Start here

AI Audit

Insights and actions for your AI future

AI MVP

Embed AI into your business fast and efficiently

Build your AI ecosystem

Gen-OS

Monitor, Guide & Improve your GenAI operations

Custom Data Science & Engineering

Develop single high-value use cases

AI Team as a Service

Want a turnkey team to take care of your AI systems and projects? We're here to help you deal with the FOMO

Scale your AI
Industries
Resources

Success Stories

Happy clients? Check them out here!

Blog

Our written thoughts and ideas are here

Pressroom

Sometimes, we end up on the news!

Events

Want to join us in-person or relive memories? Check here for past and upcoming events

About usJoin us
Start hereAI AuditAI MVP
Build your AI ecosystemGen-OSCustom Data Science & EngineeringAI Team as a Service
Scale your AI
Industries
Resources
Success StoriesBlogPressroomEvents
About us
Join us

Privacy Policy

Last updated: December, 2025

At Daredata, we value your privacy.

This Privacy Policy applies to the website https://daredata.ai (“Website”), belonging to
DareData, as well as to any other websites held by DareData, and regulates the
processing of its users’ personal data.

1. Who will process my data?

Your data will be processed by DareData S.A., headquartered at Av. Fontes Pereira de
Melo nº 31, 5º C, 1050-117 Lisbon, with VAT number 515362166 (“DareData”), as
controller, for the purposes of the General Data Protection Regulation (“GDPR”) and
Law no. 41/2004, of 18 of August.

2. Why will my personal data be processed?

DareData only processes your personal data:

- To comply with a contract, e.g. a services contract or a contract with a supplier.
- To pursue a legitimate interest, for example to:
o Answer communications addressed to DareData;
o Analysis of the Website’s use;
o Provision of assistance.
- If you have given DareData consent to do so, for the purpose(s) in question;
- Comply with any applicable legal obligations to which DareData is subject.

3. What personal data will be collected?

DareData collects, among others, the following personal data:

- Personal identification information (e.g., name, date of birth, gender, nationality,
citizen card number, VAT number);
- Contact information (e.g. phone number, e-mail, address);
- Cookies and Usage Data (e.g., IP address).

4. Where and for how long will personal data be stored?

DareData will keep your data only as long as necessary to achieve the purposes for
which they were collected. However, in certain cases, DareData may keep your data for
longer periods, particularly when the law requires this.

Your personal data will be stored through commercially acceptable means to avoid loss
or theft, as well as non-authorized access, distribution, copy, use or modification.

We follow the following retention schedule:

Client Data (Invoices & Contracts)
- Retention period: 10 years
- Reason: Mandatory retention for tax and accounting purposes (Portuguese Tax Law).

Recruitment Data (Candidates)
- Retention period: 1 year
- Reason: To address potential claims or for future opportunities if you opt-in.

Marketing Data (Leads)
- Retention period: Until you opt out (unsubscribe)
- Reason: Legitimate interest in maintaining business relationships.

Website Analytics
- Retention period: 2 years
- Reason: To analyze trends and website performance (via Google Analytics).

General Correspondence
- Retention period: 3 years
- Reason: To manage ongoing inquiries and potential disputes.

5. Will third parties access my personal data?

DareData respects the confidentiality of your information. DareData does not sell,
distribute or in any way make your information available to any third party, except when
required or permitted by law, when necessary to provide contracted services or when
you have provided consent to do so.

In particular, DareData may share your information with the following third-parties:

- It’s affiliates or other group companies;
- Public authorities;
- Service providers and business partners (including advertising partners and
advisors);
- Business transferees (in case of a business transaction).

6. How is my data handled and kept secure?

DareData implements appropriate technical and organizational measures to ensure a
level of security appropriate to the risk, in accordance with Article 32 of the GDPR. We
are committed to protecting your personal data against destruction, loss, alteration,
unauthorized disclosure, or access.

We take technical measures, namely encryption (we use SSL/TLS protocols to encrypt
data in transit and ensure sensitive data is encrypted at rest where applicable), access
control (strict authentication, permission management, and role-based access controls
to ensure data is only accessible to authorized personnel), backups (we perform
regular backups to ensure data availability and resilience) and defense systems
(firewalls, antivirus software, and intrusion detection systems to protect against
unauthorized access and malware) and organizational measures, such as ensuring
contractual commitments to confidentiality, training and proper internal policies.

In the event of a personal data breach that poses a risk to your rights and freedoms,
DareData is committed to notifying the National Commission for Data Protection
(CNPD) within 72 hours of becoming aware of the breach, as required by Article 33 of
the GDPR and notifying you if the breach is likely to result in a high risk to your rights
and freedoms.

7. What are my data protection rights?

Under the applicable legislation, the data subject (You) may exercise the following
rights:

- Right to access: You have the right to request DareData for confirmation as to
whether data concerning you is being processed and, when that is the case, access
such data.
- Right to rectification: You have the right to obtain from DareData the rectification of
inaccurate personal data concerning you.
- Right to erasure: You have the right to request DareData to erase your personal
data, if certain conditions are met.
- Right to restrict processing: You have the right to request DareData to restrict the
processing of your personal data, if certain conditions are met.
- Right to object processing: You have the right to object to DareData’s processing of
your personal data, if certain conditions are met.
- Right to data portability: You have the right to receive your personal data, which you
have provided to DareData, in a structured, commonly used and machine-readable
format and to request DareData to transfer it to another organization, or directly to
you, if certain conditions are met.

You will have the right to withdraw your consent at any time. The withdrawal of consent
shall not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the rights or have any additional questions respecting the
protection and processing of your personal data, contact DareData through the address
and e-mail below.

DareData does not create undue obstacles for the exercise of the right by the data
subjects. However, for their safety, it may request information which allows the
verification of the data subject’s identity.

Your requests will be handled with particular care to ensure the effectiveness of your
rights. Be aware that, in certain cases (e.g., due to legal requirements), it may not be
possible to deal with your requests immediately.

Additionally, you may also submit a complaint to the National Commission for Data
Protection, in writing, to Av. D. Carlos I, 134, 1.º, 1200-651 Lisbon, or to geral@cnpd.pt.

8. International Data Transfers

DareData is headquartered in Portugal. However, to provide our services efficiently, we
may transfer your personal data to third-parties located outside the European
Economic Area ("EEA"), specifically to the United States.

When we transfer data outside the EEA, we ensure a similar degree of protection is
afforded to it by ensuring at least one of the following safeguards is implemented:

Adequacy Decision: We transfer your personal data to countries that have been
deemed to provide an adequate level of protection for personal data by the European
Commission (e.g., transfers to US organizations participating in the EU-US Data Privacy
Framework).

Standard Contractual Clauses (SCCs): Where we use providers in countries without
an adequacy decision, we may use specific contracts approved by the European
Commission which give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us
when transferring your personal data out of the EEA.

9. Who may I contact to exercise my rights?

If you have any questions or wish to exercise any of the rights above, you may:

- Send an e-mail to: dataprotection@daredata.engineering.
- Send a letter to: Av. Fontes Pereira de Melo nº 31, 5º C, 1050-117 Lisbon.

10. How are changes to the Privacy Policy communicated?

Since our business activities are constantly evolving, our Privacy Policy may be
reviewed from time to time. In such cases, a new version of this Privacy Policy will be
posted on the website. You can easily identify the current version by checking the date
of the latest update at the top of this Privacy Policy.

Partners

Awards

Choose a journey

Start hereBuild your AI ecosystemScale your AI
Resources
BlogPressroomEventsSuccess Stories
Join usContact Us
Privacy Policy
Cookies Policy

Copyright @ All Rights Reserved 2019-2025