Privacy Policy

Dusto is operated by Spicadust Inc., a Delaware C-corporation (registered via Stripe Atlas).

Mailing address: Willy Brandts Vej 25, 2450 Copenhagen SV, Denmark.

Privacy and data requests: admin@spicadust.com. Product support: support@dusto.app.

We collect only what we need to run the service. Today that is:

Account

Your email address (used both for login and as the destination we deliver dusto output to), your AWS Cognito subject UUID, and your dusto handle (the localpart of your @dusto.app address).

Email content

The full MIME of inbound emails forwarded to your dusto address, stored in S3. Parsed bodies, subjects, headers, sender and recipient fields are also stored in Postgres so the agent can read them.

Outbound email

The subject, body, and recipient of any email dusto generates and sends on your behalf.

Agent traces

Prompts sent to the LLM, model responses, tool calls, and token counts. We use these for cost accounting and debugging.

Billing

Stripe customer ID, subscription state, and our internal balance/grant ledger. Stripe holds your card details — we never see them.

Operational

Per-account API rate-limit counters keyed on your Cognito subject UUID, and structured application logs containing account identifiers and resource paths. Today, logs do not contain email content.

We process your data to deliver the email-intelligence service: parsing inbound mail, generating digests and replies, sending outbound mail, billing you, and debugging when something breaks.

We do not sell your data. We do not show ads. We do not use your email content to train any model of our own.

Dusto runs on a small set of subprocessors. The full list with regions and purposes is at /legal/subprocessors. In short: AWS for compute, storage, email and auth; Neon for managed Postgres; Stripe for payments; Sentry for error monitoring; Google for optional sign-in; and xAI for the language model.

To power the agent, we send your email content to xAI (the Grok API). Today we use xAI's standard API; we are working toward a no-training data-processing agreement and will tighten this clause as that lands. xAI's terms govern their handling of the content we send.

• Raw inbound MIME in S3: 90 days, then auto-expired by lifecycle rule.
• Parsed inbound and outbound bodies in Postgres: 90 days, then zeroed (a skeleton row is kept for dedup and audit).
• Agent traces: 14 days, then deleted.
• Account and billing rows: until you delete your account.
• Stripe webhook event ledger: kept indefinitely as an idempotency record (event IDs only, no personal data).

You can export your data via GET /me/export, which returns a JSON dump (capped at 5 MB for v1 — contact us if you need more).

You can delete your account via DELETE /me. Deletion is immediate and irreversible — see the Terms for what survives. There is no recovery and no grace period; export first if you want a copy.

You can correctaccount fields from the dashboard, or contact us if a field isn't editable.

EU / UK residents (GDPR / UK GDPR): you have rights to access, rectification, erasure, restriction of processing, objection, and data portability. You may also lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA): you have rights to know what personal information we hold, to delete it, to correct it, and to limit our use of any sensitive personal information. We do not sell or share your personal information for cross-context behavioral advertising, and we do not knowingly process data of anyone under 16.

To exercise any of these rights, email admin@spicadust.com. We will respond within the timeframe required by applicable law.

Spicadust Inc. is a US company and most of our infrastructure runs in AWS US East (N. Virginia). If you access dusto from outside the US, your data is transferred to and processed in the US under applicable transfer mechanisms.

For v1, transfers of EU and UK personal data rely on the European Commission's Standard Contractual Clauses (and the UK Addendum / Swiss equivalent where applicable), incorporated by reference into our contracts with subprocessors, plus the supplementary measures described on the Security page. Self-certification under the EU–US Data Privacy Framework is on our roadmap and will replace the SCC route once in place. If you need a copy of our SCCs, email admin@spicadust.com.

Our operational logs include account identifiers (Cognito UUIDs) and resource paths. Today, they do not contain email bodies, subjects, or addresses. We run a redaction safety rail to keep it that way and treat any leak into logs as an incident.

We use localStorage for an authentication refresh token and a theme preference. We do not use analytics cookies, advertising cookies, or third-party trackers.

Dusto is not directed to anyone under 16. If you are under 16, please do not use dusto. If we discover an account belongs to someone under 16 we will delete it.

Dusto is not offered to users in regions or to individuals subject to US sanctions. This currently includes Cuba, Iran, North Korea, Syria, and the Crimea, DNR, and LNR regions of Ukraine, as well as anyone on the OFAC Specially Designated Nationals (SDN) list. We may decline service or terminate accounts to comply with applicable sanctions law.

We will post material changes to this page. For substantive changes we will also email account holders.

For privacy questions and data requests: admin@spicadust.com. For product help: support@dusto.app.

A Data Processing Addendum (DPA) is available on request for business customers — email admin@spicadust.com.