Privacy Policy

Dynarius, operated by entity name pending (“we,” “our,” or “Dynarius”), is committed to protecting the privacy of individuals who visit our website (dynarius.com) and those who engage our services. This Privacy Policy describes how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.

• Entity: to be completed
• Registered Address: to be completed
• Contact: to be completed
• Data Protection Officer: to be appointed

3.1 Website Visitors

When you visit dynarius.com, we collect minimal data:

• Page views and navigation patterns (via privacy-first analytics; no cookies, no personal identifiers).
• IP address (processed but not stored in identifiable form).
• Browser type and device information (aggregated, non-identifiable).

3.2 Inquiry Submissions

When you submit a Private Inquiry through our website, we collect:

• Name (if provided; this field is optional).
• Email address.
• Country or region.
• Nature of inquiry.
• Message content.

Inquiry data is encrypted end-to-end at the point of submission and stored in encrypted form on our servers. Inquiry data is used solely to respond to your request.

3.3 Client Data

For clients who engage our services, data collection is governed by a separate Data Processing Agreement (DPA). Client data — including interview recordings, documents, family information, and all materials provided during the Heritage Capture process — is encrypted with client-owned keys under our Zero Knowledge Architecture. Dynarius cannot access this data in decrypted form.

• Website analytics: Legitimate interest (Article 6(1)(f) GDPR) — understanding website usage to improve our services.
• Inquiry responses: Performance of pre-contractual measures at your request (Article 6(1)(b) GDPR).
• Client services: Performance of a contract (Article 6(1)(b) GDPR) and, where applicable, explicit consent (Article 6(1)(a) GDPR).

• Website analytics data: aggregated, non-identifiable; retained indefinitely.
• Inquiry data: retained for 12 months after the last communication, then securely deleted.
• Client data: retained for the duration of the service agreement, plus a post-termination period as specified in the DPA. Client data may be destroyed at any time upon client request via cryptographic erasure.

Dynarius does not sell, rent, or share personal data with third parties for marketing purposes. We may share data only in the following circumstances:

• With service providers who assist in operating our infrastructure, subject to data processing agreements with equivalent security obligations.
• When required by law, regulation, or valid legal process.
• With the client's explicit written consent.

Under our Zero Knowledge Architecture, client data shared with infrastructure providers is encrypted with client-owned keys. Infrastructure providers cannot access the decrypted content.

If personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognized under applicable law.

Under the GDPR, you have the following rights:

• Right of access: to obtain confirmation of whether your personal data is being processed and to receive a copy.
• Right to rectification: to request correction of inaccurate personal data.
• Right to erasure: to request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: to request limitation of processing in certain circumstances.
• Right to data portability: to receive your personal data in a structured, commonly used format.
• Right to object: to object to processing based on legitimate interest.
• Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, contact privacy@dynarius.com. We will respond within 30 days.

We implement industry-leading security measures to protect personal data, including AES-256 encryption at rest, TLS 1.3 in transit, hardware-based authentication, and Zero Knowledge Architecture for client data. For full details, refer to our Security Whitepaper (available under NDA).

dynarius.com does not use tracking cookies, third-party analytics cookies, or advertising cookies. We use privacy-first analytics that do not require cookie consent. No personal data is collected through cookies.

We may update this Privacy Policy periodically. Material changes will be communicated through the website. The “Last Updated” date at the top of this document indicates the most recent revision.

For questions or concerns about this Privacy Policy or our data practices, contact:

• Email: to be completed
• Postal: to be completed

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.