Summary: DiversusPro LLC ("DiversusPro," "we," "us," or "our") collects only the data necessary to provide our services, never sells your personal information, and gives you full control over your data. This policy applies to all visitors and registered users of diversuspro.com and related subdomains.
1. Data Controller Identity
DiversusPro LLC is the data controller responsible for your personal information.
Business Name: DiversusPro LLC
Registered State: Kentucky, United States
Email: legal@diversuspro.com
Website: https://diversuspro.com
For all privacy-related inquiries, data access requests, or complaints, contact us at the address above. We will respond within 30 days.
2. Information We Collect
We collect information in three ways: information you provide directly, information collected automatically, and information from third-party services.
2.1 Information You Provide
| Category | Data Elements | When Collected |
|---|---|---|
| Account Registration | Full name, business name, email address, password (hashed — never stored in plain text) | When you create an account |
| Contact Inquiries | Name, email address, service interest, message content | When you submit our contact form |
| Billing Information | Payment card details, billing address, VAT/tax ID (if applicable) | When you purchase a subscription or one-time build. Processed by Stripe — we do not store full card numbers on our servers. |
| Client Data | Client names, domains, invoices, and project details you upload or enter | While using the platform dashboard |
| Communications | Emails, support tickets, and chat transcripts | When you contact our support team |
2.2 Information Collected Automatically
| Category | Data Elements | Purpose |
|---|---|---|
| Log Data | IP address, browser type and version, operating system, referring URL, pages visited, timestamps | Security, fraud prevention, debugging |
| Session Data | Session token (stored server-side, httponly cookie — not accessible to JavaScript), idle timeout enforced at 2 hours | Authentication, session security |
| Usage Analytics | Feature usage, click patterns, dashboard interactions | Product improvement |
| Performance Data | Page load times, API response times, error rates | Service reliability |
2.3 Information from Third Parties
- Stripe: When you pay, Stripe provides us a tokenized representation of your payment method and a transaction confirmation. We do not receive or store full card numbers.
- Email Service: Delivery status notifications (bounce, open — if tracked) for transactional emails.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the platform | Account data, client data, session data | Performance of contract (Art. 6(1)(b)) |
| Process payments and issue invoices | Billing information, account data | Performance of contract (Art. 6(1)(b)) |
| Send transactional emails (receipts, password resets, alerts) | Email address, account data | Performance of contract (Art. 6(1)(b)) |
| Send service announcements and product updates | Email address | Legitimate interest (Art. 6(1)(f)); you may opt out at any time |
| Security, fraud detection, and abuse prevention | Log data, IP addresses, session data | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance and tax obligations | Billing data, account data | Legal obligation (Art. 6(1)(c)) |
| Improve and develop the platform | Aggregated/anonymized usage analytics | Legitimate interest (Art. 6(1)(f)) |
| Respond to support inquiries | Communications, account data | Performance of contract (Art. 6(1)(b)) |
We do not use your data for automated decision-making or profiling that produces legal effects concerning you.
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Stripe, Inc. | Payment data, billing address, email | Payment processing. Stripe is PCI DSS Level 1 certified. |
| Email Provider (SMTP) | Recipient email address, message content | Transactional email delivery (receipts, alerts, password resets) |
| Hosting / Infrastructure | All platform data (encrypted at rest) | Server infrastructure for platform operation |
| Law Enforcement / Legal Authorities | As legally required | Compliance with valid court orders, subpoenas, or applicable law. We will notify you unless prohibited by law. |
| Business Transfers | All data held at time of transfer | In the event of a merger, acquisition, or sale of assets. You will be notified via email and/or prominent notice at least 30 days prior. |
All third-party service providers are bound by data processing agreements (DPAs) that prohibit them from using your data for any purpose other than providing services to us.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data (active users) | Duration of account + 90 days post-deletion | Allows reinstatement; grace period for disputes |
| Billing records and invoices | 7 years from transaction date | IRS and accounting requirements |
| Server log data | 90 days rolling | Security monitoring; fraud investigation |
| Support communications | 3 years from last interaction | Quality assurance; dispute resolution |
| Contact form submissions | 2 years | Business follow-up; dispute resolution |
| Anonymized/aggregated analytics | Indefinite | No personal data retained; used for product insights |
After applicable retention periods, data is permanently deleted or irreversibly anonymized.
