Privacy Policy

Last updated: May 16, 2026

This Privacy Policy describes how Wonderdev, LLC ("Wonderdev", "we", "us", "our") collects, uses, and protects your personal information when you use the Dashtxtastic service ("the Service").

If you do not agree with this policy, do not use the Service.

1. Who We Are

Wonderdev, LLC is the data controller for personal information collected through the Service. We are organized under the laws of Florida, United States.

For privacy-related inquiries, please contact us through https://dashtxtastic.com/contact.

2. Information We Collect

2.1 Account information

When you create an account, we collect:

  • Email address (required for account identity, password reset, and transactional email)
  • Display name (optional; supplied directly or imported from a third-party identity provider)
  • Hashed password (only when you register with email + password; we never store passwords in plaintext)
  • External provider identifiers (when you sign in with Google, we receive your Google account ID, email address, verified-email status, name, and profile picture URL through OAuth)

2.2 Content you create

  • Markdown documents you upload or write in the in-app editor
  • Brand kit assets you upload (logos, color palettes, custom fonts)
  • Generated HTML dashboards produced by the Service
  • Project metadata (titles, descriptions, render mode selections, share-link slugs)

2.3 Billing information

If you subscribe to a paid tier, we collect:

  • Stripe customer ID and subscription state (tier, status, current period end)
  • Billing email address, if different from your account email

We do not collect or store payment card numbers, CVVs, or full bank account details. Those are handled directly by Stripe under its own privacy policy and PCI-DSS compliance program.

2.4 Usage and operational data

  • Server logs (IP address, user agent, request paths, response codes, timestamps)
  • Application telemetry (page views, feature usage, error reports) collected through Azure Application Insights
  • Rate-limit state (request counts per API key or user, retained briefly to enforce quotas)
  • Share-link views (slug, view timestamp, optional anonymous viewer geography for analytics)

2.5 AI prompt and response data (paid tiers)

When you use the "Iterate with AI" feature, the markdown you submit is sent to our AI provider (Anthropic) as a prompt, along with the brand and template context required to generate output. Prompts and responses are retained in our database for your reference and re-use, and may be examined in aggregate to debug or improve the feature.

3. How We Use Your Information

We use the information described above to:

  • Provide, operate, and maintain the Service
  • Authenticate you and protect your account
  • Bill you for paid subscriptions through Stripe
  • Send transactional emails (email confirmation, password reset, subscription receipts, security alerts)
  • Detect, prevent, and address fraud, abuse, security, or technical issues
  • Comply with legal obligations
  • Improve the Service through aggregate, de-identified usage analysis

We do not sell your personal information, and we do not use the content of your markdown or AI prompts to train machine learning models.

4. Legal Basis for Processing (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following bases under the GDPR:

  • Contract: processing necessary to provide the Service you have signed up for
  • Legitimate interests: securing the Service, preventing abuse, and improving the product
  • Legal obligation: complying with tax, accounting, and other applicable laws
  • Consent: where required, such as for optional cookies or marketing communications

You have the right to withdraw consent at any time where consent is the legal basis.

5. How We Share Your Information

We share information only with the following categories of recipients, all bound by confidentiality and data-protection obligations:

Recipient Purpose Data shared
Microsoft Azure Hosting, database, storage, email, telemetry All account, content, and operational data
Google LLC OAuth sign-in (only if you choose Google login) Account identifier exchange
Anthropic, PBC AI rendering for paid tiers Markdown and brand context sent as prompts
Stripe, Inc. Payment processing Billing email, subscription state
Legal authorities Compliance with valid legal process Only the minimum required by law

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. International Transfers

Wonderdev operates from the United States, and our cloud infrastructure is hosted in U.S. Azure regions. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards adopted by our sub-processors.

7. Data Retention

  • Account data: retained while your account is active and for up to ninety (90) days after closure to handle billing disputes or legal requirements
  • Content (markdown, generated HTML, brand kits): retained while your account is active; deleted within thirty (30) days of account closure
  • Share-link records: retained while the share link is active; revoked links are retained for thirty (30) days for audit, then deleted
  • Operational logs: retained for ninety (90) days
  • Billing records: retained for at least seven (7) years to comply with tax and accounting law
  • AI prompt and response history: retained while your account is active; deleted with the rest of your content on account closure

8. Your Rights

Depending on where you live, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and personal information (subject to retention requirements above)
  • Export a portable copy of your content and account data
  • Object to or restrict certain processing
  • Withdraw consent where consent is the legal basis
  • Opt out of the sale or sharing of personal information (note: we do not sell or share for cross-context behavioral advertising)
  • Lodge a complaint with your local data-protection authority

To exercise any of these rights, contact us through https://dashtxtastic.com/contact. We will respond within thirty (30) days, or as required by applicable law.

California residents have additional rights under the CCPA/CPRA, including the right to know the categories of personal information collected, the sources and purposes of collection, and the categories of third parties with whom it is shared. The information in this policy is intended to satisfy that disclosure requirement.

9. Children

The Service is not directed to children under sixteen (16) years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information without parental consent, we will delete it. Parents or guardians who believe their child has provided us with information should contact us at the address above.

10. Security

We use industry-standard technical and organizational measures to protect your information, including:

  • TLS encryption for all data in transit
  • Encryption at rest for databases and blob storage
  • Identity-based access controls for production systems
  • Secrets managed through Azure Key Vault and never stored in source code
  • Authentication via ASP.NET Core Identity with industry-standard password hashing

No system is perfectly secure. We cannot guarantee absolute security; if we become aware of a breach affecting your personal information, we will notify you and the relevant regulators within the timeframes required by applicable law.

11. Cookies and Similar Technologies

The Service uses cookies and similar technologies for:

  • Authentication (session cookie issued by ASP.NET Core Identity)
  • Anti-forgery (CSRF protection on form submissions)
  • External-login correlation (short-lived cookie used during OAuth round-trips)

We do not use third-party advertising or analytics cookies. Operational telemetry through Application Insights uses a session identifier but does not place tracking cookies on your browser.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through in-app notice or email at least fourteen (14) days before they take effect. The "Last updated" date at the top of this document indicates the most recent revision.

13. Contact

For privacy-related questions, requests, or complaints:

Wonderdev, LLC Contact: https://dashtxtastic.com/contact

Terms of Service

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.