GDPR Compliance
Your rights under the General Data Protection Regulation
Honest Disclosure: GDPR Status
Dimora AI currently serves primarily US-based property managers. We are actively implementing GDPR-compliant practices and working toward full certification by Q3 2025.
We apply GDPR principles to all users as best practices, even as we work toward formal compliance. This page transparently outlines your rights, our current implementation status, and our roadmap.
GDPR & Dimora AI
The General Data Protection Regulation (GDPR) is a comprehensive European Union privacy law that grants individuals significant control over their personal data. While Dimora AI is a US-based company primarily serving US clients, we recognize the importance of GDPR compliance for any users in the EU or processing EU residents' data.
Our GDPR Approach
- 1.Current Focus: US-based property managers and guests
- 2.Active Development: GDPR compliance measures in implementation
- 3.Best Practices: Applying GDPR principles for all users
- 4.Target Completion: Q3 2025
Transparency Commitment: We believe in honest communication. Rather than claiming full GDPR compliance prematurely, we're transparent about our current status and our active work toward certification.
Who This Applies To
GDPR applies to you if:
EU Residents
You are a resident of an European Union member state
EU Citizens
You are an EU citizen, regardless of current location
Data Processed in EU
Your data is processed in the European Union
US Clients with EU Guests
You're a US property manager handling EU guest data
Note for US Clients: If your properties receive bookings from EU residents, their data is protected under GDPR. We're building our systems to handle this scenario appropriately.
Your GDPR Rights
Under GDPR, you have comprehensive rights regarding your personal data:
Right to Access
Available NowRequest a copy of all personal data we hold about you
You can request to know what data we've collected, how we're using it, and who we've shared it with. We'll provide this in a clear, structured format.
Right to Rectification
Available NowCorrect inaccurate or incomplete personal data
If information we hold about you is incorrect or incomplete, you have the right to request corrections or additions.
Right to Erasure (Right to be Forgotten)
Available NowRequest deletion of your personal data
You can request deletion of your data, subject to legal retention requirements and legitimate business needs. We'll delete within 30 days unless legally required to retain.
Right to Restrict Processing
Available NowLimit how we process your data
You can request we stop processing your data while we verify its accuracy, assess the lawfulness of processing, or handle your objection.
Right to Data Portability
Available NowReceive your data in a machine-readable format
Request your data in a structured, commonly-used, machine-readable format (JSON, CSV) to transfer to another service provider.
Right to Object
Available NowObject to certain types of data processing
Object to processing based on legitimate interests, direct marketing (we don't currently do this), or automated decision-making.
Rights Related to Automated Decision-Making
Available NowHuman review of automated decisions
Request human review of decisions made solely by our AI without human intervention. Understand the logic behind AI-generated responses.
How to Exercise Your Rights
To exercise any of your GDPR rights:
Request Process
- 1.
Submit Request
Email gdpr@dimora.ai (placeholder - will be active by Q2 2025)
- 2.
Provide Information
Include your full name, email address, specific request, and proof of identity
- 3.
Identity Verification
We may request additional proof of identity to protect your data from unauthorized requests
- 4.
