Privacy Policy

Last updated: June 19, 2026

1. Who we are

DCIM is operated by SNY SOLUTIONS LDA, PT514398140, Portugal. In this policy, DCIM, we, us and our refer to SNY SOLUTIONS LDA.
You can contact us about privacy matters at [email protected].

2. Scope

This policy applies to dcim.sh, DCIM customer services, billing and licensing workflows, support interactions and product communications.
DCIM is a self-hosted infrastructure operations platform. Data stored inside a self-hosted customer installation remains under that customer's control unless the customer sends it to us, gives us access to it, or the product communicates with our licensing and release services.

3. Personal data we process

Depending on how you use DCIM, we may process the following categories of personal data:
  • contact details, company details and enquiry messages;
  • account details such as name, email address, phone number, role, timezone and notification preferences;
  • session and security data such as IP address, country, user agent, platform, login state and audit logs;
  • billing data such as payer details, tax identifiers, addresses, invoices, transactions, orders and subscriptions;
  • licensing data such as license key, licensed domain, dashboard URL, instance ID, public key, fingerprint hash, release channel, current version and activation IP address;
  • support data such as ticket subjects, messages, replies, diagnostic logs, product version and any files or context you choose to provide.
In a self-hosted installation, the local DCIM database may contain operational records such as users, servers, racks, datacenters, IP addresses, DNS records, agents, jobs, logs, API tokens and encrypted credentials. That local data is controlled by the customer operating the installation.

4. Why we process data

We process personal data to:
  • provide, operate and secure DCIM services;
  • create and manage accounts, sessions, licenses, orders, invoices and support requests;
  • deliver product updates and validate license status;
  • detect abuse, troubleshoot incidents and maintain audit trails;
  • meet accounting, tax, regulatory and legal obligations;
  • communicate with customers about service, support and product matters.
The legal bases for this processing are performance of a contract, legitimate interests, legal obligations and, where required, consent.

5. Cookies

DCIM uses essential cookies for authentication, session security and dashboard preferences such as theme and sidebar state. These cookies are needed for the service to work correctly.
We do not use advertising cookies on the public DCIM website unless this policy is updated and any required consent is requested.

6. Self-hosted licensing and support

License activation and update checks send only the information needed to validate the license and deliver releases. This may include the license key, licensed domain, dashboard URL, instance ID, public key, fingerprint hash, release channel, current version and activation IP address.
Support bundles are intended for diagnostics only. They are designed to include service status, container metadata, recent logs and redacted runtime configuration, and to exclude database dumps, raw environment files, instance private keys, BMC passwords, agent tokens, API token secrets, R2 keys and browser or session cookies.

7. Sharing

We do not sell personal data. We may share personal data with service providers that help us run infrastructure, security, email, support, payment, invoicing and accounting systems. We may also share data with professional advisers, regulators or authorities where required by law or needed to protect legal rights.
If personal data is transferred outside the EEA, we use lawful transfer mechanisms such as adequacy decisions or contractual safeguards.

8. Retention

We keep personal data only for as long as we need it for the purposes described in this policy, including service delivery, support, billing, security, dispute handling and legal compliance.
Billing records are kept for the accounting and tax retention periods that apply to our business. Security and audit logs are kept for a limited operational period. The self-hosted product currently uses 365-day defaults for task and application logs unless the local administrator changes them.

9. Your rights

Subject to applicable law, you may ask us to access, correct, delete, restrict or export your personal data, object to certain processing, or withdraw consent where processing depends on consent.
You may also lodge a complaint with CNPD, the Portuguese data protection authority.

10. Security

We use technical and organisational measures designed to protect personal data. No system is perfectly secure, but we work to limit access, protect credentials and keep operational diagnostics separated from secrets.

11. Changes

We may update this policy when the product, our service providers or legal requirements change. The latest version will show the effective date at the top of this page.