Privacy Policy - Design Dream

1. Introduction

Design Dream ("we," "us," or "our") is operated by Christopher Carter, a sole proprietorship based in Texas, United States. We are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our subscription-based design and development service. This policy applies to all users of designdream.is and related services.

By using Design Dream, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

2.1 Information You Provide Directly

When you subscribe to Design Dream or interact with our service, you provide us with the following information:

Account Information: Name, email address, password, company name (optional)
Payment Information: Credit card details, billing address, and payment history (processed securely by Stripe—we do not store your full payment card details)
Project Information: Design briefs, project requirements, task descriptions, feedback, files, images, logos, and any other materials you upload or share through your Trello kanban board
Communication Data: Messages, comments, emails, and other communications exchanged with us through Trello, email, or Google Calendar
Support Requests: Information you provide when contacting customer support

2.2 Information Collected Automatically

When you visit our website or use our service, we automatically collect certain information:

Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths
Device Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences
Analytics Data: Aggregate, anonymized data collected via Google Analytics (with Consent Mode v2)
Log Data: Server logs, error reports, access times, and system diagnostics
Cookies: Minimal essential cookies for authentication and functionality (see Section 8)

2.3 Information from Third-Party Services

We use trusted third-party services to operate Design Dream. These services may share certain information with us:

Stripe: Payment status, transaction details, billing history, and subscription status
Trello: Task activity, project data, comments, file attachments, and board interactions
Google Calendar: Appointment scheduling data, meeting times, and calendar availability
Supabase: User authentication, database records, and session management

3. How We Use Your Information

We collect and use your personal information for the following purposes:

3.1 Provide the Service

Process your subscription and manage your account
Deliver design and development work according to your requests
Manage projects and tasks through your Trello kanban board
Communicate with you about your projects and provide updates
Schedule meetings and consultations via Google Calendar
Deliver completed files, designs, and code

3.2 Process Payments

Charge subscription fees and process payments via Stripe
Issue invoices and receipts
Handle refund requests and cancellations
Prevent fraud and unauthorized transactions
Maintain accurate billing and tax records

3.3 Improve Our Service

Analyze usage patterns and user behavior to improve features
Fix bugs, errors, and technical issues
Develop new features and enhancements
Conduct research and testing to optimize user experience
Gather feedback and measure customer satisfaction

3.4 Security and Legal Compliance

Protect against fraud, abuse, and security threats
Enforce our Terms & Conditions and other policies
Comply with legal obligations, including tax laws and regulations
Respond to legal requests, court orders, and government inquiries
Protect our rights, property, and safety, as well as those of our users

3.5 Marketing (With Your Consent)

Send promotional emails, newsletters, and service updates (you can opt out anytime)
Share company news, blog posts, and case studies
Notify you of new features, services, or special offers

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide the service, manage your subscription, deliver work, and fulfill our contractual obligations to you.

Legitimate Interests

Processing necessary for our legitimate business interests, including improving service quality, preventing fraud, ensuring security, analyzing usage, and conducting business operations—provided these interests do not override your rights.

Legal Obligation

Processing required to comply with legal and regulatory requirements, including tax laws, financial record-keeping, and responding to lawful government requests.

Consent

Processing based on your explicit consent for marketing emails, newsletters, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How We Share Your Information

We do not sell your personal data to third parties. We only share your information in the following limited circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who help us operate the service. These providers are contractually obligated to protect your data and use it only for the specified purposes:

Payment Processing:

Stripe, Inc. - Processes payments, manages subscriptions, stores payment card data securely, and handles billing.

Project Management:

Trello (Atlassian) - Hosts your kanban board, stores tasks, comments, attachments, and facilitates communication between you and our team.

Database & Authentication:

Supabase - Provides database hosting (PostgreSQL), user authentication, and secure data storage. Data is stored on US-based servers.

Analytics:

Google Analytics (GA4) - Website analytics with Consent Mode v2. Starts in denied mode and only collects data after you explicitly consent via our cookie banner. Collects anonymized usage data including page views, session duration, and traffic sources. No data is collected without your consent.

