PRIVACY AND
COOKIE POLICY
Effective: September 3, 2025
DOJO AI (also “we”, “us”, “our”) is committed to securing and protecting your personal information. Most of DOJO AI’s processing of personal data is done on behalf of our customers. Under the GDPR and similar laws, that makes us a data processor, while the Customer is a data controller. That processing by DOJO AI is covered by our Data Processing Addendum, which is part of our Terms of Service. This Privacy Policy, in turn, explains how we process personal information for our own purposes (as a data controller). By using our services or browsing our websites, you acknowledge the content of this policy. We may update it, so we encourage you to review this page periodically. Changes will be posted here with a revised “Last updated” date.
1. PROCESSING DETAILS
1.1. We typically process personal data of our users and/or customers.
1.2. The table below explains how we process your data:
1.3. To improve our systems and services, and as authorized by our customer, we may continue to process information derived from our customer’s data that has been deidentified, anonymized, and/or aggregated in a way that it is no longer considered personal data.
1.4 Third-Party API Data Access
We may access data from third-party services via their APIs, with the explicit authorization of the user. Unless explicitly stated otherwise, data accessed via third-party APIs is subject to the following restrictions:
such data is used solely to provide the requested functionality to the authorized user;
such data is not sold, rented, or shared with third parties except as necessary to provide the service;
such data is not used for advertising purposes;
such data is not used to train generalized machine learning or AI models;
such data is retained only for as long as necessary to fulfill the authorized purpose or as required by law.
1.4.1 Google API User Data Access and Usage
Dojo AI accesses Google user data via Google APIs only with explicit user authorization through Google OAuth and solely to provide user-requested functionality within the platform. Depending on the permissions granted, this includes access to Google Analytics reporting data, Google Ads account and campaign performance data, and Google Search Console performance data. This data is used exclusively to retrieve metrics, generate reports, and present analytics, performance insights, and AI-assisted analysis related to website traffic, search performance, and advertising performance for the authorized user. Google user data obtained through these APIs is processed only for these purposes, is not used for advertising, is not sold, and is not shared with third parties except where necessary to operate the service or comply with legal obligations. All Google service data is handled using appropriate technical and organizational security measures and is retained only for as long as necessary to provide the requested functionality. Users may revoke Dojo AI’s access to Google APIs at any time through their Google Account settings, after which access to Google service data is terminated. Dojo AI’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
2. COOKIES
2.1. On our websites, we also use cookies and similar technologies. A cookie is a small string of information that websites you visit store on your device for identification purposes. Some of the processing mentioned in section 1 may use cookies, for example.
2.2 We may use the following types of cookies:
a) Essential cookies: these are necessary to let you to move around websites and use their features. Without these, our websites would not work properly.
b) Functional cookies: these remember the choices you make (such as language/region) to improve your user experience.
c) Performance / analytics cookies: these keep track of the pages you visit and of other behavior to help improve our services and the performance of our websites. They mostly capture aggregate and/or anonymous data, but may also collect identifiable information.
d) Advertising cookies: these keep track of the pages you visit and of other behavior to provide ads that may be more relevant to you.
2.3. We rely on your consent for non-essential cookies. Non-essential cookies can be turned off, although this may limit the features and functionality of our websites. You can also have your device warn you whenever cookies are being used, and there is even software to help you manage cookies
3. DATA SHARING
3.1. We do not sell, rent, or monetize personal data with third parties.
3.2. We may share your personal data with third parties as follows:
a) Authorities and regulators: for example, for legal and compliance purposes as mentioned above.
b) Service Providers: To help us operate our business, we may share your personal data with vendors, service providers and partners (for example, cloud service providers, event management services, email communication software, law firms and other consultants, web analytics, advertising and marketing services, etc.). These providers operate under strict confidentiality and data privacy agreements. A list of key third-party service providers is available as an annex to the Data Processing Addendum.
c) Integrations/plugins: When you are using third party applications connected to your DOJO AI account, the providers of those applications may receive information about you from us or from others. When using our services, you may also interact with links to other websites not operated by us, including social media. In all these cases, their own terms and privacy policies may apply. You may contact the provider of those applications for information on their data processing.
d) Business changes: If we are involved in transactions like a sale, a merger, or a transition of service to another provider, your personal data may be shared with potential counterparties and others assisting with the transaction. It may also be transferred to another company as part of that transaction.
4. DATA SECURITY
We enforce robust data security practices to safeguard collected data, including:
Encryption at rest and in transit.
Access controls and authentication protocols.
Regular security audits and vulnerability assessments.
5. INTERNATIONAL TRANSFERS
5.1. Your personal data may be processed outside the country where you are located.
5.2. When this happens, especially when the recipient country’s data protection laws may not be as protective as the ones in your country, DOJO AI will work towards ensuring a high level of protection when transferring that data. We will take appropriate protection measures according to the applicable data protection requirements (such as the GDPR). Your data rights described in section 7 will not be affected.
5.3. These safeguards may include, for example, signing model contractual clauses with the recipients of your data. This means that the recipient guarantees a consistent level of protection for your data. We may also adopt other technical and organizational measures in these cases, as appropriate. We can provide a copy of the safeguards adopted upon request.
5.4. In some cases, we may have other justifications to transfer the data, such as engaging in a contract with you, obtaining your consent, or having a legitimate business need (such as legal claims).
6. RETENTION OF DATA
6.1. We normally retain your data only for as long as necessary to fulfill the purposes for which it was collected, such as providing our services or complying with our legal obligations (see section 1). In some cases, however, we may need to store it for longer, for example, to protect our legal rights.
6.2. When we no longer need your data, we will delete or anonymize it according to our data retention policies and applicable laws, or, if this is not possible (for example, because your data is stored in backup systems), we will secure and isolate it from any additional processing until deletion is possible.
7. YOUR RIGHTS
You have some rights regarding your data that may apply, such as:
The right to access the data.
The right to have it corrected.
The right to deletion (to the extent that we do not have a legitimate reason to keep it).
In some cases, you can ask us to limit processing, or object to that processing; a right to data portability may also apply.
When we process data based on your consent, you may withdraw it at any time, although it does not affect processing prior to that moment.
The right to lodge a complaint with a supervisory authority. In any case, we encourage you to reach out to us first.
8. CONTACTS
If you have any questions or want to exercise any of your rights, please contact us by email: admin@getdojo.ai. We are DOJOAI, Lda, and are headquartered at the AI Hub in Lisbon, Portugal.