Legal

Dino Privacy Policy

Last Updated: May 21, 2026

Dino Technologies, Inc. together with its affiliates (collectively "Dino," "we," "us," or "our") respects, and works hard to protect, your privacy. This Privacy Policy is designed to help those who are interacting with our websites or exploring our Services ("visitors") or individuals who directly sign up for and access, or who use our products as part of an account or transaction flow ("users") (visitors and users are collectively referred to as "you"), understand how we collect, use, process, and disclose your Personal Information, and to help you understand and exercise your privacy rights when you access our websites and use our Services.

For residents of U.S. states that provide additional rights, more information about the data we collect is available in Sections 14 and 15 below.

1.Scope

This Privacy Policy applies to Personal Information we process in connection with our websites (including dino.id), our dashboard, our APIs, and any other products and services we offer (collectively, the "Services"). "Personal Information" in this Policy means information about you, including your identity, contact details, financial information, and online behavior.

This Privacy Policy does not apply to:

  • Enterprise Data. Any Personal Information or other data that we process on behalf of our enterprise or business customers ("Enterprise Data") as a service provider or data processor. Our processing of Enterprise Data is governed by contracts we have in place with our customers, not this Privacy Policy. Any questions or requests relating to the privacy practices of our customers should be directed to the applicable customer.
  • Workers and applicants. Details about how we process Personal Information of employees, contractors, or job applicants at Dino are covered in a separate workforce privacy notice.

This Privacy Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

2.Personal information we collect

The categories of Personal Information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We endeavor to collect information only relevant for our business needs. We collect information that you provide to us directly, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

A.Personal information you provide to us directly

We may collect Personal Information that you provide to us directly when you interact with our Services.

Account creation and profile

If you create an account or register as a user, we will collect Personal Information including your full legal name, email address, phone number, and authentication credentials. We may also require you to provide additional Personal Information as required by law or for compliance purposes, as a condition for continuing use of aspects of our Services.

Business, KYC, and KYB

To onboard a business onto the Services and to comply with applicable law, including anti-money laundering (AML), know-your-customer (KYC), and know-your-business (KYB) obligations, we collect:

  • Legal entity name, business type, industry classification, and registration or incorporation details
  • Business address and principal place of operations
  • Date of birth, government-issued identifiers (such as Social Security Number, Employer Identification Number, or equivalent tax identification numbers), and ownership or control information for beneficial owners and control persons
  • Politically exposed person (PEP) status and sanctions screening responses
  • Identity verification documents (such as government-issued photo ID) and related verification results

Banking, cards, and financial transactions

We collect Personal Information and details associated with your financial activity on our Services, including:

  • Bank account numbers, routing numbers, counterparty information, ACH, wire, and check payment details
  • Issued card information, transaction data, spending limits, and spend controls
  • Account balances, transfer records, fees, and subscription billing status
  • Fraud, risk, and compliance signals related to financial activity

Customers, invoices, accounting, and documents

  • Customer, vendor, and contact records you create or import into Dino
  • Invoices, bills, transactions, categories, and accounting mappings
  • Receipts, statements, and other files you upload or that we extract from connected sources on your behalf
  • Export and reporting data you request

Communications with us

We may collect Personal Information, such as email address, phone number, or mailing address when you request information about our Services, register for updates, contact customer support, request technical assistance, or otherwise communicate with us.

Surveys and questionnaires

We may contact you to participate in surveys or request that you complete a questionnaire. If you decide to participate, we may collect Personal Information from you in connection with your feedback or responses.

B.Personal information collected automatically

We may collect certain information automatically when you use our Services.

Device, usage, and technical data

  • Internet protocol (IP) address, browser type, browser version, device identifiers, operating system, and log data
  • Pages that you visit before, during, and after using our Services; features you use; timestamps; and diagnostic events
  • Cookies and similar tracking technologies (see below)

Cookies and similar technologies

We, as well as third parties that provide functionality on our Services, may use cookies, pixel tags, and other technologies (collectively, "Technologies") to automatically collect information through your use of our Services.

