DynamicInterfacesBack to Home

Privacy Policy

Last updated: April 9, 2026

This document describes how DynamicInterfaces (“we”, “us”) processes personal data when you visit our website, create an account, or integrate our SDK in your application. It is written for the General Data Protection Regulation (GDPR) and is intended to be specific to what the product actually does — not a generic template.

1. Who is the data controller

DynamicInterfaces is the data controller for the data you provide when creating an account on dynamicinterfaces.com. When you embed our SDK in your own application and we process behavioural data of your end users on your behalf, we act as a data processor and you are the controller. A Data Processing Addendum is available on request.

2. What data we collect

Account data

  • Email address, full name, password hash (bcrypt)
  • API keys you create (only the prefix and last 4 chars are kept queryable; the full key is shown only at creation)
  • Subscription tier and Stripe customer id, if you upgrade

Product usage

  • Generation history: prompt text, AI model used, timestamp, credit cost
  • Sessions, login events, IP and user-agent for security audit
  • Page views on dynamicinterfaces.com via our internal analytics and via Microsoft Clarity (see §6)

SDK behavioural data (when you embed our SDK in your app)

  • A pseudonymous browser fingerprint to deduplicate visitors
  • Page URL, viewport size, device type, language, time zone
  • Click and scroll signals when you opt in to interaction tracking

3. Why we process it (legal basis)

  • Contract: to deliver the service you signed up for (account, generations, billing).
  • Legitimate interest: to keep the service secure and detect abuse (logs, rate limiting).
  • Consent: cookies that are not strictly necessary, including Microsoft Clarity, are loaded only after you consent in the cookie banner.

4. Where we store it

Our primary database is PostgreSQL hosted on Neon, in the EU-Central-1 region. Backups are kept in the same region. Application servers run on Vercel (regional EU edge by default for our project). Some sub-processors listed below process data in the United States; in those cases we rely on the Standard Contractual Clauses.

5. Sub-processors

  • Neon — managed PostgreSQL (EU)
  • Vercel — application hosting and CDN
  • Stripe — payment processing (only when you subscribe)
  • Resend — transactional email (verification, password reset)
  • OpenAI, Anthropic, Google AI — model inference for generation requests you submit
  • Microsoft Clarity — product analytics on the marketing site (consent-gated)

Generation prompts you send are forwarded to the AI provider you choose for that request, and only for that request. We do not fine-tune third-party models on your prompts.

6. Cookies and similar technologies

We use a single strictly-necessary cookie (auth_token) to keep you signed in. Microsoft Clarity sets analytics cookies only after you accept the cookie banner. You can withdraw your consent at any time by clearing site data.

7. Retention

  • Account and billing data: kept while your account is active and for 12 months after deletion for legal/accounting purposes.
  • Generation history: kept while your account is active; you can delete individual generations from the dashboard.
  • Security logs: 90 days.

8. Your rights (GDPR)

  • Access, rectification, erasure
  • Restriction of processing and objection
  • Data portability
  • Withdrawal of consent at any time, where consent is the legal basis
  • Right to lodge a complaint with your local data protection authority

To exercise any of these rights write to hello@dynamicinterfaces.com. We will respond within one month.

8b. Automated decisions and AI Act disclosure

Under Regulation (EU) 2024/1689 (the “AI Act”) our service is a limited-risk AI system. When the SDK or plugin personalises an interface you are visiting, we inform you by displaying a visible “✨ AI-personalized” indicator with an Undo action, and we add a machine-readable data-ai-generated attribute and <meta name="ai-generated"> tag to the page.

The personalisation is not used to produce legal or similarly significant effects on you (no credit scoring, no employment or education decisions, no access to essential services). Our supervisory authority for AI matters in Spain is AESIA.

9. Changes

We will post any changes here and update the “Last updated” date at the top of this page. Material changes will additionally be notified by email to active accounts.