essential Trackers load only after you click “Accept”; our banner also offers “Reject All” and “Customise” options before any non-essential cookie fires. You can modify choices at any time via the Cookie Preference Centre linked in the footer.
7 · Disclosures and Recipients
Personal Data is disclosed only to:
Service providers (AWS, Mailgun, PayPal, Stripe, Google Analytics, Hotjar, and similar) under written data-processing agreements that include Standard Contractual Clauses.
Affiliates or successors in the event of a merger, acquisition, or asset sale.
Public authorities when compelled by law or required to protect rights, safety, or property.
We require every recipient to safeguard Personal Data as mandated by the GDPR and CPRA.
8 · International Transfers
When Personal Data leaves the EEA/UK/Switzerland we rely on (a) the European Commission’s Standard Contractual Clauses (Decision EU 2021/914) plus the UK International Data-Transfer Addendum, (b) adequacy decisions such as the EU–US Data Privacy Framework, or (c) your explicit Article 49 consent for occasional transfers. You may request a copy of the SCCs by emailing privacy@dizno.com.
9 · Security and Audits
We employ administrative, technical, and physical safeguards aligned with ISO-27001, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, least-privilege access with multi-factor authentication, 24 × 7 monitoring, automated vulnerability scans, and annual penetration tests. If Dizno meets the statutory “significant risk” thresholds, we will perform yearly cybersecurity audits and documented risk assessments and will file the required CPPA attestations.
10 · Automated Decision-Making
Dizno does not make automated decisions that produce legal or similarly significant effects under GDPR Article 22. If we introduce any automated decision-making technology, we will provide advance notice, meaningful information about the logic involved and a simple opt-out mechanism, in line with the CPPA draft regulations.
11 · Your Privacy Rights and How to Exercise Them
Residents of the EEA, UK and Switzerland may request access, rectification, erasure, restriction, portability, objection or withdrawal of consent.
California residents may request to know, access, delete, correct, or port Personal Data; to opt out of sale or sharing; to limit use of sensitive data; and to be free from discrimination for exercising these rights.
Residents of other U.S. states with privacy laws enjoy comparable rights, including an internal appeal process.
To submit any request, e-mail privacy@dizno.com or use the footer links. We verify identity before acting and respond within 30–45 days, extendable as permitted. If we deny a request, you may appeal by replying to our decision; unresolved EEA/UK complaints may be lodged with your supervisory authority.
12 · Metrics Reporting
If Dizno handles ten million or more California consumer records in any calendar year, we will publish annual statistics on privacy requests and our average response times as required by § 999.317(g) CPRA regulations.
13 · Financial Incentives
We do not offer discounts, payments, or other benefits in exchange for Personal Data. Should we create such a program, we will provide a detailed description of material terms and obtain opt-in consent as required by California law.
14 · Changes to This Policy
We may amend this Policy periodically. Material changes will appear here and, where legally required, we will notify you by e-mail at least thirty (30) days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
15 · Contact
E-mail: privacy@dizno.com
Mail: Dizno, Inc., Via Espana, Edificio Delta Bank, Piso 6 Suite 604D Panama
EU and UK representatives: see Section 1 above