  • Cookies. Small text files placed in device browsers that store preferences and facilitate your experience.
  • Pixel tags / web beacons. Pieces of code embedded in our Services that collect information about engagement, such as whether you have opened an email or visited a particular page.

Our uses of these Technologies fall into these categories:

  • Strictly necessary. Technologies required to access our Services, identify irregular behavior, prevent fraud, and ensure security.
  • Performance-related. Technologies used to assess performance, measure analytics, and understand how you interact with our Services.
  • Functionality-related. Technologies that enhance functionality, such as recognizing you when you sign in or keeping track of your preferences.

C.Personal information collected from other sources

We may obtain Personal Information about you from other sources, including through third-party services and organizations, in limited circumstances.

  • Banking and financial partners. When you open a banking account or use financial services through the Services, our banking partners (such as Column N.A.) may share account-related information with us as necessary to operate those services.
  • Identity verification and compliance providers. We use third-party identity verification vendors to confirm your identity and screen for fraud, sanctions, and AML compliance by comparing information you provide us to public records and third-party databases.
  • Connected mailbox integrations. If you connect your Gmail or Microsoft Outlook account, we access email metadata and, where you authorize it, message content, strictly limited to what is needed to identify and extract invoices and receipts to support your financial workflows. See Section 10 for additional detail.
  • Financial data connections. You may elect to connect third-party financial data services (such as Plaid, Inc.) to share banking or financial information with our Services. In such cases, both the applicable third-party's privacy policy and this Privacy Policy would apply to the information you authorize to be shared.
  • Other integrations. If you connect third-party applications (such as Slack or accounting platforms) to our Services, we may receive information from those platforms as necessary to operate the relevant integration.

3.How we use your personal information

We use your Personal Information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A.Provide our Services

We use your information to provide you with our Services, including to:

  • Fulfill our contract with you and operate your account
  • Verify identity, onboard businesses, and meet AML, sanctions, and banking partner requirements
  • Process payments, issue and manage cards, initiate transfers, and settle transactions
  • Match receipts and documents, automate bookkeeping workflows, and generate the insights and reports you request
  • Provide access to certain areas, functionalities, and features of our Services
  • Answer requests for customer or technical support
  • Communicate with you about your account, transactions, and activity on our Services, including providing you with information about policy changes
  • Allow you to register for events or partner programs

B.Administrative purposes

We use your information for various administrative purposes, such as:

  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Pursuing our legitimate interests such as direct marketing, research and development, network and information security, and fraud prevention
  • Measuring interest and engagement in our Services
  • Improving, upgrading, or enhancing our Services; and developing new products and features
  • Ensuring internal quality control and safety
  • Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy
  • Debugging to identify and repair errors with our Services
  • Auditing relating to interactions, transactions, and other compliance activities
  • Sharing Personal Information with third parties as needed to provide the Services
  • Enforcing our agreements and policies
  • Carrying out activities required to comply with our legal obligations

C.Marketing and advertising our products and Services

We may use Personal Information to tailor and provide you with content and communications about Dino's products and Services. We may provide you with these materials as permitted by applicable law. If you have any questions about our marketing practices or if you would like to opt out of the use of your Personal Information for marketing purposes, please see Section 5 (Your Privacy Choices and Rights) or contact us at any time.

D.With your consent

We may use Personal Information for other purposes that are clearly disclosed to you at the time you provide Personal Information or with your consent.

E.Other legitimate purposes

We also use your Personal Information for other legitimate business purposes, as requested by you, for legal compliance, loss prevention, anti-fraud purposes, or as otherwise permitted by applicable law. For example, we may use Personal Information to create de-identified or aggregated information to improve the accuracy and security of our Services. We will not attempt to re-identify such information, except as may be required to comply with applicable law.

We do not sell personal information as "sell" is defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not use Gmail, Microsoft, or other third-party API data to develop, improve, or train generalized artificial intelligence or machine learning models.

4.How we may disclose your personal information

We disclose your Personal Information to third parties for a variety of business purposes, including to provide our Services, at your request or with your permission, to protect us or others, or in the event of a major business transaction, as described below.

A.Disclosures to provide our Services

The categories of third parties with whom we may disclose your Personal Information are described below. To the extent we provide Personal Information to our affiliates or service providers, we do so to enable them to process such Personal Information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

Service providers

We work with third-party service providers and vendors that assist us with the provision of our Services. When we disclose information with third-party service providers, we require them to use your information on our behalf in accordance with our instructions and terms. Categories include:

  • Banking and payments: Column N.A. and other banking or card partners; Stripe and payment processors; subscription billing providers
  • Identity and compliance: identity verification, sanctions screening, and fraud detection vendors
  • Cloud and infrastructure: hosting, storage, and database providers
  • Communications: email and notification delivery providers (e.g., Resend)
  • Product integrations: Google, Microsoft, Slack, and accounting platforms you connect
  • Analytics and security: error monitoring and product analytics providers (e.g., Sentry, OpenPanel)
  • AI and document processing: vendors that process content you submit to enable features you request, subject to contractual restrictions
  • Treasury and digital assets: partners described in our Global USD Account and treasury disclosures when you use those products

Affiliates

We may disclose your Personal Information with our company affiliates for our administrative and business purposes, IT management, or for them to provide services to you or support and supplement the Services we provide.

Professional advisors and regulators

In order to provide our Services, we may also disclose your information with our advisors, regulators, tax and other governmental authorities, governmental agencies, and law enforcement agencies to respond to applicable law or regulations, court orders, legal process, or government requests; comply with our reporting and information-sharing obligations; detect, investigate, prevent, or address fraud and other illegal activity; and protect the rights, property, and safety of you, Dino, or others.

B.Disclosures to protect ourselves or others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C.Disclosure in the event of merger, sale, or other asset transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract. We will provide notice to you where required by applicable law.

5.Your privacy choices and rights

Your privacy choices

The privacy choices you may have about your Personal Information are determined by applicable law and are described below.

  • Email communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future promotional emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms of Service or this Privacy Policy).
  • "Do Not Track" / "Global Privacy Control." Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Additionally, some browsers or plug-ins offer a "Global Privacy Control" ("GPC"), which you can learn more about at globalprivacycontrol.org. Please note that we do not respond to or honor DNT signals. However, if we detect a GPC signal from your device, we will interpret it as a request to stop or limit the sale or sharing of Personal Information for certain purposes, depending on the circumstances and law applicable to your jurisdiction.
  • Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly.
  • Connected integrations. You can disconnect Gmail, Microsoft Outlook, and other third-party integrations at any time from within your account settings. Upon disconnection, we will cease accessing new data from those integrations.

Your privacy rights

Depending on where you live, you may be entitled to exercise certain privacy rights related to your Personal Information. If you would like to exercise any privacy rights granted to you under applicable law, please contact us at any time. We will process such requests in accordance with applicable laws and will not discriminate against you for exercising any privacy rights to which you are legally entitled. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request.

  • Right to access and portability of Personal Information about you, including: (i) confirming whether we are processing your Personal Information, and (ii) obtaining access to, or a copy of, Personal Information we may hold about you.
  • Right to request correction of your Personal Information where it is inaccurate, incomplete, or outdated. In some cases, we may provide self-service tools that enable you to update your Personal Information directly.
  • Right to request deletion of your Personal Information when processing is based on your consent or when processing is unnecessary, excessive, or noncompliant, subject to applicable law and our legal obligations (including banking and financial recordkeeping requirements).
  • Right to request restriction of or object to our processing of your Personal Information where the processing is based on our legitimate interest or for direct marketing purposes, including (i) the right to opt out of the sharing of Personal Information, (ii) the right to object to or restrict our use of your sensitive Personal Information, and (iii) the right to opt out of the processing of your Personal Information for targeted advertising and profiling.
  • Right to withdraw your consent to our processing of your Personal Information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal. If you withdraw consent to processing, you may not be able to use aspects of the Services.
  • Right to work with an authorized agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. To designate an agent, please provide written authorization signed by you and contact us for additional instructions.
  • Right to file a complaint. If your Personal Information is subject to certain data protection laws, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your Personal Information violates applicable law.

