Privacy Policy

This Policy applies to three groups:

1. Website visitors — people who visit dinoaihost.com and any subdomains.
2. Customers — businesses that purchase the Dino appliance and license BOS, and the individual users (owners, dispatchers, technicians) at those businesses.
3. End-users — consumers and businesses who interact with a customer’s business through Dino-powered features (e.g., calling a plumbing company whose phones are answered by the BOS voice agent).

Where a section applies only to one group, we say so. Otherwise it applies to all three.

If you are an end-user looking for the privacy notice for a specific business that uses Dino, that business is responsible for posting its own privacy notice. We provide a template at dinoaihost.com/end-user-privacy-notice that they may adapt.

Information you provide directly (website visitors)

• Contact and demo-request information: name, business name, role, email, phone number, website, business size, and any free-text you submit on contact, demo-request, or newsletter forms on dinoaihost.com.
• Communications: emails, support tickets, and other messages you send us.
• Account and order information: if you proceed to purchase a Dino appliance, billing contact, shipping address, business legal name, hardware tier selection, and integration scope.

Information collected automatically (website visitors)

• Log and device data: IP address, user-agent, referring URL, pages viewed, timestamps, and similar standard server logs.
• Cookies and similar technologies: see our Cookie Policy.

Information collected from the Dino appliance (customers)

The Dino appliance reports a deliberately narrow set of operational information back to Dino RD&C:

1. License activation data — appliance identifier, license key, business name, activation timestamp.
2. Anonymized telemetry — appliance health (CPU, memory, disk, model load times, queue depths), feature usage counts, and aggregated performance metrics. Telemetry does not include the contents of customer business data, customer records, message contents, voice recordings, or transcripts.
3. Crash reports — stack traces, system state at the time of the crash, and software version. We make commercially reasonable efforts to scrub crash reports of customer-identifiable content; if we discover any has been included, we delete it.
4. Software-update checks — appliance version, requested channel, and the resulting update served.
5. Remote support access — when a customer opens a support ticket and authorizes it, our support engineers may access the appliance over an authenticated Tailscale connection. Every such session is logged on the appliance and visible in the customer’s audit log. We do not access customer appliances unprompted.

Aggregate usage data (#2 above) is opt-out. New customers are opted in at deployment; an admin can disable it at any time from BOS settings. When opted out, only items #1, #3, #4, and #5 are reported.

Information that stays on the customer’s appliance (does not reach Dino RD&C)

This is the long list — and intentionally so. None of this leaves the appliance unless the customer’s own integrations cause it to (e.g., the customer connects their own Stripe account, which sends data to Stripe directly):

• Customer business records: customers, properties, contacts, jobs, projects, technicians, dispatch history.
• Quotes, invoices, payments (payment instrument data is held by Stripe under the customer’s account, not by us).
• Voice calls, recordings, transcripts, voicemail, AI receptionist conversations.
• Inbound and outbound messages (Instagram, Facebook, WhatsApp, SMS, email).
• CRM activity, notes, tags, follow-ups.
• Inventory, GPS, vehicle tracking, internal chat.
• AI memory, vector embeddings, distilled skill content, fine-tunes.
• Audit logs, sessions, device metadata for the customer’s own technicians.

The Dino appliance integrates with several external services. The architecture is designed so that business data flows directly between the platform and the customer’s appliance rather than through our servers.

• Meta (Instagram, Facebook, WhatsApp). Webhook events from Meta arrive at a Cloudflare Worker we operate, which validates the signature and forwards the payload through a Cloudflare Tunnel to the customer’s appliance. The Worker is pure pass-through: it does not persist message contents or metadata. The customer’s appliance is the system of record. See Section 9 for Meta-specific details.
• Stripe (payments). Each customer signs up for their own Stripe account. The appliance integrates with that Stripe account directly. Stripe is a customer-direct subprocessor; cardholder data never touches the appliance or our infrastructure.
• Twilio (voice and SMS). Each customer signs up for their own Twilio account. Voice and SMS traffic is brokered between Twilio and the appliance directly.
• Google (OAuth, Calendar, Maps/Places). OAuth, calendar, and map services connect to the appliance directly.
• Bright Data, LinkedIn, X, and similar third parties (used for B2B lead enrichment, social posting, monitoring, and similar features) connect to the appliance directly.
• Optional cloud LLM fallback. Customers may opt in to a cloud language-model fallback (e.g., OpenAI, Anthropic). When enabled, the appliance routes specified LLM requests to the third-party provider and the provider processes them under its own terms. Cloud LLM fallback is off by default; the customer pays the provider directly or through a metered add-on.

A current list of subprocessors used by Dino RD&C is maintained at dinoaihost.com/subprocessors.

We use the information described above for the following purposes:

• To operate the Service: activate licenses, deliver software updates, respond to support requests, and maintain reliability of the appliance and our cloud relays.
• To improve our software: anonymized telemetry and crash reports help us identify defects and performance issues. We do not use customer business data, voice recordings, transcripts, or message contents for product improvement, model training, or any cross-customer aggregation.
• To communicate with you: respond to demo requests, deliver order updates, send service-related announcements, and (where permitted) marketing communications. You may opt out of marketing at any time.
• To enforce our Terms and protect Dino RD&C, our customers, and the public from fraud, abuse, and security threats.
• To comply with law and respond to valid legal process.

We do not “sell” personal information as that term is defined under the California Consumer Privacy Act (CCPA/CPRA) or analogous state laws. We do not engage in cross-context behavioral advertising.

This is important enough to state separately.

