LEGAL · PRIVACY POLICY

We don't share what isn't ours to share.

This Privacy Policy explains what personal data dyne digital ("dyne", "we", "us") collects when you use the dyne platform, the Pulse product, our marketing properties at dynenow.com, and any related services (together, the "Services") — and what we do with it.

EFFECTIVE · 12 JANUARY 2026LAST UPDATED · 02 MAY 2026V3.0

01Who we are

dyne is operated by dyne digital ("dyne"), with registered offices in Dubai (United Arab Emirates), Riyadh (Kingdom of Saudi Arabia), and 6th of October (Arab Republic of Egypt).

We are the data controller for the personal data of restaurant owners, operators, staff, and prospects who interact with the dyne platform, Pulse, or our marketing properties. We are typically a data processor on behalf of our restaurant customers when we handle data about their guests (diners) — see Section 04 for that distinction.

02What we collect

We collect the following categories of personal data:

IDENTITY & CONTACT

Name, role, work email, phone number, and the brand/group you operate.

ACCOUNT & DEVICE

Login timestamps, IP address, device type, browser, and authentication tokens.

TRANSACTIONAL

Order data, payment metadata (we do not store full card numbers — see Section 05), reservation details, and shift logs you process through dyne.

COMMUNICATION

Messages you send through Pulse on WhatsApp, email, or in-app chat. Voice notes are transcribed and the audio is discarded inside 30 days.

USAGE

Pages viewed, features used, response time, and Pulse query history. We use this to make the AI brain smarter for your room.

03How we use it

We use personal data for six purposes:

01

To run the Services you signed up for — payments, analytics, Pulse, the AI brain, customer concierge.

02

To make Pulse smarter for your room. Network benchmarks are computed across anonymized peer sets — never on identifiable customer data.

03

To send you transactional messages (receipts, security alerts, the morning brief) and — only if you opt in — marketing emails.

04

To meet legal obligations under UAE Federal Decree-Law 45 of 2021, KSA PDPL, Egypt Law 151 of 2020, and the AML/CFT regimes that apply to a payments-licensed business.

05

To prevent fraud, abuse, and misuse of the Services — including monitoring for anomalous transaction patterns.

06

To improve dyne and Pulse — bug fixes, performance, model evaluation. We never train AI models on personally identifiable customer data.

04Controller vs processor

When you use dyne to take a payment from a guest, send a reservation confirmation, or run a loyalty campaign, your restaurant is the data controller for that guest's data. We act as a processor under your instructions, governed by the Data Processing Addendum that's part of every dyne Master Services Agreement.

When the same person creates a dyne account, books a demo, or signs up for Pulse — that data is processed by us as controller. The two relationships are kept separate by design.

05Payments & cardholder data

dyne is PCI DSS Level 1 compliant. Card numbers are tokenized at the payment processor (Geidea, Paymob, Network, Mastercard Payment Gateway, APS — depending on your stack and region) and never stored on dyne infrastructure. We see only the last four digits, the brand, and an expiry month for reconciliation.

We pass through interchange and acquirer fees at cost. dyne does not add a percentage markup on top of payment processing — see our pricing page for the published rate card.

06International transfers & data residency

Data resident in country, by default. Customer operating data for UAE businesses lives in UAE region; KSA in KSA region; Egypt in Egypt region. The mapping is enforced at infrastructure level (RLS on multi-tenant tables, region-locked storage buckets).

Cross-border transfer happens only when (a) you ask for it (e.g. a multi-region group consolidating reporting), or (b) it's required to provide the Service (e.g. a fraud check against a global denylist). Transfers are governed by Standard Contractual Clauses or the equivalent local mechanism.

07Retention

We keep personal data only as long as we need it. Specific schedules:

TRANSACTIONAL RECORDS

Seven years after the transaction (regulatory minimum for licensed payments businesses in UAE / KSA / Egypt).

PULSE CONVERSATION HISTORY

Two years, then anonymized for model evaluation. You can delete history at any time from the Pulse settings.

VOICE NOTES

Audio is discarded inside 30 days. Transcripts follow the conversation-history schedule above.

MARKETING DATA

Until you unsubscribe, plus 90 days for suppression list maintenance.

CLOSED ACCOUNTS

Deleted within 90 days of account closure, except where retained data is required by law (transactional records above).

08Your rights

Under the data-protection laws of the UAE, KSA, and Egypt, you have the right to:

01

Know what personal data we hold about you and ask for a copy.

02

Correct data that is wrong or out of date.

03

Delete data we no longer need to keep (subject to the retention schedule in Section 07).

04

Restrict or object to specific uses — for example, opt out of marketing.

05

Port your data to another provider in a portable, machine-readable format.

06

Lodge a complaint with the data-protection authority of the country where you live.

Email info@dyne-app.com from the address on your dyne account. We respond inside one business day and complete most requests inside thirty.

09Subprocessors

We use a small number of trusted subprocessors to run the Services. The current list — including each vendor's role, location, and certification status — is published at dynenow.com/legal/subprocessors and updated whenever the list changes.

010

Changes to this policy

We update this policy when the Services or the law changes. Material changes are emailed to account admins at least thirty days before they take effect, and the version history is published at the foot of this page.

IN PLAIN ENGLISH

"Your numbers belong to your restaurant. We use them to make the platform smarter for your room — and we anonymize the network so nobody else sees your details."

Questions about this policy?

DATA PROTECTION OFFICER

info@dyne-app.com

POSTAL ADDRESS

Dubai Silicon Oasis

DDP · Building A2 · Dubai, UAE

dyne

The intelligence operating system for restaurants. Built in Cairo & Dubai. Trained on MENA.

UAE +971 56 623 3963

EGY +20 105 095 5355

info@dyne-app.com

PLATFORM

Run operations

Get paid

Engage guests

Analytics

Pricing

Customers

PULSE

Talk to your business

WhatsApp brain

The 5 engines

Pulse pricing

How it works

COMPANY

About

Customers

Careers

Contact

Get a quote