Privacy Policy

PRIVACY POLICY - DARMA CAL

Version: March 2025

1. Identification

1.1. Data controller:

Company: Darma Technologies Inc. ("Darma" or "us")

Address: 1209 Orange St, Wilmington, DE 19801, United States

Tax/Registration No.: EIN 61 2004671

Email: support@darma.ai

1.2. EU representative:

Company: Vei Tech Resources S.L.

Address: Avenida Diagonal, 640 4. Letra E. 08017, Barcelona

Tax/Registration No.: Registro Mercantil de Barcelona, Volume 47459, Folio 131, Page B-552486

Email: support@darma.ai

2. What personal data do we collect and how?

We collect and process the following types of personal data from users of our website, application, and plug-ins ("Darma Cal"):

Personal identifiers and contact details (e.g., name, email, profile picture, date of birth, password, phone number)
Calendar data
List of contacts data
Email account data
Payment details
Geolocation data
Chatbot interactions
Cookies data (link to the Cookie Policy)
Other voluntarily disclosed or generated personal data during use

By providing us with your data, you guarantee its truthfulness and accuracy.

3. Other information and third-party sources

We may receive data from partners or third parties where you have agreed to share data or it is necessary to provide our services.

4. What do we use your data for?

We process your data for various purposes under the following legal bases:

Purpose	Legal basis	Regulation
To provide services/products	Execution of a (pre)contract	Art. 6.1.(b) GDPR
Customer support	Legitimate interest	Art. 6.1.(f) GDPR
Manage social media interactions	Legitimate interest	Art. 6.1.(f) GDPR
Legal compliance	Legal obligation	Art. 6.1.(c) GDPR
Electronic marketing	Consent or exception to consent	Art. 21 Spanish eCommerce Act

5. Data sharing

With affiliated companies (Darma Group)
With service providers and processors under Art. 28 GDPR
We specially use AI service providers, such as Microsoft Azure OpenAI or Google Gemini—we ensure that:

Your data is not used to train, develop, or improve generalized or non-personalized AI/ML models.
These providers process data solely for the purpose of providing the requested service, and under strict data protection agreements in place.
We do not share Google user data obtained via Google Workspace APIs with any AI provider in a manner that would violate Google’s API Services User Data Policy.

With other users (with privacy safeguards)
With authorities where legally required
During business restructuring or transfer

6. AI and automated decision-making

Our service includes AI-driven personalization and scheduling features, which may involve limited profiling under Article 22 of the GDPR. This processing:

Uses only your own data to provide personalized recommendations and improve scheduling efficiency
Is limited to enhancing your individual experience; it does not involve sharing or using your data to train generalized AI or machine learning models
Does not share your data with third-party AI systems for any independent processing or training
Can be fully controlled through your permissions settings

No fully automated decisions with legal or similarly significant effects are made without meaningful human involvement, in accordance with GDPR Article 22(1).

You may choose to disable AI-related features at any time. Please note that doing so may impact certain functionality or the personalized nature of your experience.

7. AI Services and Data Usage

7.1. We may use AI services (such as Azure OpenAI and Google Gemini) to enhance the functionality, personalization, and scheduling capabilities of our product.

7.2. We do not use Google Workspace user data—or any user data—for training, fine-tuning, or improving generalized or non-personalized AI/ML models.

7.3. When user data, including Google Workspace data, is processed by AI services:

It is used solely for user-specific processing and real-time personalization
It is not retained by AI providers for training, model improvement, or benchmarking
We require all AI providers to contractually guarantee compliance with these restrictions
We implement technical safeguards to prevent any unauthorized retention or training use

7.4. Our current AI service providers include:

Azure OpenAI – Used via Microsoft Azure, which provides contractual assurances that customer data is not used to train or improve AI models. [See Microsoft Data Privacy: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-p]
Google Gemini – Used in compliance with Google’s terms prohibiting the use of customer data for the training of generalized AI models.
Other AI Providers – Any additional AI providers we may engage are subject to the same contractual, technical, and legal safeguards to ensure full compliance with GDPR and Google’s API Services User Data Policy.

8. Data protection measures

Technical and organizational measures include encryption, antivirus, restricted access, and regular evaluations.

9. International data transfers

Transfers to USA and providers outside EEA are safeguarded by appropriate contractual measures, including Standard Contractual Clauses where applicable.

10. Data retention

Data is kept only as long as necessary, then deleted securely. Retained temporarily when legally required.

11. Your rights

Withdraw consent
Access, rectification, erasure
Restriction, objection, portability
Not subject to automated decisions
Lodge complaints with authorities

12. Contact

Email: support@darma.ai

13. Updates to this policy

This policy may be updated. Changes will be notified on the Darma Cal or by email.

14. Children’s Privacy

Not for children under 13. If data is inadvertently collected, it will be deleted upon discovery or request.

15. Data Breach Policy

Immediate containment
Risk assessment
Legal notification if required
Remediation and prevention

We comply with relevant laws like CCPA, SHIELD Act, HIPAA, and GLBA.