Privacy Policy

1. Introduction

Design Dream ("we," "us," or "our") is operated by Christopher Carter, a sole proprietorship based in Texas, United States. We are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our subscription-based design and development service. This policy applies to all users of designdream.is and related services.

By using Design Dream, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

2.1 Information You Provide Directly

When you subscribe to Design Dream or interact with our service, you provide us with the following information:

• Account Information: Name, email address, password, company name (optional)
• Payment Information: Credit card details, billing address, and payment history (processed securely by Stripe—we do not store your full payment card details)
• Project Information: Design briefs, project requirements, task descriptions, feedback, files, images, logos, and any other materials you upload or share through Basecamp
• Communication Data: Messages, comments, emails, and other communications exchanged with us through Basecamp, email, or Cal.com
• Support Requests: Information you provide when contacting customer support

2.2 Information Collected Automatically

When you visit our website or use our service, we automatically collect certain information:

• Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths
• Device Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences
• Analytics Data: Aggregate, anonymized data collected via Plausible Analytics (privacy-friendly, no personal identifiers)
• Log Data: Server logs, error reports, access times, and system diagnostics
• Cookies: Minimal essential cookies for authentication and functionality (see Section 8)

2.3 Information from Third-Party Services

We use trusted third-party services to operate Design Dream. These services may share certain information with us:

• Stripe: Payment status, transaction details, billing history, and subscription status
• Basecamp: Task activity, project data, comments, file attachments, and workspace interactions
• Cal.com: Appointment scheduling data, meeting times, and calendar availability
• Supabase: User authentication, database records, and session management

3. How We Use Your Information

We collect and use your personal information for the following purposes:

3.1 Provide the Service

• Process your subscription and manage your account
• Deliver design and development work according to your requests
• Manage projects and tasks through Basecamp
• Communicate with you about your projects and provide updates
• Schedule meetings and consultations via Cal.com
• Deliver completed files, designs, and code

3.2 Process Payments

• Charge subscription fees and process payments via Stripe
• Issue invoices and receipts
• Handle refund requests and cancellations
• Prevent fraud and unauthorized transactions
• Maintain accurate billing and tax records

3.3 Improve Our Service

• Analyze usage patterns and user behavior to improve features
• Fix bugs, errors, and technical issues
• Develop new features and enhancements
• Conduct research and testing to optimize user experience
• Gather feedback and measure customer satisfaction

3.4 Security and Legal Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms & Conditions and other policies
• Comply with legal obligations, including tax laws and regulations
• Respond to legal requests, court orders, and government inquiries
• Protect our rights, property, and safety, as well as those of our users

3.5 Marketing (With Your Consent)

• Send promotional emails, newsletters, and service updates (you can opt out anytime)
• Share company news, blog posts, and case studies
• Notify you of new features, services, or special offers

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

5. How We Share Your Information

We do not sell your personal data to third parties. We only share your information in the following limited circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who help us operate the service. These providers are contractually obligated to protect your data and use it only for the specified purposes:

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, including:

• Complying with court orders, subpoenas, or government regulations
• Responding to lawful requests from law enforcement or regulatory authorities
• Protecting our rights, property, or safety
• Preventing fraud, illegal activity, or security threats
• Enforcing our Terms & Conditions or other agreements

5.3 Business Transfers

If Design Dream is acquired by another company, merges with another business, or sells substantially all of its assets, your personal information may be transferred to the new owner as part of the transaction.

In such an event, we will notify you via email at least 30 days before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before the transfer.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent, such as when you authorize us to share portfolio work publicly or integrate with additional third-party tools.

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

You may request deletion of your data at any time by contacting us (see Section 11). Some data may be retained longer if required by law or necessary to resolve disputes.

7. International Data Transfers

Design Dream operates from the United States (Texas). If you are located outside the United States, your personal information will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country or region.

