1. Identification
1.1. Data controller:
Company: Darma Technologies Inc. ("Darma" or "us")
Address: 1209 Orange St, Wilmington, DE 19801, United States
Tax/Registration No.: EIN 61 2004671
Email: support@darma.ai
1.2. EU representative:
Company: Vei Tech Resources S.L.
Address: Avenida Diagonal, 640 4. Letra E. 08017, Barcelona
Tax/Registration No.: Registro Mercantil de Barcelona, Volume 47459, Folio 131, Page B-552486
Email: support@darma.ai
2. What personal data do we collect and how?
We collect and process the following types of personal data from users of our website, application, and plug-ins ("Darma Cal"):
- Personal identifiers and contact details (e.g., name, email, profile picture, date of birth, password, phone number)
- Calendar data
- List of contacts data
- Email account data
- Payment details
- Geolocation data
- Chatbot interactions
- Cookies data (link to the Cookie Policy)
- Other voluntarily disclosed or generated personal data during use
By providing us with your data, you guarantee its truthfulness and accuracy.
3. Other information and third-party sources
We may receive data from partners or third parties where you have agreed to share data or it is necessary to provide our services.
4. What do we use your data for?
We process your data for various purposes under the following legal bases:
| Purpose |
Legal basis |
Regulation |
| To provide services/products |
Execution of a (pre)contract |
Art. 6.1.(b) GDPR |
| Customer support |
Legitimate interest |
Art. 6.1.(f) GDPR |
| Manage social media interactions |
Legitimate interest |
Art. 6.1.(f) GDPR |
| Legal compliance |
Legal obligation |
Art. 6.1.(c) GDPR |
| Electronic marketing |
Consent or exception to consent |
Art. 21 Spanish eCommerce Act |
5. Data sharing
- With affiliated companies (Darma Group)
- With service providers and processors under Art. 28 GDPR
- We specially use AI service providers, such as Microsoft Azure OpenAI or Google Gemini—we ensure that:
- Your data is not used to train, develop, or improve generalized or non-personalized AI/ML models.
- These providers process data solely for the purpose of providing the requested service, and under strict data protection agreements in place.
- We do not share Google user data obtained via Google Workspace APIs with any AI provider in a manner that would violate Google’s API Services User Data Policy.
- With other users (with privacy safeguards)
- With authorities where legally required
- During business restructuring or transfer
6. AI and automated decision-making
Our service includes AI-driven personalization and scheduling features, which may involve limited profiling under Article 22 of the GDPR. This processing:
- Uses only your own data to provide personalized recommendations and improve scheduling efficiency
- Is limited to enhancing your individual experience; it does not involve sharing or using your data to train generalized AI or machine learning models
- Does not share your data with third-party AI systems for any independent processing or training
- Can be fully controlled through your permissions settings
No fully automated decisions with legal or similarly significant effects are made without meaningful human involvement, in accordance with GDPR Article 22(1).
You may choose to disable AI-related features at any time. Please note that doing so may impact certain functionality or the personalized nature of your experience.
7. AI Services and Data Usage
7.1. We may use AI services (such as Azure OpenAI and Google Gemini) to enhance the functionality, personalization, and scheduling capabilities of our product.
7.2. We do not use Google Workspace user data—or any user data—for training, fine-tuning, or improving generalized or non-personalized AI/ML models.
7.3. When user data, including Google Workspace data, is processed by AI services:
- It is used solely for user-specific processing and real-time personalization
- It is not retained by AI providers for training, model improvement, or benchmarking
- We require all AI providers to contractually guarantee compliance with these restrictions
- We implement technical safeguards to prevent any unauthorized retention or training use
7.4. Our current AI service providers include:
- Azure OpenAI – Used via Microsoft Azure, which provides contractual assurances that customer data is not used to train or improve AI models. [See Microsoft Data Privacy: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-p]
- Google Gemini – Used in compliance with Google’s terms prohibiting the use of customer data for the training of generalized AI models.
- Other AI Providers – Any additional AI providers we may engage are subject to the same contractual, technical, and legal safeguards to ensure full compliance with GDPR and Google’s API Services User Data Policy.
8. Data protection measures
Technical and organizational measures include encryption, antivirus, restricted access, and regular evaluations.
9. International data transfers
Transfers to USA and providers outside EEA are safeguarded by appropriate contractual measures, including Standard Contractual Clauses where applicable.
10. Data retention
Data is kept only as long as necessary, then deleted securely. Retained temporarily when legally required.
11. Your rights
- Withdraw consent
- Access, rectification, erasure
- Restriction, objection, portability
- Not subject to automated decisions
- Lodge complaints with authorities
13. Updates to this policy
This policy may be updated. Changes will be notified on the Darma Cal or by email.
14. Children’s Privacy
Not for children under 13. If data is inadvertently collected, it will be deleted upon discovery or request.
15. Data Breach Policy
- Immediate containment
- Risk assessment
- Legal notification if required
- Remediation and prevention
We comply with relevant laws like CCPA, SHIELD Act, HIPAA, and GLBA.
