Privacy Policy — D.A.M.I Platform

Effective Date: June 6, 2026 Last Updated: June 6, 2026

1. Introduction

D.A.M.I Technologies ("Company", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use D.A.M.I ("Service").

This policy complies with:

India: Information Technology Act, 2000 & IT Rules, 2011
EU: General Data Protection Regulation (GDPR) — for EU users
US: California Consumer Privacy Act (CCPA) — for California users

2. Information We Collect

2.1 Account Information (you provide)

Name, email address
Organization name
Authentication credentials (via Firebase Auth — we never see your password)
Profile picture (from Google/GitHub OAuth)

2.2 Usage Data (automatically collected)

API request logs (endpoint, timestamp, response time)
Feature usage patterns (which agents used, workflow count)
Device and browser information (User-Agent)
IP address (for rate limiting and security)

2.3 Integration Data (when you connect tools)

Tool connection metadata (which tools connected, connection status)
Connector credentials (encrypted at rest with AES-256)
Webhook payloads from connected tools (Jenkins build logs, GitHub events, Jira updates)

2.4 AI Processing Data

Prompts you send to D.A.M.I agents
AI-generated responses, analyses, and recommendations
Workflow execution history

3. How We Use Your Information

Purpose	Legal Basis
Provide and operate the Service	Contract performance
Authenticate your identity	Contract performance
Process AI requests and generate responses	Contract performance
Monitor service health and performance	Legitimate interest
Prevent fraud and abuse	Legitimate interest
Send product updates and security alerts	Legitimate interest
Comply with legal obligations	Legal obligation
Improve the Service (aggregated, anonymized)	Legitimate interest

4. AI & Data Processing

4.1 No Model Training on Your Data

We do NOT use your code, logs, prompts, or data to train AI models.

4.2 Third-Party AI Providers

D.A.M.I routes AI requests to:

Google Vertex AI (Gemini) — configured with Google's zero data retention policy
Other providers as configured in your settings

These providers process your prompts to generate responses but do not store, log, or use your data for model training.

4.3 Data Sanitization

Before sending data to AI providers, D.A.M.I's sanitization layer redacts:

API keys, passwords, tokens
Personally identifiable information (PII)
Database connection strings
SSH keys and certificates

5. Data Storage & Security

5.1 Where We Store Data

Application data: Google Cloud (us-central1 region)
Authentication: Firebase Auth (Google Cloud)
Database: AlloyDB (Google Cloud) — encrypted at rest
Secrets: Google Cloud Secret Manager

5.2 Security Measures

Control	Implementation
Encryption in transit	TLS 1.3 (HTTPS)
Encryption at rest	AES-256 (AlloyDB default)
Authentication	Firebase Auth (OAuth 2.0 + JWT)
API security	SHA-256 hashed API keys
Access control	Role-based (Admin, Engineer, Viewer)
Rate limiting	Tier-aware per-tenant limits
Audit logging	Immutable audit trail for all actions
Credential storage	Encrypted with application SECRET_KEY

5.3 Data Breach Notification

In the event of a data breach:

We will notify affected users within 72 hours
We will notify relevant supervisory authorities as required by law
We will provide details of the breach and steps taken to mitigate

6. Data Sharing

We do NOT sell your data. We share data only in these cases:

Recipient	Purpose	Data Shared
Google Cloud (infrastructure)	Hosting, database, AI processing	Application data (encrypted)
Firebase Auth	Authentication	Email, name, OAuth tokens
AI model providers	Generate AI responses	Sanitized prompts (PII redacted)
Your connected tools	Execute actions you approve	Actions and data as needed
Law enforcement	Legal obligation	As required by valid legal process

7. Your Rights

All Users

Access: Request a copy of your personal data
Correction: Update inaccurate personal data
Deletion: Delete your account and associated data
Export: Download your data in JSON format

EU/UK Users (GDPR)

Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing based on legitimate interest
Right to withdraw consent at any time

California Users (CCPA)

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we don't sell data)
Right to non-discrimination for exercising CCPA rights

8. Cookies

We use minimal cookies:

Cookie	Purpose	Duration
Session cookie	Authentication state	Session
Firebase auth token	JWT for API requests	1 hour

We do NOT use:

Advertising cookies
Third-party tracking cookies
Analytics cookies (unless you opt in)

9. Data Retention

Data Type	Retention Period
Account information	Until account deletion
Workflow history	90 days (configurable per tenant)
Audit logs	1 year
AI conversation history	30 days
Connector credentials	Until disconnected
Deleted account data	Purged within 30 days

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

11. International Data Transfers

Data is processed in the United States (Google Cloud us-central1). For EU users, transfers are covered by:

Google Cloud's Standard Contractual Clauses (SCCs)
Google's commitment to data protection under GDPR

12. Changes to This Policy

We will notify you of material changes via:

Email notification (30 days before effective date)
In-app notification
Updated "Last Updated" date on this page

13. Contact Us

Data Protection Officer: [Your Name] Email: privacy@dami.ai Address: [Your registered business address]

For GDPR-related requests: dpo@dami.ai For data deletion requests: privacy@dami.ai

By using D.A.M.I, you acknowledge that you have read and understood this Privacy Policy.