Skip to main content

Privacy Policy

Last updated: February 28, 2026

1. Introduction

DabDash is operated by Shadow Software LLC ("Company", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the DabDash platform (the "Service"), including our marketing website at dabdash.com, vendor admin dashboards, and customer-facing storefronts. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

  • Vendor account data: Name, email address, business name, store slug, and password when you register
  • Store configuration: Products, pricing, delivery zones, inventory settings, branding preferences (logo, colors, fonts), and storefront content
  • Customer order data: Customer names, delivery addresses, phone numbers, and order details submitted through your storefront
  • Communications: Messages sent through our contact form or support channels

Information Collected Automatically

  • Usage data: IP address, browser type, operating system, referring URLs, pages visited, and session duration
  • Geolocation data: Approximate location derived from IP address, used for automatic delivery zone detection on storefronts
  • Marketing analytics: Anonymized browsing data on dabdash.com (our marketing site only) via Google Analytics

Information We Do NOT Collect

  • Credit card numbers or full payment card details (handled entirely by Stripe)
  • Customer payment information for storefront orders (DabDash storefronts use cash-on-delivery only)
  • Social Security numbers or government-issued identification

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process vendor subscription payments and send billing communications
  • Operate your storefront and process customer orders on your behalf
  • Detect delivery zones based on customer location
  • Send technical notices, security alerts, and support messages
  • Respond to contact form submissions and support requests
  • Monitor platform usage trends and improve features
  • Detect and prevent fraudulent activity or abuse of the Service

4. Vendor Responsibilities (Data Controller)

As a Vendor using DabDash, you are the data controller for all customer data collected through your storefront (customer names, addresses, phone numbers, order history). DabDash acts as a data processor on your behalf.

You are responsible for:

  • Complying with applicable privacy laws regarding your customers' personal data
  • Providing your customers with appropriate privacy notices
  • Responding to customer data access, correction, or deletion requests
  • Ensuring age verification compliance in your jurisdiction

5. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We share data only with service providers that perform essential services on our behalf (see Section 6). We will disclose information if required to do so by law or in response to a valid legal request (subpoena, court order, or government investigation).

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Stripe — Vendor subscription payment processing (PCI DSS Level 1 certified). Stripe Privacy Policy
  • Cloudflare — CDN, DDoS protection, and SSL/TLS services
  • Google Analytics — Anonymized website analytics on dabdash.com marketing pages only (not on vendor dashboards or customer storefronts)
  • MaxMind GeoIP — IP-based geolocation lookup for automatic delivery zone detection (processed locally, no customer data is sent to MaxMind)
  • OpenStreetMap — Map tiles for the delivery zone editor (no personal data transmitted)

7. Payment Processing

Vendor subscription payments are processed exclusively by Stripe, a PCI DSS Level 1 certified payment processor. DabDash never receives, stores, or has access to your full credit card information. We store only:

  • Stripe customer ID (to manage your subscription)
  • Subscription status and billing period
  • Email address for billing communications

Customer orders on vendor storefronts use cash-on-delivery — no online payment processing occurs through the platform for customer transactions.

8. Data Retention

We retain your account and storefront data for as long as your account is active. If you cancel your subscription, your data is preserved in case you resubscribe. If you delete your account, we retain your data for 30 days before permanent deletion, unless required to retain it longer by law. You may request an export of your data at any time.

9. Security

We implement industry-standard security measures to protect your information, including TLS encryption for all data in transit, encrypted database connections, secure password hashing (bcrypt), CSRF protection on all forms, and rate limiting on authentication endpoints. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies

We use cookies for the following purposes:

  • Essential cookies: Session management, CSRF protection, authentication state
  • Functional cookies: Delivery zone selection, cart contents, storefront preferences
  • Analytics cookies: Google Analytics on dabdash.com marketing pages only

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in or placing orders.

11. Your Rights

All users may:

  • Access and review your personal data by logging into your account
  • Correct inaccurate information through your account settings
  • Request deletion of your account and associated data
  • Request a portable copy of your data (CSV/JSON export)
  • Opt-out of non-essential communications

To exercise any of these rights, contact us at [email protected].

12. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation:

  • Right to Access — Request a copy of your personal data
  • Right to Rectification — Request correction of inaccurate data
  • Right to Erasure — Request deletion of your data ("right to be forgotten")
  • Right to Restriction — Request we limit processing of your data
  • Right to Portability — Request transfer of your data to another service
  • Right to Object — Object to processing based on legitimate interests
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent

Legal Basis for Processing: We process your data based on contractual necessity (to provide the Service you subscribed to), legitimate interests (platform security, fraud prevention, service improvement), and consent (marketing communications, if opted in).

To exercise these rights, please contact us. We will respond within 30 days.

13. CCPA Compliance (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know — Request disclosure of the personal information we collect, use, and disclose
  • Right to Delete — Request deletion of your personal information
  • Right to Opt-Out — Opt-out of the sale of personal information
  • Right to Non-Discrimination — Equal service and pricing regardless of your privacy choices

Categories of personal information collected: Identifiers (name, email, business name), commercial information (subscription tier, billing history), and internet activity (usage analytics, IP address). We do not sell your personal information.

14. Age Requirement

The Service is intended for users who are at least 21 years of age. We do not knowingly collect personal information from anyone under 21. If you believe we have inadvertently collected data from a person under 21, please contact us immediately and we will delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the new policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact Shadow Software LLC at [email protected] or through our contact form.