For EEA, UK, and Swiss Users: We ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers certified under the EU-US Data Privacy Framework (where applicable)
• Adequate data protection agreements with all third-party processors

By using Design Dream, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

8. Cookies and Tracking Technologies

Design Dream uses minimal cookies and tracking technologies. We prioritize privacy and do not use invasive tracking or third-party advertising cookies.

8.1 Types of Cookies We Use

8.2 No Tracking Cookies

We do not use:

• Third-party advertising cookies or trackers
• Cross-site tracking or behavioral profiling
• Social media tracking pixels (Facebook Pixel, LinkedIn Insight Tag, etc.)
• Google Analytics or other invasive analytics platforms

8.3 Plausible Analytics (Privacy-Friendly)

We use Plausible Analytics, a privacy-first analytics service that:

• Does not use cookies - No cookie banners needed
• Does not track personal data - No IP addresses, user IDs, or identifying information
• Does not collect PII - Fully GDPR, CCPA, and PECR compliant
• Aggregates data only - All analytics are anonymous and aggregated
• Open source and transparent - Code is publicly auditable

8.4 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Clear all cookies when closing the browser
• Set alerts when cookies are sent

Note: Disabling essential cookies will prevent you from using Design Dream, as they are required for authentication and core functionality.

9. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction:

9.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS (Transport Layer Security)
• Encryption at Rest: Sensitive data stored in databases is encrypted using AES-256 encryption
• Secure Password Storage: Passwords are hashed using bcrypt with salt, making them irreversible
• Payment Security: Payment card data is processed and stored by Stripe, a PCI DSS Level 1 certified payment processor. We never store full credit card numbers
• Regular Backups: Encrypted daily backups stored securely with limited access

9.2 Access Controls

• Limited employee and contractor access based on role and need-to-know
• Multi-factor authentication (MFA) required for administrative access
• Regular access reviews and principle of least privilege
• All access is logged and monitored

9.3 Monitoring & Response

• Continuous security monitoring and intrusion detection
• Regular security audits and vulnerability assessments
• Incident response plan for data breaches
• Security patches and updates applied promptly

9.4 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of discovery (GDPR requirement)
• Notify relevant supervisory authorities as required by law
• Provide details about the breach, data affected, and steps being taken
• Offer guidance on how you can protect yourself

Important: While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your password and account credentials.

10. Third-Party Links and Services

Our service may contain links to third-party websites, services, or resources (e.g., Stripe, Basecamp, Figma, GitHub). We are not responsible for the privacy practices or content of these third-party sites.

We strongly encourage you to review the privacy policies of any third-party services you interact with. This Privacy Policy applies only to information collected by Design Dream, not to information collected by third parties.

11. Your Privacy Rights

11.1 Rights for All Users

Regardless of your location, you have the following rights:

11.2 Additional Rights for EEA/UK Users (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR:

• Restriction of Processing: Request that we limit how we use your data in certain circumstances
• Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes
• Withdraw Consent: Withdraw consent for processing at any time (does not affect lawfulness of processing before withdrawal)
• Lodge a Complaint: File a complaint with your local data protection authority if you believe we have violated your privacy rights

11.3 Additional Rights for California Users (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Know what personal information we collect, use, disclose, and sell (we do not sell your data)
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (we do not sell or share your data)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Limit: Limit the use and disclosure of sensitive personal information

11.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request to protect against unauthorized access.

12. Children's Privacy

Design Dream is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@designdream.is. We will promptly delete such information from our systems.

13. Do Not Track (DNT) Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Because there is no common industry standard for DNT, our website does not currently respond to DNT signals.

However, we use privacy-friendly Plausible Analytics that does not track users or collect personally identifiable information, making DNT signals unnecessary for our analytics.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

When we make material changes, we will:

• Post the updated Privacy Policy on this page with a new "Last updated" date
• Notify active subscribers via email at least 30 days before material changes take effect
• For significant changes affecting your rights, request your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the service after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: