Legal
Privacy Policy
Effective July 1, 2026
1. Scope
This policy explains how Dunamis (“Dunamis”, “we”, “us”) handles personal data across the Services: this website (enterprisedunamis.com), the SaaS applications and apps we develop and operate, and our professional services. For anything privacy-related, write to Email us.
Two roles. For this website and for applications we offer directly, Dunamis is the controller of your personal data, and this policy applies in full. For software we build or operate on behalf of a client — including white-label platforms under the client’s brand — the client is the controller and their privacy policy governs; we act as a processor and handle personal data only on the client’s documented instructions, under the data processing terms of our agreement with them.
2. Data we collect
Account data. When you or your company create an account in one of our applications: name, work email, organization, role, and login credentials (passwords are stored only in hashed form).
Content you submit. The data you and your users put into an application to use it (“Customer Data”). Its nature depends on the product — for example, business records, documents, or financial information you connect. We process it to provide the Service, and only that.
Usage and device data. Logs generated by using the applications — such as IP address, browser and device type, pages and features used, and timestamps — collected for security, debugging, abuse prevention, and product improvement.
Billing data. For paid subscriptions: billing contact, company details, and payment records. Card details are handled by our payment processors and never touch our servers.
Communications. What you send us through the website contact form (name, email, message, and optional company, phone, and solution type), by email, or through support channels.
3. Why we use it
We use personal data to:
- provide, operate, secure, and support the Services (performance of a contract);
- respond to inquiries and prepare proposals (steps prior to a contract, and our legitimate interest in responding to business inquiries);
- bill and collect payment, and keep records the law requires us to keep (legal obligations);
- monitor, debug, and improve the Services, and prevent fraud and abuse (legitimate interest);
- send service communications about your account or subscription. We do not send marketing without your consent, and we never sell personal data or use it for third-party advertising.
4. Subprocessors and sharing
We share personal data only with service providers that help us run the Services, bound by data protection terms: cloud hosting and infrastructure providers, transactional email delivery providers, business productivity tools, and payment processors for paid subscriptions. We may also disclose data if the law requires it, or as part of a corporate transaction with equivalent protections.
We do not sell personal data and do not share it with anyone for advertising.
5. Security
We protect personal data with measures appropriate to the risk, including encryption in transit, hashed credentials, secrets kept in managed vaults, least-privilege access to production systems, and isolation between client environments. No system is perfectly secure; if a breach affects your data, we will notify you and the relevant authorities as applicable law requires.
6. Retention
Account and Customer Data are kept while your account or your company’s agreement is active. After termination, Customer Data is made available for export for the period set in the agreement and then deleted or anonymized, except where the law requires longer retention (for example, billing records). Inquiry emails are kept for as long as needed to handle the conversation and for a reasonable period afterwards for business records.
7. International transfers
Our providers may process data on servers outside your country. Where required, these transfers rely on recognized safeguards such as the providers’ standard contractual clauses.
8. Your rights
Depending on where you live (including under the GDPR in the EU/EEA and the LGPD in Brazil), you may have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict its processing, and to withdraw consent. To exercise any of these, email Email us — we will respond within the timeframe applicable law requires. You also have the right to complain to your local data protection authority.
If your data lives in an application we operate for a client (where the client is the controller), we will refer your request to that client and support them in answering it, as our agreement with them requires.
9. Cookies and browser storage
This website uses no tracking cookies, analytics, or advertising. It stores two small functional values in your browser: your language choice and a flag that you have seen the intro animation. Neither identifies you or leaves your device. Our applications use the cookies or tokens strictly necessary to keep you signed in and secure; any product-specific cookies are described in that product’s documentation.
10. Children
The Services are business tools and are not directed at children. We do not knowingly collect personal data from anyone under 16; if you believe we have, contact us and we will delete it.
11. Changes to this policy
If we change how the Services handle personal data, we will update this policy and its effective date before the change takes effect, and — for material changes affecting an active account — notify you through the Service or by email.