Legal

Privacy Policy

DIPHY.me — Smart Business Websites

Last Updated: 13th February 2026

This Privacy Policy describes how DIPHY.me (“we,” “us,” or “our”) collects, uses, stores, and discloses your personal information when you visit our website diphy.me (the “Site”) or use our services.

By using the Site, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

01Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, and profile details when you create an account.
  • Business Information: Company name, address, phone number, and other business details you provide for your website or application.
  • Content: Text, images, files, and other content you upload to your website or application.
  • Communications: Messages you send to us through support channels.

1.2 Information Collected Automatically

  • Usage Data: IP address, browser type, device information, referring/exit pages, and pages visited.
  • Cookies: Small data files stored on your device to track activity and preferences.
  • Analytics: Aggregated data about how users interact with our platform.

1.3 Google User Data (Calendar Integration)

When you connect your Google Calendar account:

  • We request access through OAuth 2.0 to view and create calendar events on your behalf.
  • We access calendar metadata (event titles, times, availability) to display your availability and allow booking.
  • We store access tokens and refresh tokens securely (encrypted) to maintain the connection.
  • We do NOT access Gmail, Google Drive, or other Google services.

02Information We Do NOT Collect or Store

Important

To protect your security, we delegate certain sensitive operations to specialized, compliant third-party providers.

2.1 Passwords and Authentication

We do NOT store your passwords. All authentication (login, password management, session handling) is handled by Clerk, a third-party authentication provider with industry-standard security certifications. Your password is never transmitted to or stored on DIPHY.me servers.

2.2 Payment and Financial Data

We do NOT store credit card numbers, bank account details, or payment credentials. All payment processing is handled by PayPal (and/or other PCI-DSS compliant payment processors). We only receive confirmation of successful transactions and basic order information — never your full payment details.

2.3 Sensitive Personal Data

We do NOT collect or process:

  • Medical or health information
  • Biometric data
  • Government-issued identification numbers
  • Racial or ethnic origin, political opinions, religious beliefs
  • Any data requiring special regulatory compliance (HIPAA, etc.)

Our platform is not designed for storing or processing such data. Users must not upload sensitive data to their websites or applications hosted on DIPHY.me.

03How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our services
  • To process transactions and send related information
  • To communicate with you about your account and provide customer support
  • To send service-related emails (transactional emails, updates, security alerts)
  • To send promotional communications (only if you have opted in)
  • To improve, personalize, and optimize our platform
  • To detect and prevent fraud, abuse, or security issues
  • To comply with legal obligations

04How We Use Google User Data

If you connect your Google Calendar account:

Access & Storage

We use Google OAuth 2.0 to request permission. Access tokens and refresh tokens are stored securely (encrypted) in our database.

Usage

We only use Google Calendar data to display your availability on your DIPHY.me booking page and to create/update events when bookings are made.

Sharing

We do NOT share your Google Calendar data with third parties, except service providers strictly necessary to operate our service (e.g., database hosting).

Revocation

You may revoke DIPHY.me's access at any time via your Google Account permissions page. You can also contact us to delete your tokens and data from our system.

No Advertising

We do NOT sell, rent, or use Google user data for advertising purposes.

05Third-Party Service Providers

We use trusted third-party services to operate our platform securely and efficiently. These providers process data on our behalf and are contractually obligated to protect your information:

AuthenticationClerk — login, passwords, sessions
Payment ProcessingPayPal — secure transactions
Database HostingMongoDB Atlas — encrypted storage
Transactional EmailResend — confirmations, notifications
HostingVercel and/or other cloud providers

We may update our service providers as needed. The categories of services will remain consistent; specific providers may change.

06Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Sensitive data (including OAuth tokens) is encrypted at rest and in transit.
  • Database Isolation: Customer data is stored in logically separated databases with strict access controls.
  • Access Controls: Only authorized personnel can access production systems, with role-based permissions.
  • Secure Connections: All data transmission uses HTTPS/TLS encryption.
  • Regular Updates: We apply security patches and updates to our systems.

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users as required by law.

07Disclosure of Your Information

We may share your personal information only in the following circumstances:

  • With service providers who assist us in operating our platform (as listed in Section 5)
  • With your explicit consent
  • To comply with legal obligations, court orders, or government requests
  • To protect and defend our rights, property, or safety
  • To prevent or investigate fraud, abuse, or illegal activity
  • In connection with a merger, acquisition, or sale of assets (with notice to affected users)

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

08Data Retention

We retain your personal information only as long as necessary to provide our services or as required by law:

Active AccountsRetained while your account is active
Account DeletionDeleted within 30 days, except where required by law
Google TokensDeleted on revocation or account deletion
BackupsRetained up to 90 days for disaster recovery

09Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Understand how you use our platform (analytics)
  • Improve our services

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our Site.

10Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Objection: Object to the processing of your data or withdraw consent.
  • Portability: Request a copy of your data in a portable format (where technically feasible).
  • Revoke Google Access: Disconnect your Google Calendar at any time via myaccount.google.com/permissions

To exercise any of these rights, please contact us through our Support Channel.

11Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a minor, we will delete it promptly.

12International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers operate globally, and data may be stored in the United States, European Union, or other regions. By using our services, you consent to such transfers.

13Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Site and updating the “Last Updated” date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

14Governing Law

This Privacy Policy is governed by the laws of the Republic of Indonesia. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Indonesia.

15Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

Last updated: 13th February 2026