Dashbrd

Privacy Policy

Last updated: April 20, 2026

Dashbrd, Inc. (“Dashbrd,” “we,” or “us”) provides a commercial real estate intelligence and outreach platform. This Privacy Policy describes how we collect, use, share, and protect information in connection with the Dashbrd web application at dashbrd.ai and the Dashbrd Collector browser extension (together, the “Service”).

1. Information we collect

1.1 Information you provide

  • Account information. Name, email address, password hash, organization name, and role. Used to authenticate you and assign tenant access.
  • Contacts you upload or add. Contact records, notes, tasks, and related CRM data you enter or import.
  • Integration credentials. OAuth tokens or API keys for services you connect (Google Workspace, Microsoft 365, Monday.com, Otter.ai, People Data Labs, Clearbit, ZeroBounce, OpenRouter, Anthropic, OpenAI, Google Gemini). Stored encrypted at rest using AES-256-GCM.
  • Collector tokens. Per-user browser-extension API tokens. Only a SHA-256 hash is stored; the raw token is shown to you once at creation and never again.

1.2 Information we collect automatically

  • Scout signal data. Public building permits, news, press releases, and trade-press coverage ingested from public sources for every U.S. market you enable.
  • Website scraping. Public company team pages, about pages, and leadership pages. We respect robots.txt and identify our crawler as Dashbrd-Scout/1.0 (+https://dashbrd.ai).
  • Browser-extension capture. When you install the Dashbrd Collector extension and connect it with an API token, the extension reads DOM content from pages you view on LinkedIn (profile view, connection list, search results, “People You May Know”) and Gmail (email signatures) inside your own authenticated browser session. No data is read from pages you have not opened, and no Dashbrd server ever holds your LinkedIn or Gmail credentials.
  • Usage telemetry. Aggregate logs of API calls, latency, and errors to operate and improve the Service.

1.3 Information we receive from third parties

  • Data-enrichment providers. When you connect People Data Labs, Clearbit, or a similar provider, we request contact and company records on your behalf and store the returned data in your tenant database with a provenance tag identifying the source.
  • Email verification. When ZeroBounce is connected, we send candidate email addresses for verification and store the returned result (VERIFIED, INVALID, CATCH_ALL, etc.).
  • OAuth integrations. Services you connect may return profile and organization information as part of the OAuth flow. We store only what is needed to operate the integration.

2. How we use information

  • Operate, maintain, and improve the Service.
  • Build your tenant’s canonical people and company database.
  • Authenticate you, secure your account, and enforce access controls.
  • Execute features you initiate — enrichment runs, sync tasks, scheduled crons, and outreach sequences.
  • Provide customer support and respond to your requests.
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Comply with legal obligations.

3. How we share information

We do not sell personal information. We share limited data only with:

  • Service providers that host and operate Dashbrd (Vercel for hosting, Neon for Postgres, and the AI / data / verification providers you connect). They are bound by contractual confidentiality and data-protection obligations.
  • Within your tenant. Data you capture is shared with other users in your tenant organization. Cross-tenant sharing does not occur except for anonymized aggregate metrics used to improve product quality.
  • Legal process. We may disclose information if required by law, subpoena, or valid legal request, and in connection with investigating fraud or security threats.

4. Your rights

Depending on your jurisdiction (including under GDPR and CCPA/CPRA), you may have rights to:

  • Access the personal information we hold about you.
  • Correct or delete your personal information.
  • Object to or restrict certain processing.
  • Port your data to another service.
  • Withdraw consent for processing where processing is based on consent.
  • Opt out of sale or sharing of personal information (we do not sell).

To exercise any of these rights, email privacy@dashbrd.ai and include enough information to verify your identity. We will respond within the period required by applicable law (typically 30-45 days).

5. Data retention

We retain personal information for as long as your account is active, plus a reasonable period afterward to comply with legal obligations, resolve disputes, or enforce agreements. When you delete your account or a specific record, the data is purged from production within 30 days. Encrypted backups may retain copies for up to an additional 90 days before rotation.

6. Security

We use industry-standard controls including TLS in transit, AES-256-GCM encryption of sensitive credentials at rest, isolated per-tenant storage, SHA-256 hashing of API tokens, and role-based access controls. No system is perfectly secure; we will notify affected users promptly if a breach occurs that is likely to result in risk to rights and freedoms.

7. International transfers

Dashbrd is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

8. Children

The Service is intended for business use and is not directed to children under 16.

9. Changes to this policy

We may update this policy from time to time. When we do, we’ll revise the “Last updated” date above and, for material changes, notify active users by email or in-app notice.

10. Contact

Questions? Email privacy@dashbrd.ai.