Dala Privacy Policy

This Privacy Policy describes how Dala (referred to as "Dala," "we," "us," or "our") collects, uses, processes, and protects your personal information when you use our AI services and website (collectively, the "Services"). We are committed to protecting your privacy and ensuring the security of your personal information in compliance with the Protection of Personal Information Act, 2013 ("PoPIA") of South Africa, and the General Data Protection Regulation ("GDPR") of the European Union, where applicable.

By accessing or using our Services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect various types of information to provide and improve our Services to you.

1.1 Personal Information You Provide to Us

This includes information you voluntarily provide when you register for an account, use our AI services, communicate with us, or otherwise interact with our platform. This may include:

• Contact Information: Name, email address, phone number, company name.

• Account Information: Username, password (hashed), and other registration details.

• Billing and Payment Information: Details necessary for processing payments (e.g., credit card information, bank account details). Note: We do not store full payment card details; these are processed by secure third-party payment processors.

• User Input Data: Any data, text, documents, images, or other content you input, upload, or generate using our AI services. This includes data processed by the AI for task execution.

• Communication Data: Records of your correspondence with us, including customer support inquiries.

1.2 Information Collected Automatically

When you access and use our Services, we may automatically collect certain information about your device and usage patterns, including:

• Usage Data: Information about how you interact with our Services, such as features used, time spent on pages, search queries, and AI task execution logs.

• Device Information: IP address, browser type, operating system, device identifiers, and mobile network information.

• Log Data: Server logs that may include your IP address, access times, pages viewed, and referring URLs.

• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 6 for more details).

2. How We Use Your Information

We use the information we collect for the following purposes, based on the lawful bases outlined in PoPIA and GDPR:

2.1 To Provide and Maintain Our Services (Lawful Basis: Contractual Necessity)

• To create and manage your account.

• To deliver, operate, and maintain our AI services, including processing your inputs and generating outputs for business task execution.

• To process transactions and send you related information, including confirmations and invoices.

• To provide customer support and respond to your inquiries.

2.2 To Improve and Develop Our Services (Lawful Basis: Legitimate Interest)

• To understand how users interact with our Services and to enhance user experience.

• To develop new features, products, and services.

• To perform analytics, research, and statistical analysis to improve the performance and accuracy of our AI models.

• To monitor and analyze trends, usage, and activities in connection with our Services.

2.3 For Security and Fraud Prevention (Lawful Basis: Legal Obligation, Legitimate Interest)

• To detect, prevent, and address technical issues, security incidents, and fraudulent activities.

• To protect the rights, property, or safety of Dala, our users, or the public.

2.4 For Communication and Marketing (Lawful Basis: Consent, Legitimate Interest)

• To send you technical notices, updates, security alerts, and support messages.

• To send you promotional communications about new features, products, and services, where you have consented or where we have a legitimate interest to do so. You can opt-out of marketing communications at any time.

2.5 For Legal Compliance (Lawful Basis: Legal Obligation)

• To comply with applicable laws, regulations, legal processes, or governmental requests.

• To enforce our Terms of Service and other agreements.

3. Sharing and Disclosure of Your Information

We do not sell your personal information. We may share or disclose your information in the following circumstances:

3.1 With Service Providers

We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as payment processing, hosting, data analysis, customer support, and marketing assistance. These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

3.2 Within Your Organisation (for Organisational Accounts)

If you use Dala under an organisational account, data shared under the "Organisation" setting is accessible only within your organisation and is not visible to external parties.

3.3 Public Sharing (if designated by you)

Information you designate as "Public" within the Services may be shared externally and can be used for marketing and promotional purposes by Dala. You maintain full control over the visibility and use of your data through your privacy settings within the platform.

3.4 For Legal Reasons

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation.

• Protect and defend the rights or property of Dala.

• Prevent or investigate possible wrongdoing in connection with the Services.

• Protect the personal safety of users of the Services or the public.

• Protect against legal liability.

3.5 Business Transfers

In the event of a merger, acquisition, asset sale, or other corporate restructuring, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control of your personal information.

3.6 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

4. Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption: Using encryption for data in transit and at rest where appropriate.

• Access Controls: Restricting access to personal information to authorised personnel only.

• Regular Security Audits: Conducting periodic security assessments and vulnerability scans.

• Data Minimisation: Collecting only the personal information necessary for the stated purposes.

• Anonymisation/Pseudonymisation: Where feasible, anonymising or pseudonymising data to protect identity.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

We use cookies for:

• Essential Functionality: To enable core features and ensure the website functions correctly.

• Performance and Analytics: To collect information about how you use our Services, allowing us to improve their performance and design.

• Personalisation: To remember your preferences and settings.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

7. Your Rights

Under PoPIA and GDPR, you have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights:

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you.

7.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal information under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected).

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information under certain circumstances (e.g., if you contest the accuracy of the data).

7.5 Right to Object to Processing

You have the right to object to the processing of your personal information based on our legitimate interests or for direct marketing purposes.

7.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant supervisory authority:

• South Africa: Information Regulator (South Africa)

• European Union: The data protection authority in your Member State.

To exercise any of these rights, please contact us using the details provided in Section 9. We may require you to verify your identity before responding to your request.

8. International Data Transfers

Your personal information may be stored and processed in countries outside of South Africa or the European Economic Area (EEA) where our service providers are located. When we transfer your personal information internationally, we ensure that appropriate safeguards are in place to protect your data, such as:

• Transferring data to countries deemed to provide an adequate level of protection by the relevant authorities (e.g., European Commission adequacy decisions).

• Implementing standard contractual clauses (SCCs) approved by the European Commission or the Information Regulator (South Africa).

• Obtaining your explicit consent for the transfer.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Services after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [Insert Dala's Support Email Address Here, e.g., This email address is being protected from spambots. You need JavaScript enabled to view it.] Address: [Insert Dala's Physical Address Here, if applicable]