Logo

Privacy Policy

Effective date: August 26, 2025

This Privacy Policy explains how SDDL (https://sddl.me) collects, uses, discloses, and safeguards information in connection with our website, dashboard, APIs, and SDKs (the “Services”).

If you use the Services on behalf of an organization, this Policy applies to the extent SDDL acts as an independent controller. Where SDDL processes personal data on your instructions, the Data Processing Addendum governs.

Note: This template is designed for a deferred deep-linking service. Adapt and confirm with legal counsel for your specific jurisdictions (e.g., GDPR/UK GDPR, CCPA/CPRA, LGPD).

1. Scope & Roles

This Policy covers personal data SDDL processes as a controller when you visit our sites, create an account, subscribe to a plan, or interact with our dashboard and marketing. For end‑user data routed through deep links (e.g., click events, device context) that you configure, SDDL generally processes as a processor on your behalf under the DPA. You are responsible for providing any required notices and obtaining consents from your end users.

2. Information We Collect

  • Account & Billing Data: name, organization, email, password hashes, billing address, plan details, and limited payment data (processed by our PSP; we do not store full card numbers).
  • Link & Domain Data: link identifiers, parameters, destinations, custom domains, DNS/SSL configuration, and related metadata.
  • Usage & Event Data: link clicks, referrer, timestamp, IP address, user‑agent, device/OS, locale, app presence, attribution parameters.
  • Diagnostics & Logs: error logs, API requests/responses (including keys hashed or truncated in logs), performance metrics.
  • Support Communications: messages, attachments, and contact details you send us.
  • Cookies & SDK signals: described in Cookies, SDKs & Analytics.

3. Sources of Personal Data

  • Directly from you (registration, domain setup, support requests).
  • Automatically via the Services (click events, logs, device context).
  • From third parties (payment processors, domain/SSL providers, analytics, or app stores, as applicable).

4. How We Use Information

  • Provide, operate, and improve the Services (including routing, attribution, and deferred deep‑linking).
  • Authenticate users; secure accounts; prevent abuse, fraud, and misuse.
  • Measure performance; generate analytics and aggregated insights.
  • Process payments; manage subscriptions; provide support.
  • Send important notices about changes, security, or service status. With your consent or as permitted by law, send marketing communications (you can opt out at any time).
  • Comply with legal obligations and enforce our Terms.

5. Sharing & Disclosures

  • Service Providers: hosting, storage, security, payments, analytics, email, customer support. We require appropriate contractual safeguards.
  • Domains & Certificates: when you connect a custom domain, relevant registrars/DNS/CDN/SSL providers may receive configuration data.
  • Legal: to comply with law, enforce agreements, or protect rights, safety, and the integrity of the Services.
  • Business Transfers: in connection with a merger, acquisition, or asset sale, subject to this Policy’s protections.
  • We do not sell personal information. We do not share for cross‑context behavioral advertising as defined by CPRA, unless explicitly stated and with the ability to opt‑out.

6. Cookies, SDKs & Analytics

We use cookies and similar technologies to operate and improve the Services, remember preferences, measure usage, and protect against abuse. Our SDKs and web tags may collect device and event data to support routing (e.g., detecting app installation) and attribution.

  • Strictly Necessary: authentication, security, rate‑limiting.
  • Performance/Analytics: usage metrics to improve features and reliability.
  • Preferences: UI and locale settings.

Where required, we obtain consent via a banner or account settings. You can manage cookies in your browser or OS settings; some features may not function without certain cookies or SDK signals.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements. By default, click‑event logs are retained for [e.g., 12 months] unless you configure a different retention period in your plan (where available). Aggregated or de‑identified data may be retained longer.

9. Security

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, monitoring, and regular backups. No method of transmission or storage is completely secure; you are responsible for maintaining the security of your account, API keys, and custom domains.

10. International Transfers

If we transfer personal data internationally, we use appropriate safeguards, such as Standard Contractual Clauses (SCCs) and additional security measures, as required by law. For UK transfers, we may use the UK IDTA/Addendum. We also consider local data residency where supported by our infrastructure.

11. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or port your personal data, and to withdraw consent at any time. You also may have the right to lodge a complaint with a supervisory authority.

  • To exercise rights, contact us at support@sddl.me. We may need to verify your identity.
  • For California residents: we do not sell personal information. You may request disclosure or deletion of your information, subject to exceptions. We will not discriminate for exercising your rights.

12. Children’s Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us so we can take appropriate steps.

13. Do Not Track & Automated Decisions

Our sites do not respond to “Do Not Track” signals. We do not engage in automated decision‑making that produces legal or similarly significant effects without human involvement.

14. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide notice (e.g., via dashboard, email, or our site) and indicate a new effective date. Your continued use of the Services after the effective date constitutes acceptance.

15. Contact

For questions or requests, contact: support@sddl.me or by mail. If you are in the EEA/UK, you may also contact our representative/DPO.