Privacy Policy
Last updated: April 30, 2026
HappySoup Ltd ("HappySoup", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect when you use dx0 (available at dx0.io), why we process it, how long we keep it, and the rights you have under data protection law.
HappySoup Ltd is a company registered in Dublin, Ireland (Reg. No. 799682). For any privacy-related questions, contact our Data Protection Officer at help@happysoup.io.
For technical detail on how data is stored, encrypted, and protected, see our Security Page.
1. Who This Policy Applies To
dx0 is a business-to-business (B2B) service. Our customers are companies and their authorised employees ("users"). This policy applies to all users of dx0, whether on a free trial or a paid plan.
2. Information We Collect
Account information. When you create a dx0 account directly, we collect your name, email address, and company name. If you authenticate via Salesforce OAuth, we additionally receive your Salesforce username, email address, display name, Org ID, and User ID from Salesforce.
Salesforce metadata. To deliver dx0's core features — search, impact analysis, and AI-powered explanations — we query your Salesforce org's metadata (Apex classes, configuration, field definitions, and other structural information).
AI processing. dx0 uses third-party large language model (LLM) providers to generate analysis and explanations. Salesforce metadata snippets relevant to the requested analysis are transmitted to these providers. The full list of providers and the specific data sent is described in our Security Page.
Usage and technical data. We collect application logs and usage data to maintain service performance, detect errors, and improve the product.
Cookies and local storage. dx0 uses cookies and local storage to manage your session and authentication state.
For details on where each category is stored, how it is encrypted, and how long it is retained, see our Security Page.
3. Legal Basis for Processing
As an EU-registered company subject to GDPR, we rely on the following legal bases:
Data | Legal Basis |
Account and authentication data | Contract performance — necessary to provide the service you signed up for |
Salesforce metadata | Contract performance — core to delivering metadata intelligence |
AI processing of metadata | Contract performance — required to generate assessments and analysis |
Usage and error logs | Legitimate interests — to maintain, secure, and improve the service |
4. How We Use Your Information
We use the information we collect to:
Provide, operate, and maintain dx0
Authenticate users and manage access to Salesforce orgs
Generate metadata analysis, security assessments, and AI-powered intelligence
Monitor system performance and detect errors
Communicate with you about your account, support, and product updates
Improve the service and plan future enhancements
5. How We Share Your Information
We do not sell your data. We share information only with subprocessors who support dx0's operations, under strict confidentiality and data protection agreements. The complete list of subprocessors — including our database, object storage, and AI providers — is published on our Subprocessors Page.
6. International Data Transfers
Our primary infrastructure is hosted in the European Union. Some subprocessors are located outside the European Economic Area (EEA), including in the United States. Where this is the case, we ensure appropriate safeguards are in place, including the European Commission's Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR requirements.
7. Data Retention
Personal data and customer data are retained for the duration of your account. When an org is disconnected, a workspace is deleted, a trial expires, or you request erasure, the corresponding data is deleted from dx0's systems.
For the per-category retention schedule and the specific events that trigger deletion, see the Data Retention section of our Security Page.
8. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
Right to Access — You may request a copy of the personal data we hold about you.
Right to Rectification — You may request correction of inaccurate or incomplete data.
Right to Erasure — You may request deletion of your personal data, subject to any legal obligations we have to retain it.
Right to Restrict Processing — You may request that we limit how we process your data in certain circumstances.
Right to Data Portability — You may request your data in a structured, machine-readable format.
Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Object — You may object to processing based on legitimate interests.
Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority. In Ireland, this is the Data Protection Commission (DPC): www.dataprotection.ie.
To exercise any of these rights, contact us at help@happysoup.io. We will respond within 30 days.
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.
9. Children's Privacy
dx0 is a professional B2B tool and is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or through the application. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your data, contact our Data Protection Officer:
HappySoup Ltd
Dublin, Ireland
help@happysoup.io