This Privacy Policy describes how Dialo ("Dialo", "we", "us") handles information when you use the website at dialo.app and the associated services (the "Service"). Dialo is operated by maybethis. If you have any questions, write to us at hello@dialo.app.
What Dialo is
Dialo lets you compile your social links, contact details, and crypto wallets into a personal page that you can share through a short link or a QR code. Public pages are reachable at dialo.app/your-name and are intended to be seen by other people. Profile owners may also enable an AI assistant that chats with visitors on their behalf to screen inbound messages and, optionally, book meetings.
Information we collect
Account information
To sign in, we use a passwordless magic-link flow. You provide an email address, and we send a one-time link to that address. We store your email so we can authenticate you, send transactional messages, and contact you about your account. No password is ever set or stored.
Profile information you provide
When you create and edit your profile, we store the information you enter, including:
- username (publicly visible at
dialo.app/your-name) - full name, occupation, and short bio ("about")
- avatar image (stored in a public Supabase Storage bucket)
- links you add to your page (label and value, such as social handles, phone numbers, email addresses, websites, and crypto wallet addresses)
- design preferences for your page
- notification preferences (whether you opt in to product and marketing emails)
- discoverability preferences (whether your page appears on the public People feed, and whether search engines may index it)
- agent settings (whether the AI assistant is enabled, its name and greeting, your screening brief, and category weights that tell the assistant which kinds of messages matter to you)
- onboarding progress and similar account flags
Anything you put on your profile is published on a public URL by default. Please do not upload information you do not want other people to see.
Subscription and payment information
If you upgrade to Pro, payment is processed by Stripe. We do not see or store your card details. We receive and store a Stripe customer identifier, the email associated with your subscription, and the subscription status so we can grant or revoke Pro features.
Feedback
If you send feedback through the app, we store the text you submit along with your user id, username, and email so we can follow up.
Visitor analytics on Pro pages
If a profile owner is a Pro subscriber, we collect a small amount of information about visits to that public page so the owner can see basic traffic stats. For each pageview or link click we record:
- a daily, salted SHA-256 hash derived from a secret salt, the day, the profile owner's id, the visitor's IP address, and the visitor's User-Agent header. The raw IP address is not stored, and the hash rotates every UTC day
- country and (best-effort) city derived from request headers
- browser, operating system, and platform parsed from the User-Agent
- the referring URL (normalised) and the path visited
- for link clicks, the link's id, label, and destination value
Each profile owner can only see analytics for their own profile. We do not collect analytics for non-Pro profiles.
AI assistant ("AI concierge")
Profile owners may enable an AI assistant that chats with visitors on their page to understand what the visitor wants and pass the message along. If a page you visit has the assistant enabled, the following information is sent to Anthropic, PBC to generate the assistant's replies:
- the messages you type into the assistant
- recent conversation history (up to the last 20 messages)
- the page owner's public profile facts (name, occupation, short bio) and the owner's private screening brief
- if you are signed in to Dialo, your full name so the assistant knows it does not need to ask who you are
We do not send the owner's private contact details (their email, phone, links, etc.) to the AI. The model used is currently Claude Haiku 4.5 from Anthropic; the model may change over time.
The following information is stored by Dialo (not by Anthropic):
- the full transcript of the conversation (your messages and the assistant's replies), visible only to the page owner
- if the assistant decides you are a qualified lead, the structured summary it produces: the name, email, phone number, links, or Dialo username you shared, plus a one-line "intent", a category (such as recruiting, sales, collaboration, personal, support, spam, other), an urgency level, and a short summary
- the visitor hash described in the section above
- if you are a signed-in Dialo user, a link from the conversation to your profile id, so the owner can recognise you
When the assistant captures a lead, the page owner receives an email with the captured details. Conversations are subject to rate limits to prevent abuse (a single visitor can start at most a small number of new conversations with a given owner per calendar month).
Visitor email and phone verification
If the assistant captures your email or phone number, we may send a one-time 6-digit code to that address or number so we can confirm it before passing the lead to the page owner. We store only a SHA-256 hash of the code (not the code itself), the number of attempts, and an expiry timestamp, and we delete code rows once they are consumed or expired. Signed-in Dialo users whose verified account email matches the captured email skip this step.
Meeting bookings via Google Calendar
If a page owner has connected their Google Calendar to Dialo, the assistant can propose meeting times and book them. To do this we ask the owner to grant Dialo access to:
- read the owner's Google Calendar to check their availability (
calendar.readonly), so the assistant only proposes times when the owner is actually free - create calendar events on their behalf (
calendar.events) when a visitor confirms a slot - their Google account email (
userinfo.email) so we can show which Google account is connected
OAuth refresh and access tokens are encrypted at rest. If the owner disconnects the integration, the tokens are deleted. If you are a visitor booking a meeting, the calendar event created on the owner's calendar will include the contact details you shared (such as your name and email).
Replying to leads from your Gmail
If a page owner connects Gmail to Dialo, the owner can send replies to a captured lead directly from their own Gmail address through the app. To do this we ask the owner to grant the send-only Gmail scope (gmail.send) and their Google account email (userinfo.email). This scope only lets Dialo send a message that the owner composes and approves; it does not allow Dialo to read, search, modify, or delete anything in the owner's mailbox. We do not store the content of sent messages beyond the conversation record in the owner's Dialo inbox. If the owner disconnects Gmail, the stored tokens are deleted.
