Privacy Policy
Last updated: April 20261. Identification
Data Controller
| Company name | Darma Technologies Inc. ("Darma" or "us") |
| Address | 1209 Orange St, Wilmington, DE 19801, United States |
| Tax / Registration No. | EIN 61 2004671 |
| support@darma.ai |
EU Representative
| Company name | Vei Tech Resources S.L. |
| Address | Avenida Diagonal, 640 4. Letra E, 08017 Barcelona, Spain |
| Tax / Registration No. | Registro Mercantil de Barcelona, Volume 47459, Folio 131, Page B-552486 |
| support@darma.ai |
2. What Personal Data Do We Collect and How?
Personal data means any information relating to an identified or identifiable natural person — someone who can be identified directly or indirectly by reference to an identifier such as a name, identification number, location data, or online identifier.
We currently collect and process the following personal data from users of our website, application, and plug-ins ("Darma"):
- Personal identifiers and contact details (e.g., name, email, profile picture, date of birth, password, phone number)
- Calendar data
- List of contacts data
- Email account data
- Payment details
- Geolocation data
- Chatbot interaction data
- Cookies data — see our Cookie Policy
- Other personal data you voluntarily disclose when using Darma, or generated in the course of our communications
By providing us with your data, you guarantee its truthfulness and accuracy. You will be liable for any false or inaccurate statements and any damages caused to Darma or third parties as a result.
3. Other Information We Collect
We may also receive personal data indirectly from partners or third parties outside Darma where you have agreed to receive information about our services and/or where such data sharing is necessary for providing our services.
4. What Do We Use Your Data For?
Regulations referenced below:
- Spanish Data Act: Spanish Act 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
- Spanish eCommerce Act: Spanish Act 34/2002, of July 11, on Information Society Services and Electronic Commerce.
- GDPR: General Data Protection Regulation 2016/679 of 27 April 2016.
| Purpose | Legal Basis | Regulation |
|---|---|---|
| To provide services and/or products Including access to calendar, email, geolocation, and contacts where you have authorised it. |
Execution of a (pre)contract | Art. 6.1.(b) GDPR |
| Customer support Responding to requests, including via chatbot. |
Legitimate interest | Art. 6.1.(f) GDPR |
| Social networks Managing our social network profiles and interacting with users. |
Legitimate interest | Art. 6.1.(f) GDPR |
| Legal obligations Tax, accounting, anti-money laundering, and fulfilling your rights. |
Legal obligation | Art. 6.1.(c) GDPR |
| e-Marketing Sending electronic marketing and newsletters. You may opt out at any time by emailing info@darma.ai. |
Exception to consent (existing customers) or consent (non-customers) | Art. 21 Spanish eCommerce Act |
| Automated decision-making Optimising the organisation and planning of your calendar. |
Execution of a (pre)contract | Art. 6.1.(b) GDPR |
| Profiling Creating a personalised user profile based on your preferences, habits, and patterns to power AI-driven suggestions. |
Execution of a (pre)contract | Art. 6.1.(b) GDPR |
| Customer satisfaction surveys Sending surveys about our products and services. |
Legitimate interest | Art. 6.1.(f) GDPR |
| Anonymisation Irreversibly anonymising your data to improve our products and services. |
Legitimate interest | Art. 6.1.(f) GDPR |
| Analysis Performing analysis of aggregated, non-personally-identifiable data. |
Consent (non-technical cookies) and legitimate interest | Art. 22 Spanish eCommerce Act; Art. 6.1.(f) GDPR |
| Retargeting ads and social media advertising Displaying targeted advertisements based on your interests via cookies. |
Consent (cookie installation) and legitimate interest | Art. 22 Spanish eCommerce Act; Art. 6.1.(f) GDPR |
Note that when using Darma, you may be asked to authorise access to applications such as geolocation, calendar, contacts, or email. This access is essential to Darma's functionality. If authorisation is not granted, the operation of Darma may be unsatisfactory or prevented entirely.
5. Who Will Your Data Be Shared With?
We share your information with:
- Darma Group: Affiliated companies for operational purposes, based on legitimate interest for intragroup administrative tasks.
- Providers: Third-party service providers (cloud hosting, accounting, IT services, CRM, legal advisors, etc.) who sign data processing agreements under Art. 28 GDPR, ensuring your data remains secure.
- Other users: Limited sharing to enable seamless collaboration (e.g., calendar-related information for mutual scheduling). Your privacy settings are respected at all times.
- Legal authorities: Where required by law, administrative or judicial authority, or in the public interest (e.g., anti-money laundering, tax obligations).
In the event of a business restructuring, merger, split, or sale, we may transfer your personal information to the relevant third party based on legitimate interest in accordance with Article 21 of the Spanish Data Act.