To submit a privacy request, email support@dino.id with "Privacy Request" in the subject line, and include your state of legal residence, sufficient identifying information, and a clear description of your request.

6.Security of your information

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. We use administrative, technical, and physical measures designed to protect Personal Information against unauthorized access, use, disclosure, alteration, or destruction, including:

  • Encryption in transit (TLS) and at rest
  • Access controls and role-based permissions for employees
  • Regular security assessments and vulnerability management
  • Incident response and breach notification procedures

Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.

7.Retention of personal information

We store the Personal Information we collect as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected. Retention periods vary by data type and applicable legal requirements. In particular, we retain information as necessary to:

  • Provide the Services and maintain your account
  • Meet banking, financial services, and tax recordkeeping obligations under applicable law (which may require retention for five years or longer)
  • Comply with AML, sanctions, and other regulatory requirements
  • Resolve disputes, establish legal defenses, and conduct audits
  • Pursue legitimate business purposes and enforce our agreements

When we no longer have a legitimate business or legal need to retain Personal Information, we will delete or anonymize it. You may request deletion subject to our legal obligations to retain certain records, as described in Section 5.

8.International data transfers

We are based in the United States. All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer Personal Information which originates in the European Economic Area (EEA), Switzerland, or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), as supplemented by country-specific annexes where applicable, or other mechanisms recognized under applicable law.

If you access the Services from outside the United States, you consent to the transfer of your information to the United States and other countries where we and our service providers operate.

10.Google and Microsoft user data

Dino's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Gmail or Microsoft Outlook account to Dino, we access your mailbox data solely to identify and extract invoices, receipts, and related financial documents to help you manage your business finances. We handle your data as follows:

  • We use mailbox data only to provide the receipt and invoice extraction features you have requested, not for advertising or any purpose unrelated to your financial workflows.
  • We do not sell mailbox data to third parties.
  • We do not use mailbox data to develop, improve, or train generalized AI or machine learning models.
  • We access only the minimum data necessary to provide the features you have enabled.
  • You can disconnect your Gmail or Microsoft integration at any time from your account settings. Upon disconnection, we will stop accessing new data from those integrations.

11.Children's information

Our Services are designed for businesses and business users and are not directed to persons under 18 years of age. We do not knowingly collect Personal Information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with their Personal Information without your consent, please contact us at support@dino.id. We will delete any Personal Information we may have inadvertently collected from your child unless we have a legal obligation to keep it.

12.Changes to this policy

We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law — for example, by posting a notice in the Services dashboard, sending an email to the address associated with your account, or updating the "Last Updated" date at the top of this page.

You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13.Contact us

Dino Technologies, Inc. is the controller of the Personal Information we process under this Privacy Policy. If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise your rights as detailed in this Privacy Policy, please contact us:

Dino Technologies, Inc.

1200 Brickell Avenue, Suite 1950

Miami, FL 33131

United States

Email: support@dino.id (include "Privacy Request" in the subject line)

14.California privacy rights (CCPA / CPRA)

This section provides additional disclosures required by California law, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and applies to residents of California and, where feasible, we extend equivalent rights to all U.S. users.