• BOS includes a distillation pipeline and skill-refinement system that take operational signals from agent runs and feed them back into the agent’s own skills, memories, and fine-tunes.
• All of that happens on the customer’s appliance. The pipeline is local. The vector store is local. The fine-tuned model weights are local.
• We do not aggregate, anonymize, pseudonymize, or otherwise extract customer business data from one appliance to train models that benefit any other appliance.
• Software updates that we ship to all customers contain only Dino-authored code, configuration, and prompt content; they never contain customer data.

If we ever change this commitment, we will give customers prior written notice, and any change will be opt-in — never opt-out.

We share information only as described below.

• Subprocessors. Third parties that process information on our behalf, listed at dinoaihost.com/subprocessors.
• Customer-direct integrations. Where a customer connects their own account at a third-party platform (e.g., Stripe, Twilio, Gmail), data flows under that platform’s terms.
• Legal process. We disclose information when required by valid legal process, to protect rights and safety, or to enforce our Terms.
• Business transfers. If Dino RD&C is acquired or merges, information may transfer subject to the same protections as this Policy.

We do not share information with advertisers, data brokers, or marketing networks.

We retain information only as long as needed for the purposes described in this Policy.

Where law requires longer retention (e.g., tax, anti-fraud), we retain only what is required and only for as long as required.

US state privacy rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Maryland, New Hampshire, New Jersey, Iowa, Indiana, Tennessee, Minnesota, or Rhode Island, you may have the following rights, subject to the conditions and exceptions of your state’s law:

• Right to know / access the categories and specific pieces of personal information we have about you.
• Right to delete personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to data portability — receive your information in a portable format.
• Right to opt out of the “sale” or “sharing” of personal information, of targeted advertising, and of certain types of profiling. We do not engage in any of these practices, but the right is available to you regardless.
• Right to limit use of sensitive personal information.
• Right of non-discrimination for exercising these rights.

To exercise any right, email [email protected] with the subject line “Privacy Request — [right]” and a description of your request. We will verify your identity using information we already have on file. We will respond within 45 days (extendable once by 45 additional days) and notify you if any portion of your request cannot be fulfilled and why.

You may designate an authorized agent to exercise rights on your behalf. We will require written authorization signed by you and reasonable identity verification.

If you are dissatisfied with our response, you may appeal by replying to our response with the word “Appeal” in the subject. We will respond to appeals within 60 days.

California “Shine the Light”

California residents may request a list of personal information disclosed for direct marketing purposes in the prior calendar year. We do not disclose personal information for third-party direct marketing purposes.

If you are an end-user

If you interacted with a Dino-powered business as an end-user (for example, you called a plumbing company and were greeted by an AI receptionist), the business is the controller of your personal information. Direct your privacy request to that business in the first instance. We will assist the business in fulfilling your request.

If you are a Meta platform user

See the Meta Data Deletion Instructions.

We disclose the following because Meta platform policies and the privacy expectations of users on Instagram, Facebook, and WhatsApp warrant a focused section.

• Why we connect. A customer business uses BOS to manage Instagram DMs, Facebook Messenger conversations, WhatsApp Business messages, page metadata, and (where the customer enables them) Meta Insights and Ads functions.
• Permissions we request. Including but not limited to: instagram_basic, instagram_manage_messages, pages_show_list, pages_messaging, pages_manage_metadata, pages_read_engagement, pages_read_user_content, whatsapp_business_messaging, whatsapp_business_management, plus insights and ads permissions when the customer enables those features. Each permission is requested only with appropriate scope and only when needed.
• Where Meta data flows. Meta → Cloudflare Worker (signature validation only, no persistence) → Cloudflare Tunnel → customer’s Dino appliance. The appliance is the system of record.
• What Dino RD&C does not do. We do not store Meta-derived business data on Cloudflare Workers, Dino RD&C servers, or any third-party storage outside the customer’s own appliance. We do not sell Meta data. We do not transfer Meta data to advertisers or data brokers. We do not use Meta data to train cross-customer models.
• Data deletion. A Meta user, end-user, or page owner may request deletion of their data. See dinoaihost.com/meta-data-deletion. We honor requests within 30 days and confirm completion via email.

The Service is intended for businesses operating in the home services industry. It is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, contact us and we will delete it.

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information. These include:

• AES-256-GCM encryption for secrets stored on the appliance and on Dino RD&C systems.
• Role-based access controls inside BOS and inside Dino RD&C.
• Audit logging of administrative and remote-support actions, retained for 7 years.
• Authenticated, customer-authorized remote support via Tailscale; per-session logging.
• Mobile Device Management (Apple Business Manager + Mosyle) for hardware lock-down.
• Regular review of subprocessor security postures.

No system is perfectly secure. If we discover a security incident affecting your information, we will notify affected customers within 72 hours of confirmation, in accordance with applicable law.

To report a vulnerability, see our Security Disclosure Policy.

Dino RD&C currently sells and ships only within the United States. Information we collect is processed in the United States. If we expand outside the US, we will update this Policy with the appropriate transfer mechanisms.

Some browsers transmit Do Not Track signals. Because there is no industry consensus on how to interpret these signals, we do not respond to them at this time. We do, however, honor opt-out preference signals (such as Global Privacy Control) where required by state law.

We will post material changes here and update the “Last Updated” date. If a change materially expands our use or sharing of personal information, we will provide additional notice (e.g., email, in-product banner) before the change takes effect.

Dino RD&C LLC

5830 E 2nd St

Casper, WY 82601, USA

Email: [email protected]

Privacy requests: same address, subject “Privacy Request”