Meet Dora AI

Privacy Policy

Privacy Policy and Data Processing

1. Purpose of personal data processing

At DORA AI we value the protection of personal data. During interaction with our services, we may collect information such as first name, last name, contact details, and preferences, both in structured and unstructured formats (for example, conversation logs or forms). This information is mainly used to:

  • Provide and improve the services offered to the Client and its end users.
  • Facilitate business management and technical support.
  • Analyze system usage and strengthen its security.
  • Comply with current legal obligations.

To fulfill these purposes, we may share some personal data with carefully selected external providers (for example, hosting services, data analysis, or databases), always under confidentiality agreements and following our guidelines. DORA AI guarantees that such transfers comply with European laws and provide appropriate security safeguards.

2. Contact details of the Client’s staff

By accepting our commercial proposal, the Client authorizes us to store the contact details of its employees or representatives, exclusively for purposes related to marketing, technical support, or business management. It is the Client’s responsibility to have previously obtained the necessary consent.

3. Data of the Client’s end users

In the case of processing personal data of the Client’s customers, patients, or users, it is the Client’s responsibility to ensure that explicit consent has been requested and obtained before any interaction with DORA AI. If the conversation flow allows, a consent mechanism may be included directly in the system. For minors, consent must be granted by their legal representatives.

4. Rights of data subjects

Every individual has the right to:

  • Access, rectify, or delete their personal data.
  • Restrict or object to the processing of their data.
  • Request the portability of their data.
  • Exercise the right to be forgotten.

To exercise any of these rights, they may contact us directly at team@getdora.app. We will handle each request in accordance with current data protection legislation.

5. Data Protection Officer (DPO)

DORA AI has a Data Protection Officer (DPO) responsible for ensuring regulatory compliance, transparency, and security in the processing of personal data. For any specific inquiries, you can contact us at team@getdora.app.

6. Legal basis for processing

The processing of data is based on:

  • Contractual necessity to provide the requested service.
  • The legitimate interest of DORA AI in improving its operations.
  • Compliance with legal obligations.

It is the Client’s obligation to obtain prior consent from its users for any data processing that involves our intervention.

7. Automated decisions and segmentation

The DORA AI system may include algorithms that enable user segmentation, lead scoring, or intelligent routing to human agents. These processes must comply with the criteria defined by the Client within the configured context. Prior consent from the end user is required when applicable, thus ensuring transparency and consistency in processing.

8. Updates to this policy

DORA AI periodically reviews its privacy policy to adapt it to legislative changes or technological developments. We recommend consulting this section regularly to stay informed.

9. Non-exclusivity

This agreement does not imply any type of exclusivity between the Client and DORA AI, allowing both parties to maintain relationships with third parties.

10. Service availability and operation

  • In case of serious or persistent interruptions, the Client may terminate the contract without penalty.
  • The Client acknowledges that the system may experience incidents beyond DORA AI’s control (such as technical failures or maintenance).
  • DORA AI will not be responsible for erroneous results arising from poorly defined contexts or insufficient testing by the Client.
  • We reserve the right to temporarily suspend access to the service, with notice by email, in case of technical work or security reasons.

11. Contractual independence

  • Both parties act as independent entities, with no partnership, mandate, or employment relationship between them.
  • Each party is responsible for fulfilling its own tax, labor, and social security obligations.
  • Responsibility for their own or contracted staff rests entirely with each party.

12. Formal communications

All legal or contractual notifications must be sent exclusively by email between the declared official addresses. Any communication made from and to third-party servers (such as Gmail, Outlook, or Yahoo) will be considered valid, provided they do not allow subsequent manipulation of sent or received messages.