← Legal Center

Legal document

Privacy Policy

How dnoise collects, processes, stores, and protects personal and business data.

Version: v7.1

Effective: April 5, 2026

Applies to: Business customers only

Contents

1. Data Collection

2. Stripe OAuth Token Management

3. Retention

4. Consent Logging

5. Complaints Procedure

6. Data Sharing

7. Your Rights

8. Children

9. Changes

Section 1

Data Collection

Data About dnoise Users

Registration data: email, hashed password, business name / company identifier.
Technical data: IP address (at registration and at each payment), browser type, user agent string, device info, usage logs.
Account data: subscription plan, billing history, connected Stripe account identifiers.
Consent logs: IP, timestamp, user agent, document version, checkbox identifier per consent event — immutable.
Support communications.
Payment data: cryptocurrency payment requests are processed through NOWPayments; we may store customer email, payment IDs, order IDs, wallet addresses, quoted amounts, statuses, and related provider/webhook payloads. We do not store full card numbers or CVV because the current live public checkout does not use card processing.
OAuth token status: active/revoked status per connected Stripe account, with revocation timestamps.

End Customer Data (from Connected Stripe Accounts)

When a User connects their Stripe account, dnoise accesses End Customer data: full email addresses, names, billing country, transaction data, and subscription details. This data is used exclusively to generate analytics for the User and is never sold, shared with third parties for commercial purposes, used for advertising, or used to contact End Customers directly.

We recommend that Users include in their own privacy policies a disclosure that their customer data is processed by dnoise as a data processor. Template language is available at https://dnoise.online/legal.

️ The User is the Data Controller for End Customer data and is responsible for ensuring a lawful basis exists for this processing.

Section 2

Stripe OAuth Token Management

Upon Stripe account connection, dnoise stores the OAuth access token in encrypted form to maintain continuous read-only data access. The Company implements the following token lifecycle management:

Active subscription: token is maintained and refreshed as required.
Voluntary disconnection by User: token is immediately revoked and the 30-day data deletion countdown begins automatically.
Subscription cancellation: token is automatically revoked at the end of the paid billing period. The 30-day data deletion countdown begins automatically without requiring a separate User request.
Subscription termination (by Company): token is revoked immediately.
Subscription suspension (failed payment): token is maintained during the 14-day grace period. If the account is terminated, the token is revoked immediately upon termination.

️ OAuth tokens are never retained beyond the end of the User’s active subscription. Retaining access tokens without an active contract would violate GDPR’s data minimization principle and is explicitly prohibited by Company policy.

Section 3

Retention

Transactional records (invoices)

5 years — Ukrainian tax law

Anti-fraud identifiers (hashed only)

36 months — fraud prevention; hashes cannot be reversed to identify individuals

Consent logs

3 years — legal defense; append-only, never deleted

End Customer data from Stripe

Deleted or anonymized automatically within 30 days of Stripe disconnection, OR earlier upon explicit User request

Active account data

Retained while subscription is active

Post-cancellation account data

Deleted within 30 days of explicit deletion request

OAuth token

Revoked automatically at end of active subscription; not retained beyond active contract

Security incident logs

5 years — legal obligation

️ Full Data Retention Schedule in Annex A.

Section 4

Consent Logging

We maintain an immutable, append-only log of all consent events. Each record includes: IP address, timestamp (UTC), user agent string, document version, and checkbox identifier. These logs are stored securely and used primarily for legal defense and compliance. Aggregated, anonymized statistics may be used for service improvement.

These logs constitute prima facie evidence of the User’s informed acceptance. The User bears the burden of proving that consent was not validly given.

Section 5

Complaints Procedure

If you have a complaint about our data processing:

Contact us at admin@dnoise.online. We will respond within 30 days.
If not resolved satisfactorily, you may lodge a complaint with your national data protection authority.

For Ukrainian residents: Ukrainian Parliament Commissioner for Human Rights (Ombudsman).

Section 6

Data Sharing

Recipient	Location	Purpose
NOWPayments	Third-party service location as published by provider	Cryptocurrency payment-request creation, payment status updates, and webhook notifications for User subscription purchases
Stripe Inc.	USA	Source of analytics data via OAuth (separate controller, not a sub-processor of dnoise)
Hetzner Online GmbH	Germany	Hosting and infrastructure
Google LLC	USA	Analytics — with User consent where required
Legal / regulatory authorities	Various	When required by applicable law

Transfers outside the EEA use Standard Contractual Clauses (SCCs). Copies available at admin@dnoise.online.

Section 7

Your Rights

You may have the right to access, correct, delete, port, or object to processing of your data. Contact admin@dnoise.online. We respond within 30 days (extendable to 3 months for complex requests, with prior notice). Identity verification may be required.

Section 8

Children

Service not intended for individuals under 18. We do not knowingly collect data from minors.

Section 9

Changes

Material changes communicated at least 14 days before effect. Email deemed delivered 24 hours after sending.

Legal questions

admin@dnoise.online

Privacy & data requests

admin@dnoise.online

Security disclosures

admin@dnoise.online

Back to Legal Center Home