6. Security Measures
We implement industry-standard technical and organizational security measures, including:
- Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2+ (HTTPS enforced site-wide).
- Password hashing: Passwords are hashed using bcrypt (cost factor 12) before storage. We never store plain-text passwords.
- Session security: Session tokens are httponly, SameSite=Strict, Secure-flagged cookies with a 2-hour idle timeout. Session IDs are rotated on login to prevent fixation attacks.
- CSRF protection: All state-changing requests require a validated CSRF token.
- Payment security: Card data is handled exclusively by Stripe's PCI DSS Level 1-certified infrastructure. We use tokenization and never process raw card numbers on our servers.
- Access controls: Internal data access is role-based and limited to personnel with a legitimate business need.
- Database security: Direct HTTP access to database files is blocked at the server level.
Despite these measures, no system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable supervisory authorities within 72 hours of becoming aware, as required by applicable law.
7. Cookies and Tracking Technologies
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
| dp_session | Strictly Necessary | Authenticates logged-in users; maintains session state. Httponly, Secure, SameSite=Strict. | Session (expires on browser close or after 2 hours of inactivity) |
| Analytics cookies (if enabled) | Performance | Aggregated, anonymized usage statistics for product improvement | Up to 12 months |
Strictly necessary cookies cannot be disabled as they are required for the platform to function. For non-essential cookies, you may manage preferences through your browser settings. Disabling non-essential cookies will not affect platform functionality.
8. Your Privacy Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Email legal@diversuspro.com with subject "Data Access Request" |
| Rectification | Correct inaccurate or incomplete personal data | Update in dashboard Settings, or email us |
| Erasure ("Right to be Forgotten") | Request deletion of your personal data, subject to legal retention requirements | Email legal@diversuspro.com with subject "Data Deletion Request" |
| Portability | Receive your data in a structured, machine-readable format (JSON/CSV) | Email legal@diversuspro.com with subject "Data Export Request" |
| Restriction | Request that we restrict processing of your data while a dispute is resolved | Email legal@diversuspro.com |
| Objection | Object to processing based on legitimate interest | Email legal@diversuspro.com |
| Withdraw Consent | Where processing is based on consent, withdraw at any time without affecting prior lawful processing | Email legal@diversuspro.com or use in-app settings |
We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing your request. There is no charge for reasonable requests; excessive or repetitive requests may incur a reasonable fee.
California Residents (CCPA/CPRA): California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and sold, the right to opt out of sale (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. To exercise these rights, contact us at legal@diversuspro.com.
EU/EEA Residents (GDPR): If you believe we have processed your data unlawfully, you have the right to lodge a complaint with your local supervisory authority. In the EU, you may contact the data protection authority in your Member State.
9. International Data Transfers
DiversusPro is based in the United States. If you access our services from outside the United States, your data will be transferred to and processed in the United States. We rely on the following safeguards for international transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third-party processors.
- Stripe's Privacy Shield certification and DPA for payment data.
By using our services, you acknowledge that your data may be transferred to and processed in the United States, where data protection laws may differ from those in your country.
10. Children's Privacy
DiversusPro services are intended for business use by individuals 18 years of age or older. We do not knowingly collect personal information from children under 13 (or 16 in the EU). If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will delete that information promptly. If you believe we have collected information from a child, contact us at legal@diversuspro.com.
11. Third-Party Links and Services
Our platform may contain links to third-party websites or integrate with third-party services (e.g., client websites you manage through DiversusPro). This Privacy Policy does not apply to those third-party sites or services. We are not responsible for the privacy practices of third parties and encourage you to review their policies before sharing personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before the changes take effect.
- Display a prominent notice on the platform dashboard.
Continued use of our services after the effective date constitutes acceptance of the updated policy. If you do not agree with material changes, you may delete your account before they take effect.
13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
DiversusPro LLC — Privacy Team
Email: legal@diversuspro.com
Website: https://diversuspro.com/privacy.html
We aim to respond to all privacy inquiries within 30 days. For urgent matters involving a data breach or imminent harm, please mark your email subject "URGENT."