This Privacy Policy explains how we (“DS-GO”, “we”, “us”, “our”) collect, use, disclose, and protect personal data in connection with
DS-GO.PRO/CMS (https://dsgo.pro/cms), the DS-GO.PRO software,
DS-GO.HOTEL, DS-GO.PRO PLAYER, and any website or application that links to this Policy (the “Services”).
Processor role for customers: when customers use DS-GO to manage their own users/devices/content, the customer is the
Data Controller and DS-GO acts as the Data Processor. Our Data Processing Addendum (Art. 28 GDPR), including the list of
sub-processors and TOMs, is available on request and will be published at /legal/dpa.pdf.
Personal Information We Collect
Information you provide to us.
Business and personal contact information (name, email, phone, company/title, city/region/country). Account information (username, password). Content you upload (text, images, audio/video, links and related metadata). Registration information (e.g., trials, events). Support correspondence (questions, feedback, tickets). Transaction/billing information (payments to/from you; purchased products/services). Usage information (your interactions with the Services and features you use). Other information disclosed at the time of collection and used per this Policy.
Information from social platforms. We may maintain pages on platforms such as YouTube or Instagram.
Your interactions there are governed by those platforms’ privacy policies. If you sign in via a third-party provider,
we may receive limited profile data (see “Social Logins” below).
Information from other third parties. We may receive your contact details from partners (when you ask to be contacted)
and from marketing/data providers as permitted by law.
Cookies and other automated collection. We (and our providers) automatically collect device and usage data:
OS, device model/identifiers (e.g., GAID/IDFA), browser type, screen resolution, IP address, referrer, general location
(city/region), pages/screens viewed, navigation paths, time spent, timestamps, app events, crash diagnostics.
On websites this is via cookies, local storage and web beacons; in apps — directly or via SDKs (e.g., Google Play Services,
Google Analytics for Firebase, Firebase Crashlytics).
See our Cookie Policy for details.
Referrals. If you refer someone, you must have permission to share their contact details with us.
Sensitive data. We do not intend to collect special categories of personal data; please do not submit such data.
How We Use Your Personal Information
We use personal data for the purposes below and as otherwise described at collection:
Provide and operate the Services (accounts, device/screen registration, content delivery, security features, notifications, support) — Contract (Art. 6(1)(b)) / Legitimate interests (Art. 6(1)(f)).
Improve and develop the Services (analytics, diagnostics, A/B testing) — Legitimate interests.
Automated decision-making: we do not make decisions based solely on automated processing that produce legal or similarly significant effects.
Social Logins
If you register or log in using a third-party account (e.g., Google), we receive limited profile data (e.g., name, email, avatar) as permitted by your settings.
We use it to create/authenticate your DS-GO account and for security/logging. You can revoke access in the provider’s settings at any time.
We use Auth0 for identity and access management (Privacy).
Google APIs (Limited Use)
Where our Services access Google user data (e.g., YouTube connections or content), our use of information received from Google APIs adheres to the
Google API Services User Data Policy, including the Limited Use requirements. We do not use or transfer Google user data for serving ads.
Cookies & Similar Technologies
We use cookies, local storage and SDKs to run the site/app, remember preferences, measure usage and improve performance.
Non-essential cookies/SDKs are used only with your consent where required; you can manage preferences in the cookie banner or browser/device settings.
See our Cookie Policy for details.
How We Share Your Personal Information
We do not sell personal data. We share it only as described below or as otherwise disclosed at collection:
Affiliates / EU Representative. For purposes consistent with this Policy.
Service providers (sub-processors). Acting under our instructions and Art. 28-compliant terms (hosting, email, analytics, monitoring, auth, support, payments where applicable). Core providers include:
• Hetzner Online GmbH (EU) — infrastructure/hosting (EU data centres)
• Auth0/Okta — identity & access management (authentication/authorization)
• MailerLite UAB (EU) and/or Zoho Mail (EU) — email delivery
• Google LLC — GA4 / Crash / YouTube where enabled
We maintain an up-to-date sub-processor list in our DPA and notify customers of material changes in advance.
Third-party platforms and social networks. If you enable integrations or log in via those platforms, we disclose data you authorize.
Professional advisors. Lawyers, auditors, insurers — under confidentiality.
Compliance & safety. To protect rights, enforce agreements, respond to legal requests.
Business transfers. In connection with a merger, acquisition, reorganization or insolvency.
If you publish content or share it with other users, visibility follows your settings.
Other sites, mobile applications and services
The Services may contain links to third-party websites, apps, or services. These links are not an endorsement and are governed by the third party’s privacy policy.
We are not responsible for third-party practices. We encourage you to review their policies.
Security practices
We implement technical and organizational measures appropriate to risk, including HTTPS (TLS 1.2/1.3), HSTS (where applicable), role-based access and least privilege,
MFA for administrative access, secure password hashing, environment separation, encrypted backups with tested restore, logging & monitoring (admin actions, auth events, device heartbeats),
vulnerability management and timely patching, incident response playbooks and breach notification without undue delay. No method of transmission or storage is 100% secure.
International data transfers
We primarily host in the EU. Where personal data is transferred outside the EEA/UK, we use appropriate safeguards, including the
EU Standard Contractual Clauses (2021/914) and, where applicable, the EU-US Data Privacy Framework and the UK Addendum.
Details are available on request and in our DPA.
Data retention
We retain personal data only as long as necessary for the purposes described or as required by law:
Account data: life of the account + up to 24 months after closure (unless longer required by law or for disputes).
Device/activity logs: typically 12 months.
Billing/tax records: up to 6 years (or as required by applicable law).
Backups: rolling 30–90 days.
Aggregated/anonymous data may be retained indefinitely.
Children
The Services are not directed to, and we do not knowingly collect personal information from, anyone under the age of 16.
If you believe a child provided data to us, please contact us and we will delete it promptly.
Changes to this Privacy Policy
We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where required, provide additional notice.
Your continued use of the Services after changes become effective indicates acceptance.
