DARTASTIC PRIVACY POLICY
Last updated: 20 May 2026
Controller: Dartastic.io. Contact: privacy@dartastic.io.
This Privacy Policy explains how Dartastic handles personal data in connection with our website, accounts, private package registry, Symbolizer, and hosted observability services (the "Service"). It does not change the agreements that govern the Service. Where we process personal data on your behalf as a processor, the DPA also applies.
- THE TWO ROLES WE PLAY
- Controller — for personal data we collect to run our business: account, billing, and support data; website analytics; and communications.
- Processor / service provider — for telemetry and content that your applications send through the Service ("Customer Telemetry"). You are the controller of Customer Telemetry; we process it under your instructions to provide the Service. See the DPA.
- WHAT WE COLLECT
(a) Account & organization data — name, email, organization, team membership, roles, and credentials (stored via our identity/database provider). (b) Billing data — subscription tier, transaction records, and tokens handled by our payment processor (we do not store full card numbers). (c) Support data — the contents of support requests, logs, and reproduction details you choose to send us. (d) Website/usage data — standard log and analytics data when you visit our site. Analytics cookies are set only with your consent; see our Cookie Policy. (e) Customer Telemetry — traces, metrics, logs, crash data, and symbol files your applications or pipelines send. This may contain personal data depending on what your application emits and how you configure it.
- IMPORTANT: PII HANDLING IS TIER- AND CONFIGURATION-DEPENDENT
Some Dartastic builds include an on-device PII-scrubbing capability in the Pro native runtime engine that can redact certain sensitive values before telemetry leaves the device. This capability is not present on every tier, build flavor, or configuration — for example, lighter build flavors and tiers that do not include the Pro native runtime do not perform on-device scrubbing — and even where present it is configurable and is not guaranteed to detect or redact every instance of personal data. Do not assume scrubbing is active. You are responsible for what your application sends and for your own compliance. Where scrubbing is performed, it occurs on the device before egress, so cleartext values redacted by the scrubber are not transmitted to a backend.
- WHERE CUSTOMER TELEMETRY GOES
Depending on your configuration, Customer Telemetry may be sent to: (a) your own single-tenant Dartastic Hosted cluster; (b) a third-party observability backend you select and operate (for example, Sentry, Datadog, Honeycomb, or another OTLP endpoint); or (c) Dartastic infrastructure we operate for you. The Symbolizer may process obfuscated stack frames and reference your uploaded symbol files to resolve crash locations. Your routing choices determine who receives your telemetry.
- WHY WE PROCESS DATA (LEGAL BASES)
We process personal data to provide and secure the Service, perform our contract with you, comply with law, communicate with you, and pursue legitimate business interests such as preventing abuse and improving the Service. Where required, we rely on your consent (which you may withdraw).
- SHARING; SUB-PROCESSORS
We do not sell personal data. We share data with vendors that help us run the Service (for example, hosting/infrastructure, identity/database, payments, and content delivery), listed in SUBPROCESSORS.md, under contracts that protect the data. We may disclose data to comply with law or protect rights, and in connection with a merger, acquisition, or asset sale.
- INTERNATIONAL TRANSFERS
We and our vendors may process data in the United States and other countries. Where we transfer personal data internationally, we use appropriate safeguards (such as Standard Contractual Clauses) as described in the DPA.
- RETENTION
We retain account and billing data for as long as your account is active and as needed for legal, tax, and accounting purposes. Customer Telemetry on a Hosted cluster is retained per your tier's retention settings; telemetry sent to a backend you operate is governed by your own retention. See the Hosted Services Agreement.
- YOUR RIGHTS
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. Contact privacy@dartastic.io. If you are in the EEA, the UK, or Switzerland, you also have the right to lodge a complaint with your local data protection supervisory authority. For Customer Telemetry, direct data-subject requests to the relevant controller (often your organization); we will assist controllers as described in the DPA.
- SECURITY
We use commercially reasonable, industry-standard safeguards. No method of transmission or storage is perfectly secure. Report concerns to security@dartastic.io.
- CHANGES; CONTACT
We may update this Policy and will note the "Last updated" date; material changes will be communicated as required by law. Questions: privacy@dartastic.io.
Dartastic.io is operated by Mindful Software, LLC, a Wyoming limited liability company — 30 N Gould St, Ste R, Sheridan, WY 82801.
Other documents