Categories of personal information collected (last 12 months)

CategoryExamplesDisclosed to
IdentifiersName, email, phone, IP address, device ID, account IDAffiliates, service providers, banking partners, government entities when required by law
California customer recordsName, address, SSN/EIN, bank account, credit/debit card informationService providers, banking partners, business partners
Protected characteristicsAge (for PEP status and onboarding), national origin where requiredService providers and compliance vendors
Commercial informationTransaction history, account balances, invoices, spending dataService providers, banking partners
Financial informationBank account and routing numbers, card data, payment informationBanking partners, payment processors, compliance vendors
Internet / network activityPages visited, features used, log data, cookiesAnalytics providers, infrastructure vendors
Professional / employment informationBusiness role, company affiliation, beneficial owner statusCompliance vendors, banking partners
Sensitive personal informationGovernment IDs (SSN, EIN, passport), financial account credentials, login credentialsIdentity verification vendors, banking partners
InferencesPreferences and risk profiles derived from the above to provide featuresInternal use; fraud and compliance vendors

Sources of personal information

We collect Personal Information directly from you when you interact with us, automatically when you use our Services (for example through cookies and other online technologies), and from third parties such as banking partners, identity verification providers, and integrations you authorize.

Business purposes for collecting personal information

We collect Personal Information to:

  • Provide our Services to you
  • Meet AML, KYC/KYB, banking regulatory, and legal compliance obligations
  • Prevent fraud, ensure security, and protect our platform
  • Communicate with you and provide customer support
  • Improve and develop our Services
  • Marketing and advertising our Services, with opt-out rights

Your California rights

  • Right to know. You have the right to know what Personal Information we collected, used, disclosed, sold, or shared about you over the past 12 months.
  • Right to delete. You have the right to request deletion of Personal Information we collected from you, subject to legal exceptions (including our banking and financial recordkeeping obligations).
  • Right to correct. You have the right to request correction of inaccurate Personal Information we maintain about you.
  • Right to opt out. We do not sell or share Personal Information for cross-context behavioral advertising. No opt-out is required because we do not engage in such activities.
  • Right to limit sensitive personal information. You have the right to request that we limit our use and disclosure of sensitive Personal Information to purposes permitted by the CPRA. We use sensitive Personal Information only to provide the Services, prevent fraud, ensure security, and comply with law.
  • Right to non-discrimination. We will not discriminate against you for exercising any of the rights described in this section.

Authorized agents

Agents may submit requests on your behalf by providing written authorization signed by you and proof of their authority to act on your behalf. We may require direct verification from you as well. To submit a California privacy request, email support@dino.id with "California Privacy Request" in the subject line. We will respond within the timeframes required by the CCPA and CPRA.

California "Shine the Light"

The California "Shine the Light" law permits California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year. Dino does not disclose Personal Information to third parties for their independent direct marketing purposes.

15.U.S. Consumer privacy notice

This notice is provided to consumers who use Dino's banking, card, or payments products in accordance with federal financial privacy law requirements.

What does Dino do with your personal information?

Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully.
What?
The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and transaction history; account balances and payment history; and checking account and business financial information.
How?
All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Dino chooses to share; and whether you can limit this sharing.
Reasons we can share your personal informationDoes Dino share?Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes — to offer our products and services to youYesNo
For joint marketing with other financial companiesYesNo
For our affiliates' everyday business purposes — information about your transactions and experiencesYesNo
For our affiliates' everyday business purposes — information about your creditworthinessNoWe don't share
For our affiliates to market to youNoWe don't share
For nonaffiliates to market to youNoWe don't share

Definitions

  • Affiliates. Companies related to Dino by common ownership or control. Our affiliates may include companies that provide complementary financial technology services.
  • Nonaffiliates. Companies not related to Dino by common ownership or control. Dino does not share with nonaffiliates so they can market to you.
  • Joint marketing. A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Our joint marketing partners may include other financial services companies or banks.

How does Dino protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards, encrypted data transmission, secured facilities, and access controls.

How does Dino collect my personal information?

We collect your personal information, for example, when you:

  • Open an account or provide account information
  • Use your business card, initiate a transfer, or give us your contact information
  • Tell us who receives the money or tell us where to send the money

We also collect your personal information from our banking partners, identity verification providers, and other companies with which we work.

Questions?

Contact us at support@dino.id or visit dino.id.

← Legal·Terms of Service·Disclosures