Privacy Policy
Last updated: 9 June 2026
This Privacy Policy explains how Typito, Inc. (operating the brand "Typito.ai" — "we", "us", "our") collects, uses, and protects your information when you use Dunphy and the website at dunphy.typito.com. Dunphy is a product of Typito, Inc.
If you have questions about this policy, email us at dunphy@typito.ai.
1. Who we are
Typito, Inc., a Delaware corporation operating the brand "Typito.ai", operates Dunphy and the website at dunphy.typito.com. We are the data controller for personal data we collect through these services.
- Brand: Dunphy (a product of Typito.ai)
- Operating entity: Typito, Inc. (a Delaware corporation)
- Registered address: Claymont, Delaware, USA (full registered-agent address available on request)
- Contact: dunphy@typito.ai
2. Information we collect
A. Information you provide directly
When you interact with our forms or contact us, we collect:
- Early Access requests: your name, email address, and (optionally) phone number. We also record which CTA you clicked and the page you were on when you submitted (for attribution).
- Email subscriptions: your email address and the surface you subscribed from (e.g., a blog post, a free tool).
- Direct correspondence: anything you send us via email, including any attachments.
B. Information collected automatically
When you visit dunphy.typito.com, our hosting provider (Vercel) logs:
- IP address
- Browser type and version (User-Agent)
- Request paths and timestamps
- Referrer URL
These logs are retained on a rolling 30-day basis for security, debugging, and abuse prevention.
We use a minimal set of cookies strictly necessary for site operation (e.g., authentication on staging environments). As of the date of this policy, we do not use analytics, advertising, or marketing cookies on production surfaces.
C. Information from third parties
We do not currently purchase or import personal data about you from third-party sources.
3. How we use your information
We use the information described above to:
- Notify you about Dunphy product availability, Early Access status, and product launches
- Send you content you have subscribed to (e.g., blog updates, free tool launches), segmented by the surface where you subscribed
- Respond to your inquiries
- Detect, prevent, and address security incidents, fraud, and abuse
- Comply with our legal obligations
We do not use your information for:
- Behavioral advertising or ad targeting
- Automated decision-making with legal effects on you
- Sale to third parties
4. Sharing your information
We share information only with the following categories of service providers, and only as necessary to operate the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Vercel Inc. (USA) | Hosting, edge serving, serverless functions | IP address, request metadata, environment variables |
| Neon Inc. (USA) | Managed Postgres database | All form submissions stored in our database |
| Resend (USA) | Transactional email delivery | Recipient email + email content |
| Google LLC (USA) | Maps & Places API (for relevant features), Google Cloud Storage (media assets) | Approximate location signals; public media URLs |
Each of these providers has its own privacy policy and contractual data-protection obligations to us.
We do not share or sell your information to advertisers, data brokers, or unrelated third parties.
We may disclose information if required to do so by law, valid legal process, or in good-faith belief that disclosure is necessary to protect rights, property, or the safety of us, our users, or the public.
5. Cookies and similar technologies
We use only the cookies that are strictly necessary for site operation:
- Session and CSRF cookies issued by our authentication framework (NextAuth) — used on staging environments only to limit access to draft content
- Hosting platform cookies set by Vercel for routing and security
We do not currently use analytics, advertising, or marketing cookies on production surfaces. When we introduce analytics or third-party tracking, we will update this policy and (where required by law) request your consent before setting non-essential cookies.
6. Data retention
| Data category | Retention period |
|---|---|
| Early Access requests | Until you request deletion, or until the product reaches general availability and we no longer need the data for waitlist management — whichever is later |
| Subscriber emails | Until you unsubscribe. Every email we send includes a one-click unsubscribe link. |
| Server logs | Rolling 30 days |
| Database backups | Up to 90 days |
Following deletion, residual copies may persist in backups until those backups expire on the schedule above.
7. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data (the "right to erasure" / "right to be forgotten")
- Restrict or object to certain processing
- Receive your data in a portable format
- Withdraw consent for processing where consent is the legal basis
- Lodge a complaint with your local data protection authority
Specifically:
- EEA / UK residents have rights under the GDPR and UK GDPR
- California residents have rights under the CCPA / CPRA
- Indian residents have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act)
To exercise any of these rights, email dunphy@typito.ai. We will respond within the timeframes required by applicable law (typically within 30 days).
8. Children's privacy
Dunphy is not directed at children. We do not knowingly collect personal data from individuals under the age of 18. (Local thresholds may differ — 13 in the United States under COPPA, 16 in many EEA Member States under GDPR, 18 in India under the DPDP Act — and we apply the most protective threshold applicable to you.) If you believe a child has provided us with personal data, please contact us and we will delete it.
9. International data transfers
Your data may be processed in countries other than your own, including the United States, where our primary infrastructure providers (Vercel, Neon, Resend, Google) are located. Where required by applicable law, we rely on Standard Contractual Clauses or equivalent legal mechanisms for cross-border transfers.
10. Security
We implement reasonable technical and organizational measures to protect your data, including:
- HTTPS / TLS for all data in transit
- Encryption at rest for database storage (provided by Neon)
- Access controls and least-privilege principles for our team
- Secret rotation and audit logging
- Regular security review
No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and relevant authorities within the timeframes required by applicable law.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated to you via email (if we hold your email) and/or via a prominent notice on dunphy.typito.com.
12. Contact us
For questions about this policy or about how we handle your data:
- Email: dunphy@typito.ai
- Postal: Typito, Inc., Claymont, Delaware, USA (full registered-agent address available on request via the email above)
A Data Protection Officer is not currently required given our size and processing volume. EEA/UK residents may contact our general counsel via the email above for data-protection inquiries; we will respond within the timeframes required by GDPR.