6. AI Model, Automated Decision-Making and Profiling
Our AI model has been trained with synthetic data — artificial datasets specifically created to enable intelligent responses. Responses are tailored to enhance your efficiency and productivity, adapting to your specific needs. Darma will be updated as you provide inputs and share information with it.
You may disable any permissions at any time. However, if authorisation is not granted, the operation of Darma may become unsatisfactory or prevented entirely.
For the proper functioning of our AI system, Darma performs automated decision-making and profiling regarding inputs you provide, including permissions to gather information from calendar, email, or through chatbot interactions. A user profile is generated reflecting your individual preferences, habits, and patterns, enabling more personalised suggestions.
This automated decision-making and profiling does not produce legal effects on you nor similarly significantly affect you, and is designed solely to enhance your experience.
7. How Do We Protect Your Personal Data?
We take all reasonable and appropriate technical and organisational measures to protect the security of your personal data, including restrictive access controls, encryption, antivirus software, and regular testing and evaluation.
8. International Transfers Outside the EEA
As we are based in the USA, your personal data is transferred to this country as necessary to provide our services. We have designated an EU representative to comply with the GDPR and maintain a closer relationship with our European users.
Some of our IT providers (such as Google) are located outside the EEA. Where strictly necessary to operate Darma and/or provide requested services, we will make international transfers to such suppliers under appropriate contractual agreements to ensure your personal data remains equally protected.
9. How Long Will We Keep Your Personal Data?
We keep information only for as long as necessary for the purpose it was collected, and may also store your data to deal with any complaints regarding our products and services. We will then dispose of information by removing all files and back-ups. Retention periods are determined per applicable legal requirements.
Prior to deleting any personal data, we will retain it in a duly blocked state to comply with legal obligations under Article 32 of the Spanish Data Protection Act.
10. What Are Your Rights?
You are not required to pay any charge for exercising your rights (though a fee may be charged for unfounded, excessive, or repetitive requests). We have one month to respond, extendable by a further two months if needed. Under data protection law, you may exercise the following rights:
- Right to withdraw consent — Contact us at support@darma.ai at any time.
- Right of access — Ask us for copies of your personal data.
- Right to rectification — Ask us to correct inaccurate or incomplete data.
- Right to erasure — Ask us to erase your data in certain circumstances (e.g., no longer necessary for the original purpose, or consent withdrawn).
- Right to restriction of processing — Ask us to restrict processing where you believe the data is inaccurate or unlawful.
- Right to object — Object to processing based on legitimate or public interest grounds.
- Right to data portability — Ask us to transfer data you provided to another organisation or to you directly.
- Right not to be subject to automated decision-making — Ask not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, where legal requirements are not met.
You also have the right to lodge a complaint with the competent supervisory authority. In Spain, this is the Spanish Data Protection Agency (AEPD). Before initiating any complaint, please contact us at support@darma.ai to try to resolve any issue amicably.
11. How to Contact Us
Please contact us at support@darma.ai if you wish to make a request, complaint, or have any questions about how we use your personal data.
12. How Do We Keep This Privacy Policy Up to Date?
We may update this Privacy Policy periodically and will revise the date at the top to reflect when any update occurred. If we make material changes to how we collect, use, or share your personal data, we will endeavour to provide notice before such changes take effect. We encourage you to periodically review this page for the latest information on our privacy practices.
13. Children's Privacy
Darma is not intended for use by children under the age of 13. We do not knowingly collect, store, or process personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take prompt steps to delete such information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@darma.ai.
By using Darma, you affirm that you are at least 13 years old, or that you have the consent of a parent or guardian if required by applicable law.
14. Data Breach Policy
We take the security of your personal information seriously. In the event of a data breach that compromises your personal data, we have procedures in place to assess, respond, and notify affected individuals in compliance with applicable laws.
A data breach occurs when personal information is accessed, disclosed, or acquired without authorisation, whether due to hacking, insider threats, accidental disclosure, or other security incidents.
Upon discovering a potential data breach, we will:
- Immediate Containment — Identify and secure affected systems to prevent further unauthorised access.
- Risk Assessment — Determine the nature and extent of the breach, including data types involved and potential risks.
- Notification & Compliance — Where required by law, notify affected individuals, regulatory authorities, and any other applicable entities within the mandated timeframe.
- Remediation & Prevention — Implement corrective actions, including security enhancements and additional monitoring, to prevent future incidents.
If your personal information is impacted, we will notify you in a timely manner as required by applicable law. Notifications may include a description of the breach, actions we are taking, steps you can take to protect yourself, and contact information for further enquiries.
We comply with all applicable federal and state data breach notification laws, including the California Consumer Privacy Act (CCPA/CPRA), the New York SHIELD Act, and where applicable HIPAA & GLBA.
15. Policy Updates
We review this Privacy Policy at least annually. We will notify you of any material changes through Darma or via email. Previous versions of this policy will be archived and available upon request.