Transactional and notification email
We use Resend to deliver transactional email (sign-in links, lead notification emails to owners, verification codes, account-related messages). Product and marketing email is opt-in and you can change your preferences at any time.
Error and performance monitoring
We use Sentry to catch errors and Vercel Analytics and Speed Insights to understand how the site performs and how it is used in aggregate. These tools may receive information such as your IP address, browser, page URL, timestamps, and (for errors) a stack trace and breadcrumbs of recent actions. We use this only to keep the Service working.
Google API Services User Data Policy
Dialo's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
The Google user data Dialo accesses (calendar events and availability, the send-only Gmail capability, and your Google account email) is used only to provide and improve the features you turn on: proposing and booking meetings on your calendar, and sending replies you compose from your own address. Specifically, we do not:
- use Google user data for advertising;
- transfer or sell Google user data to others, except as needed to provide these features, to comply with applicable law, or as part of a merger or acquisition with appropriate notice;
- allow humans to read your Google user data, unless you give specific consent, it is necessary for security or to comply with the law, or the data has been aggregated and anonymised.
You can revoke Dialo's access at any time by disconnecting the integration in your settings or from your Google Account permissions.
Cookies and local storage
Dialo uses first-party cookies and similar local storage to keep you signed in (via Supabase's session cookies) and, on certain pages, to support Vercel Analytics and Speed Insights. We do not use third-party advertising cookies and we do not sell tracking data to advertisers.
How we use information
- to run the Service (authenticate you, save your profile, render your page)
- to process subscriptions through Stripe and grant Pro features
- to send transactional emails (sign-in links, account messages, lead notifications, verification codes)
- to send product or marketing emails only if you have opted in during onboarding or in your settings
- to provide Pro subscribers with analytics about their own page
- to power the AI assistant and the meeting-booking flow when an owner has enabled them
- to detect, prevent, and respond to abuse, fraud, and security incidents
- to comply with legal obligations
Service providers we share information with
We rely on a small number of vendors who process data on our behalf:
- Supabase – stores accounts, profiles, links, uploaded avatar images, agent conversations, and integration tokens, and handles authentication
- Stripe – processes subscription payments and stores billing information
- Resend – delivers transactional email (sign-in links, lead notifications, verification codes)
- Vercel – hosts the site and provides Analytics and Speed Insights
- Sentry – captures application errors for debugging
- Anthropic – generates responses for the AI assistant on pages where the owner has enabled it
- Google – when an owner connects Google Calendar or Gmail, we call the Google Calendar API to check availability and create or update events, and the Gmail API to send replies the owner composes, on their behalf
Each of these providers has its own privacy policy. We do not sell your personal information.
Links to third-party destinations
Your Dialo page can contain links you add to other services (for example Instagram, Twitter/X, Telegram, websites, mailto and tel links, crypto wallet addresses). When a visitor follows one of those links, they leave Dialo and become subject to the destination's own privacy practices, which we do not control.
Some features fetch information from public URLs you supply (for example, retrieving recent Instagram thumbnails for display). Those requests are made server-side from Dialo's infrastructure.
Your choices and rights
- Edit or remove content. You can update or delete the information on your profile at any time from your account settings.
- Hide your page. You can opt out of the public People feed and ask search engines not to index your page from your settings.
- Disable the assistant. You can turn the AI assistant off in your agent settings at any time. Past conversations remain in your inbox until you delete them.
- Disconnect Google. You can disconnect a Google integration from your settings; this removes the stored OAuth tokens.
- Opt out of marketing email. Product and marketing email is opt-in. You can change your preferences at any time.
- Cancel Pro. You can cancel your subscription through the Stripe customer portal accessible from the app.
- Delete your account. You can request account deletion from your settings or by emailing hello@dialo.app from the address on file. Deletion removes your profile, links, avatar, agent conversations, integration tokens, and analytics data. Some records may be retained where we are required to keep them (for example, billing records).
Depending on where you live, you may have additional rights under laws such as the GDPR (right of access, rectification, erasure, restriction, objection, portability) or the CCPA (right to know, delete, and opt out of sale). You can exercise any of these rights by writing to hello@dialo.app.
International transfers
Dialo and its service providers operate in multiple regions. By using the Service you understand that your information may be stored and processed in countries other than the one where you live, including the United States and the European Union.
Security
We use industry-standard measures to protect your data, including encryption in transit, row-level security in the database, signed session cookies, encrypted OAuth tokens at rest, and hashing rather than plaintext storage for short-lived verification codes. No system is completely secure; we cannot guarantee that unauthorised access will never occur.
Retention
We keep your account data for as long as your account is active. If you delete your account, we delete your profile and associated content within a reasonable period, except where retention is required by law or for legitimate business reasons such as billing records. Verification codes are deleted on consumption or expiry.
Children
Dialo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top of this page. Material changes will be announced via email or a notice in the app.
Contact
Questions, requests, or concerns about this policy? Email hello@dialo.app.