DashynDashyn

Privacy Policy

Last updated: 31/01/2026

At Dashyn, we take the protection of your personal data very seriously. This privacy policy explains what data we collect, why we collect it, how we use it and what your rights are.

Data Controller

The data controller is:

Sander FERREIRA

Self-employed (Auto-entrepreneur)

SIRET: 933 691 222 00014

8 rue Jules Lopard, 77450 Esbly, France

contact@dashyn.fr

For any questions regarding your personal data, you can contact us at the address above.

Data Collected

We only collect data necessary for the operation of the service:

Account data

Name, email address, password (encrypted), profile picture (optional)

Business data (freelancers)

Trade name, SIRET number, intra-community VAT number, business address, bank details (IBAN, BIC), invoicing preferences

Client data (entered by the freelancer)

Name, email, phone, address, SIRET, billing information

Billing data

Invoices, quotes, invoice lines, amounts, due dates, payment statuses

Documents

Files uploaded by users (contracts, deliverables, etc.)

Technical data

IP address, browser type, pages visited, connection dates and times

Purposes of Processing

Your data is used exclusively for:

  • -Providing and maintaining the Dashyn service (client management, projects, invoicing)
  • -Enabling access to the client portal for your clients
  • -Processing payments via Stripe
  • -Sending you service-related notifications (invoices, portal invitations)
  • -Ensuring security and preventing fraud
  • -Improving the service (anonymised usage statistics)

We never sell your data to third parties. We do not use it for advertising purposes.

Legal Basis

In accordance with the GDPR (General Data Protection Regulation), each processing activity is based on a legal basis:

Performance of contract

Account management, invoicing, client portal — these processing activities are necessary for the performance of the service you have subscribed to.

Legal obligation

Retention of invoices and accounting data in accordance with French law (10 years for accounting documents).

Legitimate interest

Anonymised usage statistics to improve the service, platform security.

Consent

Optional marketing communications (newsletter, updates). You can withdraw your consent at any time.

Subprocessors and Data Sharing

To provide the service, we use the following subprocessors:

ServicePurposesLocalisation
StripeOnline payment processingEU / United States (Standard Contractual Clauses)
Hosting providerApplication and database hostingEuropean Union
ResendTransactional emails (invitations, notifications)United States (Standard Contractual Clauses)
Cloudflare R2Storage of uploaded documentsEuropean Union

A Data Processing Agreement (DPA) is in place with each of these subprocessors.

Data Retention

We retain your data only for as long as necessary:

  • -Account data: retained as long as your account is active, deleted within 30 days of account deletion
  • -Invoices and accounting data: 10 years (French legal requirement)
  • -Uploaded documents: retained as long as the account is active, deleted within 30 days of account deletion
  • -Technical logs: 12 months
  • -Prospect data: 3 years after last contact

Data Security

We implement technical and organisational measures to protect your data:

  • -Encrypted connections (HTTPS/TLS)
  • -Encrypted passwords (irreversible hashing)
  • -Hosted on secure servers in the European Union
  • -Restricted data access on a need-to-know basis (principle of least privilege)
  • -Regular encrypted backups

In the event of a data breach, we will notify the CNIL within 72 hours and affected users as soon as possible, in accordance with the GDPR.

Your Rights

Under the GDPR, you have the following rights:

Right of access

Obtain a copy of all personal data we hold about you.

Right to rectification

Correct inaccurate or incomplete data.

Right to erasure

Request the deletion of your data (except where legal retention obligations apply).

Right to data portability

Receive your data in a structured, machine-readable format.

Right to object

Object to the processing of your data on legitimate grounds.

Right to restriction

Request the restriction of processing in certain circumstances.

To exercise these rights, contact us at contact@dashyn.fr. We will respond within a maximum of one month.

You may also lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr

Cookies

Dashyn only uses cookies essential to the operation of the service:

  • -Session cookie (authentication)
  • -Language preference cookie
  • -Theme preference cookie (light/dark)

We do not use advertising cookies or third-party trackers. If we implement analytics tools in the future, we will inform you and request your consent.

International Transfers

Your data is hosted in the European Union. When subprocessors are located outside the EU (Stripe, Resend), Standard Contractual Clauses (SCCs) approved by the European Commission govern these transfers.

Minors

Dashyn is not intended for persons under 18 years of age. We do not knowingly collect data from minors.

Changes

We may update this privacy policy. In the event of a significant change, we will inform you by email or via a notification in the application. The last updated date is shown at the top of this page.

Contact

For any questions about this privacy policy or the processing of your personal data:

Email : contact@dashyn.fr