danAIdes Back to Home

Privacy Policy & GDPR

Last Updated: February 1, 2026

1. Privacy Commitment

At DANAIDES, protecting your personal data is of paramount importance. This privacy policy informs you how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR).

We are committed to processing your data transparently, securely, and respecting your rights. DANAIDES will never sell your personal data or that of your clients.

2. Data Controller

DANAIDES
Address: Grand-Rue 45, 1110 Morges, Switzerland
Email: contact@danaides.cloud
Phone: +41 76 237 29 70

3. Legal Basis and Purposes

Legal Basis for Processing:

  • Contract Execution: Necessary for service provision and relationship management.
  • Legal Obligation: Billing, accounting, tax compliance.
  • Legitimate Interest: System security, service improvement, B2B communication.
  • Consent: For marketing and non-essential cookies.

Processing Purposes:

  • Primary: Service execution, CRM, billing, support.
  • Secondary: Service improvement, analytics.

4. Data Collected & Retention

We collect and process the following data types:

4.1 Identification Data

  • Examples: Name, email, phone, address.
  • Purpose: CRM and billing.
  • Retention: 3 years after end of commercial relationship.

4.2 Billing Data

  • Examples: Banking info (via Stripe), payment history, invoices.
  • Purpose: Accounting and administration.
  • Retention: 10 years (legal obligation).

4.3 Project Data (OAuth & API)

  • Examples: Specs, analyzed emails, calendar events, tokens.
  • Purpose: Service execution.
  • Retention: 5 years after project end.

5. Detailed Scopes and Permissions (Google, Microsoft, WhatsApp)

DANAIDES uses third-party API services. Here is the exhaustive list of requested permissions and their justification:

5.1 Google (Gmail & Calendar)

  • openid, userinfo.email: Authentication and account creation on the DANAIDES platform.
  • gmail.modify: Read and modify access (e.g., mark as read) to analyze incoming emails via AI.
  • gmail.labels: Management of email categories and smart sorting.
  • gmail.send: To send responses drafted by the AI.
  • calendar: To read full availability and create/modify events or appointments.
  • Exclusion: We do NOT access your Google Drive, Docs, or Photos files.

5.2 Microsoft (Outlook & Graph)

  • openid, profile, email, User.Read: Authentication and basic profile mapping.
  • Mail.ReadWrite: Reading and modifying (e.g., mark as read) emails for AI analysis.
  • Mail.Send, Mail.Send.Shared: Sending responses and managing shared mailboxes.
  • Calendars.ReadWrite: Full calendar management and appointment booking.
  • offline_access: Background connection maintenance for automation flows.
  • Exclusion: We do NOT access OneDrive or SharePoint.

5.3 WhatsApp (Meta)

  • whatsapp_business_messaging: To send and receive messages via the WhatsApp agent.
  • Note: Phone numbers are used solely for message routing.

4.4 Connection Data

  • Examples: IP, logs, cookies.
  • Purpose: Security and improvement.
  • Retention: 12 months max.

5. Data Recipients

  • Internal Team: Authorized staff (strict access).
  • Technical Providers: Hosts (Google Cloud), dev tools, support (with signed DPAs).
  • Authorities: Only upon legal obligation or judicial request.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Use of TLS 1.2+ protocols for transit and AES-256 for storage (especially OAuth tokens).
  • Restricted Access: Only strictly authorized employees and technical systems can access data.
  • Backups: Regular, encrypted, and secure backups.

7. Your GDPR Rights

In accordance with GDPR, you have the following rights:

  • Right of Access: You can request to know what data we hold about you.
  • Right to Rectification: You can request the correction of inaccurate data.
  • Right to Erasure: You can request the deletion of your data in certain cases.
  • Right to Portability: You can retrieve your data in a structured format.
  • Right to Object: You can object to the processing of your data.
  • Right to Restriction: You can request the limitation of the processing of your data.

To exercise these rights, contact us at: contact@danaides.cloud

7. Supervisory Authority

You also have the right to lodge a complaint with the competent supervisory authority (e.g., FDPIC in Switzerland) if you believe that the processing of your personal data constitutes a violation of GDPR.