Privacy Policy

Dynamo Engine LLC (“we”, “us”) provides Dynamo, an AI-assisted game-development tool. This policy describes what personal data we collect when you sign in to or use Dynamo, why we collect it, how we store it, and the choices you have over it.

We aim to collect the minimum data needed to run the product and never sell your personal information.

When you sign in to Dynamo we collect the following from your chosen identity provider:

• Email address — used as your account identifier and to email you transactional messages (sign-in links, security notices, billing receipts).
• Display name and avatar URL (when available from your provider) — shown in your account page so you can confirm you signed in with the right account.
• Provider user ID— the unique identifier your provider (Google, Microsoft, GitHub, or Discord) assigns you. We use this to verify it's the same person on subsequent sign-ins.

When you authorize Dynamo to sign in with Google, we receive only the data covered by the email, profile, and openid scopes. We do not request access to your Gmail, Drive, Calendar, or any other Google service.

From the Dynamo CLI running on your machine, we additionally collect:

• Device fingerprint— a hash derived from your machine's hardware identifiers, used solely to enforce your plan's seat limit. We never see your raw machine identifiers; only the salted hash.
• Hostname, operating system, Dynamo version — shown in your device list so you can recognize each registered machine.
• Last-seen timestamp per device — updated each time the CLI authenticates so you can spot inactive devices.

• To create and maintain your account and license record.
• To enforce the seat limit included with your plan.
• To send you sign-in links, account notifications, and (if you upgrade) billing receipts.
• To diagnose and fix bugs affecting your account.
• To protect Dynamo from abuse, fraud, and security incidents.

We do not use your personal information to train AI models, sell it to advertisers, or share it with third parties for marketing.

Your account, license, and device records are stored in a Supabase-hosted Postgres database. Supabase runs on Amazon Web Services. Database access requires authenticated requests and is restricted at the row level so you can only read or modify your own data.

Transactional emails (sign-in links, license notices) are sent via MailerSend, which receives your email address only at send time.

We share your data only with the service providers that operate Dynamo's infrastructure:

• Supabase — database, authentication, and edge functions.
• MailerSend — transactional email delivery.
• Vercel — hosts dynamoengine.dev and auth.dynamoengine.dev.
• Your chosen OAuth provider — only when you initiate a sign-in flow.

Each provider has access only to what's needed for its function. We do not sell, rent, or trade your personal data.

We may disclose your data when required by law (e.g. a valid subpoena) or to protect the safety of our users and our service.

You can:

• Access the data we have about you by signing in at dynamoengine.dev/account.
• Revoke device access from the same page (full device-management UI coming in a future release).
• Export your data from /account. Click Download my data to receive a ZIP containing your profile, license history, device list, and audit-log entries as JSON files.
• Delete your account and associated data from /account via the Delete account button. Deletion starts immediately — we cancel your active subscription and schedule the underlying records (profile, license, devices) for permanent removal after a 30-day grace period. Within that window you can email support@dynamoengine.dev to cancel the deletion. After day 30 it is permanent and irreversible.
• Revoke OAuth access at any time from the relevant provider's settings (e.g. Google account permissions).

What is retained after account deletion: We keep payment records (invoice dates and amounts) for 7 years per tax law, but the customer record is scrubbed of personal identifiers (name, email, address) at deletion time. A minimal audit-log entry recording that an account was deleted is retained for 90 days for security and complaint-handling purposes, with your personal identifier removed.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data-protection laws, the above flows satisfy your rights to access, portability, and erasure. For other rights (e.g. objection to processing) email support@dynamoengine.dev.

Dynamoengine.dev uses only essential cookies and local-storage entries required to keep you signed in. We do not use advertising or cross-site tracking cookies, and we never sell your data.

For aggregate traffic measurement we use Cloudflare Web Analytics, a privacy-first analytics tool that counts page views and basic performance metrics without cookies and without collecting personal data or building a profile of you. There is nothing to opt out of because no personal identifiers are stored.

The Dynamo CLI does not write to your browser at all.

The Dynamo CLI can send anonymous usage data (which commands and features you use, your OS and version, and a random anonymous install ID) so we can see what helps and what to build next. It is opt-in and off by default, asked once on first run, and toggleable any time with dynamo telemetry off. It never includes your prompts, code, file contents, file paths, AI responses, email, or IP, and is never used to train AI models.

For the exact list of what is and isn't collected, where it goes, retention, and how to control it, see dynamoengine.dev/privacy/telemetry.

Dynamo is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have, please contact us and we will delete it.

We will update this page when our practices change. Substantive changes will be announced via email to registered users at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent change.

Questions about this policy or your data: privacy@dynamoengine.dev