PRIVACY AND COOKIE POLICY
Effective: September 3, 2025
DOJO AI (also “we”, “us”, “our”) is committed to securing and protecting your personal information. Most of DOJO AI’s processing of personal data is done on behalf of our customers. Under the GDPR and similar laws, that makes us a data processor, while the Customer is a data controller. That processing by DOJO AI is covered by our Data Processing Addendum, which is part of our Terms of Service. This Privacy Policy, in turn, explains how we process personal information for our own purposes (as a data controller). By using our services or browsing our websites, you acknowledge the content of this policy. We may update it, so we encourage you to review this page periodically. Changes will be posted here with a revised “Last updated” date.
PROCESSING DETAILS
1.1. We typically process personal data of our users and/or customers.
1.2. The table below explains how we process your data:
| What for? | Which data? | What legal basis? | For how long? (see section 6) |
|---|---|---|---|
| a) Managing our relationship with you or our customer and providing our services. | (From you or our customer) User account information. (From other sources) Technical data, such as logs and device information, usage data. |
We need it to engage in a contract with you or with our customer. | Until the relavant contracts terminate. |
| b) ID verification | |||
| c) Network and information security management. | A legitimate interest in protecting our assets, our users and customers, and the information we process. | ||
| d) Data analysis for developing and improving our services (including our AI models). | A legitimate interest in improving our services. | ||
| e) Customer surveys, market research, and feedback/reviews. | (From you) Feedback/opinions, contact details. (From other sources) Social media information, technical data, such as logs and device information. |
A legitimate interest in improving our services and promoting our business. | Until you let us know that you do not want us to process this data anymore, unless we agree otherwise. |
| f) Direct marketing about offers from DOJO AI or our affiliates / partners. | Either a legitimate interest in developing our business or your consent. | Until you opt-out or withdraw your consent (as applicable). | |
| g) To safeguard our legal rights and/or to comply with applicable laws. | Any relevant data. | Either a legitimate interest in exercising our rights or an applicable legal obligation. | As long as necessary. |
1.3. To improve our systems and services, and as authorized by our customer, we may continue to process information derived from our customer’s data that has been deidentified, anonymized, and/or aggregated in a way that it is no longer considered personal data.
2. COOKIES
2.1. On our websites, we also use cookies and similar technologies. A cookie is a small string of information that websites you visit store on your device for identification purposes. Some of the processing mentioned in section 1 may use cookies, for example.
2.2 We may use the following types of cookies:
a) Essential cookies: these are necessary to let you to move around websites and use their features. Without these, our websites would not work properly.
b) Functional cookies: these remember the choices you make (such as language/region) to improve your user experience.
c) Performance / analytics cookies: these keep track of the pages you visit and of other behavior to help improve our services and the performance of our websites. They mostly capture aggregate and/or anonymous data, but may also collect identifiable information.
d) Advertising cookies: these keep track of the pages you visit and of other behavior to provide ads that may be more relevant to you.
2.3. We rely on your consent for non-essential cookies. Non-essential cookies can be turned off, although this may limit the features and functionality of our websites. You can also have your device warn you whenever cookies are being used, and there is even software to help you manage cookies
3. DATA SHARING
3.1. We do not sell, rent, or monetize personal data with third parties.
3.2. We may share your personal data with third parties as follows:
a) Authorities and regulators: for example, for legal and compliance purposes as mentioned above.
b) Service Providers: To help us operate our business, we may share your personal data with vendors, service providers and partners (for example, cloud service providers, event management services, email communication software, law firms and other consultants, web analytics, advertising and marketing services, etc.). These providers operate under strict confidentiality and data privacy agreements. A list of key third-party service providers is available as an annex to the Data Processing Addendum.
c) Integrations/plugins: When you are using third party applications connected to your DOJO AI account, the providers of those applications may receive information about you from us or from others. When using our services, you may also interact with links to other websites not operated by us, including social media. In all these cases, their own terms and privacy policies may apply. You may contact the provider of those applications for information on their data processing.
d) Business changes: If we are involved in transactions like a sale, a merger, or a transition of service to another provider, your personal data may be shared with potential counterparties and others assisting with the transaction. It may also be transferred to another company as part of that transaction.
4. DATA SECURITY
We enforce robust data security practices to safeguard collected data, including:
Encryption at rest and in transit.
Access controls and authentication protocols.
Regular security audits and vulnerability assessments.
5. INTERNATIONAL TRANSFERS
5.1. Your personal data may be processed outside the country where you are located.
5.2. When this happens, especially when the recipient country’s data protection laws may not be as protective as the ones in your country, DOJO AI will work towards ensuring a high level of protection when transferring that data. We will take appropriate protection measures according to the applicable data protection requirements (such as the GDPR). Your data rights described in section 7 will not be affected.
5.3. These safeguards may include, for example, signing model contractual clauses with the recipients of your data. This means that the recipient guarantees a consistent level of protection for your data. We may also adopt other technical and organizational measures in these cases, as appropriate. We can provide a copy of the safeguards adopted upon request.
5.4. In some cases, we may have other justifications to transfer the data, such as engaging in a contract with you, obtaining your consent, or having a legitimate business need (such as legal claims).
6. RETENTION OF DATA
6.1. We normally retain your data only for as long as necessary to fulfill the purposes for which it was collected, such as providing our services or complying with our legal obligations (see section 1). In some cases, however, we may need to store it for longer, for example, to protect our legal rights.
6.2. When we no longer need your data, we will delete or anonymize it according to our data retention policies and applicable laws, or, if this is not possible (for example, because your data is stored in backup systems), we will secure and isolate it from any additional processing until deletion is possible.
7. YOUR RIGHTS
You have some rights regarding your data that may apply, such as:
The right to access the data.
The right to have it corrected.
The right to deletion (to the extent that we do not have a legitimate reason to keep it).
In some cases, you can ask us to limit processing, or object to that processing; a right to data portability may also apply.
When we process data based on your consent, you may withdraw it at any time, although it does not affect processing prior to that moment.
The right to lodge a complaint with a supervisory authority. In any case, we encourage you to reach out to us first.
8. CONTACTS
If you have any questions or want to exercise any of your rights, please contact us by email: admin@getdojo.ai. We are DOJOAI, Lda, and are headquartered at the AI Hub in Lisbon, Portugal.