Scheduling:

Google Calendar - Handles appointment scheduling and calendar management for booking intro calls and consultations.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

Complying with court orders, subpoenas, or government regulations
Responding to lawful requests from law enforcement or regulatory authorities
Protecting our rights, property, or safety
Preventing fraud, illegal activity, or security threats
Enforcing our Terms & Conditions or other agreements

5.3 Business Transfers

If Design Dream is acquired by another company, merges with another business, or sells substantially all of its assets, your personal information may be transferred to the new owner as part of the transaction.

In such an event, we will notify you via email at least 30 days before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before the transfer.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent, such as when you authorize us to share portfolio work publicly or integrate with additional third-party tools.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

Account Data

Retained while your subscription is active, plus 90 days after cancellation to allow for reactivation. After 90 days, account data is permanently deleted unless you request earlier deletion.

Project Files & Deliverables

Retained for 1 year after subscription ends to allow you to access completed work. After 1 year, files may be archived or deleted. You are responsible for downloading and backing up your files.

Payment & Billing Records

Retained for 7 years to comply with US tax laws, accounting standards, and financial regulations. This includes invoices, receipts, transaction history, and subscription records.

Communication Logs

Retained for 2 years for customer support, quality assurance, and dispute resolution purposes. Includes emails, Trello comments, and support tickets.

Analytics Data

Aggregated, anonymized analytics data may be retained indefinitely as it contains no personally identifiable information.

You may request deletion of your data at any time by contacting us (see Section 11). Some data may be retained longer if required by law or necessary to resolve disputes.

7. International Data Transfers

Design Dream operates from the United States (Texas). If you are located outside the United States, your personal information will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country or region.

For EEA, UK, and Swiss Users: We ensure appropriate safeguards are in place for international data transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Service providers certified under the EU-US Data Privacy Framework (where applicable)
Adequate data protection agreements with all third-party processors

By using Design Dream, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

8. Cookies and Tracking Technologies

Design Dream uses minimal cookies and tracking technologies. We prioritize privacy and do not use invasive tracking or third-party advertising cookies.

8.1 Types of Cookies We Use

Essential Cookies (Required)

Necessary for authentication, security, and basic service functionality. These cookies enable you to log in, maintain your session, and use core features. You cannot opt out of essential cookies as the service will not function without them.

Examples: Session tokens, authentication cookies, security tokens

Functional Cookies (Optional)

Remember your preferences, settings, and choices. These improve your user experience but are not strictly necessary.

Examples: Language preferences, theme settings (dark mode)

8.2 No Tracking Cookies

We do not use:

Third-party advertising cookies or trackers
Cross-site tracking or behavioral profiling
Social media tracking pixels (Facebook Pixel, LinkedIn Insight Tag, etc.)
Invasive analytics platforms that ignore user consent

8.3 Google Analytics (Consent Mode v2)

We use Google Analytics (GA4, measurement ID G-62B08GFXRN) with Consent Mode v2, which requires cookie consent before tracking:

Denied by default — Analytics cookies are denied until you explicitly accept via our cookie banner
No data without consent — If you decline cookies, Google Analytics collects no data and sets no cookies
Anonymized data — IP addresses are anonymized and no personally identifiable information is stored
No ad tracking — Ad storage, ad user data, and ad personalization are all denied by default
Consent remembered — Your preference is stored locally and re-prompted after 12 months
GDPR, CCPA, and PECR compliant — Consent Mode v2 meets EU, California, and UK privacy requirements

8.4 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Clear all cookies when closing the browser
Set alerts when cookies are sent

Note: Disabling essential cookies will prevent you from using Design Dream, as they are required for authentication and core functionality.

9. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction:

9.1 Technical Safeguards

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS (Transport Layer Security)
Encryption at Rest: Sensitive data stored in databases is encrypted using AES-256 encryption
Secure Password Storage: Passwords are hashed using bcrypt with salt, making them irreversible
Payment Security: Payment card data is processed and stored by Stripe, a PCI DSS Level 1 certified payment processor. We never store full credit card numbers
Regular Backups: Encrypted daily backups stored securely with limited access

9.2 Access Controls

Limited employee and contractor access based on role and need-to-know
Multi-factor authentication (MFA) required for administrative access
Regular access reviews and principle of least privilege
All access is logged and monitored

9.3 Monitoring & Response

Continuous security monitoring and intrusion detection
Regular security audits and vulnerability assessments
Incident response plan for data breaches
Security patches and updates applied promptly

9.4 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify affected users via email within 72 hours of discovery (GDPR requirement)
Notify relevant supervisory authorities as required by law
Provide details about the breach, data affected, and steps being taken
Offer guidance on how you can protect yourself

Important: While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your password and account credentials.

10. Third-Party Links and Services

Our service may contain links to third-party websites, services, or resources (e.g., Stripe, Trello, Figma, GitHub). We are not responsible for the privacy practices or content of these third-party sites.

We strongly encourage you to review the privacy policies of any third-party services you interact with. This Privacy Policy applies only to information collected by Design Dream, not to information collected by third parties.

11. Your Privacy Rights

11.1 Rights for All Users

Regardless of your location, you have the following rights:

Access Your Data

Request a copy of the personal data we hold about you. We will provide this in a structured, commonly used, and machine-readable format (e.g., JSON, CSV).

Correct Your Data

Update or correct inaccurate or incomplete personal information. You can update most information directly in your account settings or by contacting us.

Delete Your Data

Request deletion of your personal data (right to be forgotten). We will permanently delete your data within 30 days, except where we are legally required to retain it (e.g., tax records).

Data Portability

Receive your data in a portable format and transfer it to another service provider. We provide exports in common formats like JSON, CSV, or ZIP archives.

Opt-Out of Marketing

Unsubscribe from promotional emails and newsletters at any time by clicking the "unsubscribe" link in emails or contacting us. You will still receive transactional emails (receipts, account notifications).

11.2 Additional Rights for EEA/UK Users (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR:

Restriction of Processing: Request that we limit how we use your data in certain circumstances
Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes
Withdraw Consent: Withdraw consent for processing at any time (does not affect lawfulness of processing before withdrawal)
Lodge a Complaint: File a complaint with your local data protection authority if you believe we have violated your privacy rights

11.3 Additional Rights for California Users (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Know what personal information we collect, use, disclose, and sell (we do not sell your data)
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (we do not sell or share your data)
Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
Right to Limit: Limit the use and disclosure of sensitive personal information

11.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@designdream.is
Subject Line: Privacy Rights Request
Include: Your name, email address, and specific request

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request to protect against unauthorized access.

12. Children's Privacy

Design Dream is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@designdream.is. We will promptly delete such information from our systems.

13. Do Not Track (DNT) Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Because there is no common industry standard for DNT, our website does not currently respond to DNT signals.

However, we use Google Analytics with Consent Mode v2, which respects cookie consent preferences. Analytics cookies are denied by default and only activated when you explicitly consent via our cookie banner.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

When we make material changes, we will:

Post the updated Privacy Policy on this page with a new "Last updated" date
Notify active subscribers via email at least 30 days before material changes take effect
For significant changes affecting your rights, request your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the service after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Design Dream
Christopher Carter, Sole Proprietor
Privacy Inquiries: privacy@designdream.is
General Support: chris@designdream.is
Website: designdream.is

Privacy Policy Key Points

We do not sell your data - Your personal information is never sold to third parties
Minimal data collection - We collect only what's necessary to provide the service
Consent-based analytics - Google Analytics with Consent Mode v2 requires your explicit consent before tracking
Strong security - Industry-standard encryption, secure payment processing, and access controls
Your rights respected - Access, correct, delete, or export your data anytime
GDPR & CCPA compliant - Full compliance with major privacy regulations
Transparent practices - Clear communication about data use and third-party services