HomePrivacy Policy
Privacy Policy

Privacy Policy
of Dinamic5

We take your privacy seriously. This document details how we collect, use and protect your personal information.

Last updated: April 2026

1. General — Controller Identity

Dinamic5 (hereinafter: "the Company", "we") operates the website dinamic5.com and the cloud CRM system (hereinafter: "the Service"). This privacy policy applies to all users of the Service and website.

By using the Service, you consent to this privacy policy. If you do not agree, please refrain from using the Service.

Privacy contact: privacy@dinamic5.com

2. Information We Collect

We collect the following types of information:

2.1 Registration Data

  • First name, last name
  • Email address (used for login)
  • Phone number
  • Company name (optional)
  • Country (used for language, timezone, currency, and phone prefix settings)

2.2 CRM Content

  • Leads, contacts, accounts, deals
  • Quotes, invoices, sales orders, purchase orders
  • Projects, tasks, tickets
  • Documents and file attachments
  • Automation and workflow configurations

2.3 Communication Data

  • WhatsApp messages: full message content, phone numbers, timestamps, media files
  • Call recordings: phone numbers, call duration, timestamps, recording URLs stored by the telephony provider
  • Email: if the mail scanner feature is configured by the user

2.4 Login & Security Data

  • Login history (IP address and timestamp)
  • Audit trail (record change history)

2.5 Automatically Collected Data (Website)

  • IP address, browser type, operating system (server logs only)
  • Access timestamp

2.6 Billing Data

  • Payments are processed by third-party payment processors — we do NOT store credit card numbers
  • Billing cycle, plan type, subscription IDs, transaction history

3. Purposes of Use and Legal Basis

We process personal data based on the following legal grounds:

  • Contract performance: operating the Service, account management, technical support, payment processing
  • Legitimate interest: service improvement, security, fraud prevention
  • Legal obligation: compliance with applicable laws, tax reporting
  • Consent: marketing communications (you may withdraw consent at any time)

We do NOT sell personal data.

4. Data Controller and Data Processor

Dinamic5 acts in a dual capacity depending on the type of data:

  • Data Controller for: account registration data, billing information, platform usage data
  • Data Processor for: CRM content entered by tenants — including contacts, leads, deals, messages, documents, and call recordings. Each tenant (organization) is the Data Controller for the CRM content they enter into the system.

Tenants are responsible for having a lawful basis for the personal data they enter into the CRM system.

For details on data processing obligations, see our Data Processing Agreement (DPA).

5. Information Sharing with Third Parties

We may share information with third parties only in the following cases:

  • Meta Platforms, Inc. ("Meta") — when you connect Meta-owned products to your CRM via OAuth, the following data flows apply, in each case subject to the Meta Business Tools Terms:
    • WhatsApp Business Cloud API: Meta acts as a data processor on your behalf to transmit and deliver messages you send via your WhatsApp Business Account (WABA). Outbound: message content, message templates, media, and recipient identifiers are sent to Meta for delivery to WhatsApp recipients. Inbound: incoming WhatsApp messages addressed to your business number, delivery statuses, conversation metadata, and template approval results are received from Meta. WhatsApp LLC operates the WhatsApp delivery infrastructure as an independent data controller, governed by the WhatsApp Business Policy and WhatsApp Business Data Processing Terms.
    • Facebook Lead Ads: when a prospect submits one of your Facebook lead forms, Meta transmits the submission data (name, phone, email, and any custom fields configured in your form) to Dinamic5 via Meta's webhooks and Graph API. Data submitted through your Lead Ads is governed by this privacy policy from the moment it reaches Dinamic5's systems.
    Communication content transmitted via WhatsApp Business Cloud API remains end-to-end encrypted in transit. Meta does not use this content to train its consumer AI models.
  • Google LLC: when you connect a Google account via OAuth (Gmail and/or Google Calendar), the relevant data — email messages, threads, labels, calendar events, attendees — is exchanged between Dinamic5 and Google APIs solely to provide the synchronization features you enabled. Use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use Requirements. Subject to Google's Privacy Policy.
  • Transactional email provider: for account activation and password reset emails
  • Cloud telephony providers: for call routing, recording, and virtual numbers — Israeli and international providers
  • Payment processors: for subscription billing — Israeli and international processors
  • Infrastructure provider: hosting services in Germany/EU
  • DNS and email delivery provider
  • User-configured integrations: services you have connected to the system (Google, Facebook, WhatsApp, etc.) — according to your settings only
  • Legal requirement: when required by law, court order, or legal process

A complete sub-processor list is available on request at privacy@dinamic5.com.

6. Data Security

We employ advanced security measures to protect your information:

  • 256-bit SSL/TLS encryption for all communications
  • Separate, isolated database for each customer
  • Automatic daily encrypted backups
  • Secure servers with 24/7 monitoring
  • Role-based access control (RBAC)
  • Complete audit log

While we make every effort to protect your information, no security system can guarantee 100% protection. We commit to notifying you without delay in the event of a security incident that may affect your privacy.

7. Data Retention and Deletion

  • CRM data: deleted within 30 days of account closure. Backups purged within 90 days.
  • Account registration data: retained up to 12 months after account closure for legal and audit purposes
  • Payment data: retained as required by law (up to 7 years)
  • Call recordings: per telephony provider policy and tenant settings
  • WhatsApp data: retained while the account is active; deleted with account closure

8. Cookies

We use only strictly necessary cookies:

  • PHPSESSID: a session cookie required for authentication and maintaining your login session

We do NOT use tracking, analytics, or advertising cookies. No third-party scripts install cookies on our website or within the CRM system.

9. International Data Transfers

  • Servers: hosted in Germany (EU)
  • Israel: recognized by the European Commission as providing adequate data protection (Decision 2011/61/EU)
  • United States: some sub-processors (email delivery, telephony, DNS) — transfers conducted under Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework
  • United Kingdom: international payment processor — covered by EU adequacy decision

10. Your Rights

Under the Israeli Privacy Protection Law 5741-1981 and the GDPR (for EU/EEA residents), you have the following rights:

  • Right of access: view the personal information we hold about you
  • Right of rectification: correct inaccurate or incomplete information
  • Right of erasure: request deletion of your information (subject to legal requirements)
  • Right to restrict processing: limit how we use your data in certain circumstances
  • Right to object: object to processing based on legitimate interests
  • Right to data portability: receive a copy of your data in a structured format
  • Right to opt out: unsubscribe from marketing communications at any time
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise your rights, contact us at: privacy@dinamic5.com.

Right to complain:

  • Israeli users: Israeli Privacy Protection Authority (PPA) at www.gov.il
  • EU users: your local data protection supervisory authority

11. Automated Decision-Making

We do NOT perform automated decision-making or profiling that produces legal or similarly significant effects on individuals.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be published on the website and registered users will be notified. Continued use of the Service after a policy update constitutes consent to the changes.

13. Contact

For questions or requests regarding this privacy policy:

14. Governing Law and Jurisdiction

This privacy policy shall be governed by the laws of the State of Israel. The exclusive jurisdiction shall be the competent courts in the Tel Aviv district.

Questions About Your Privacy? Talk to Us

Our team is available to answer any question about privacy and data security.

Contact Us