Response
We'll respond within 30 days (GDPR requirement)
First Request: Free
Your first request is always free of charge
Excessive Requests
We may charge a reasonable fee for manifestly unfounded or excessive requests
Our Data Processing
What Data We Collect
Call Data
- •Audio recordings of phone conversations
- •Call transcripts
- •Call metadata (duration, date, time, phone numbers)
Guest Information
- •Names and phone numbers
- •Reservation details
- •Inquiry content and requests
Property Manager Data
- •Business contact information
- •Property details and policies
- •Team member names and emails
Legal Basis for Processing
Contractual Necessity
Processing is necessary to provide the AI receptionist service you've contracted for
Example: Handling guest phone calls, booking reservations, answering inquiries
Legitimate Interests
Processing is necessary for our legitimate business interests (and doesn't override your rights)
Example: Improving AI accuracy, preventing fraud, ensuring service security
Consent
You've given clear, affirmative consent for specific processing activities
Example: Optional marketing communications (currently not implemented)
Data Recipients (Who We Share With)
We share data only with trusted third-party service providers necessary to deliver our service:
Cloud-based voice AI platforms
Purpose: Process phone calls, voice recognition, AI response generation
Safeguards: Contractual data processing agreements, encryption requirements
Workflow automation tools
Purpose: Route notifications, integrate with client systems
Safeguards: Limited data access, encryption in transit and at rest
Cloud database services
Purpose: Secure data storage and backup
Safeguards: Encryption, access controls, regular security audits
Property management systems
Purpose: Sync reservation data with client's existing PMS
Safeguards: API authentication, encrypted communication
International Data Transfers
Dimora AI is based in the United States, which means data is transferred from the EU to the US:
Current Status
- •Primary Storage Location: United States data centers
- •Security Measures: Encryption in transit and at rest, strict access controls
- •Provider Standards: All providers meet enterprise security standards
Planned for GDPR Compliance
By Q3 2025, we will implement:
- Standard Contractual Clauses (SCCs): EU-approved transfer mechanisms
- Data Protection Impact Assessment: Formal DPIA for international transfers
- EU Data Residency Option: For clients requiring EU-only storage (enterprise tier)
Data Retention
We retain personal data only as long as necessary for the purposes outlined:
Active Client Data
Duration of service relationshipNecessary to provide AI receptionist service
Call Recordings & Transcripts
30-90 days (per client preference)Client access for quality review and dispute resolution
Guest Contact Information
Duration of service relationshipHandling future inquiries from returning guests
Terminated Account Data
30 days after terminationAllow for account reactivation requests, then deleted
Backup Data
Up to 90 days in backup systemsDisaster recovery and data integrity
Legal Hold Data
As required by lawCompliance with legal obligations, litigation, or regulatory requirements
Current GDPR Implementation Status
Transparent disclosure of what we've implemented and what's in progress:
Data Mapping & Inventory
Q1 2025Comprehensive audit of all data collected, processed, and stored
Privacy by Design
Q2 2025Embedding data protection into system architecture
Data Processing Agreements
Q2 2025Reviewing and updating all third-party processor contracts
EU Representative Appointment
Q2 2025Designating EU representative (required when serving EU clients)
Data Protection Impact Assessment
Q2 2025Formal DPIA for high-risk processing activities
Breach Notification Procedures
Q1 2025Formal 72-hour breach notification process
Rights Request Portal
Q3 2025Automated portal for exercising GDPR rights
Data Protection Officer
DPO Appointment: Planned
We are in the process of appointing a Data Protection Officer (DPO) as part of our GDPR compliance efforts.
Timeline: DPO will be appointed by Q2 2025
In the interim, privacy and data protection inquiries can be directed to:
General Privacy
privacy@dimora.aiEU Representative
EU Representative: To Be Appointed
Under GDPR Article 27, companies without an EU establishment must appoint an EU representative when offering goods or services to EU residents.
Status: We will appoint an EU representative when we begin actively serving EU-based clients (estimated Q2-Q3 2025).
The EU representative will serve as a point of contact for EU data protection authorities and individuals regarding GDPR compliance matters. Contact information will be published on this page once appointed.
Policy Updates
We will update this GDPR page as we implement new compliance measures and achieve certifications:
Material Changes
30-day advance notice via email for significant changes to data processing practices
Status Updates
Regular updates to this page as we complete GDPR compliance milestones
Certification Announcements
Public announcement when we achieve full GDPR compliance certification
Transparency Promise: We commit to updating this page honestly and promptly as our GDPR compliance progresses. Check back for updates on our roadmap.
Contact Information
For GDPR-related questions, rights requests, or concerns:
GDPR Rights Requests
gdpr@dimora.ai(Email will be active by Q2 2025 - until then, use privacy@dimora.ai)
General Privacy Inquiries
privacy@dimora.aiMailing Address
Dimora AI, LLC
California, United States
(Physical address to be added upon business registration)
Questions About GDPR or Your Data Rights?
We're committed to transparency and protecting your privacy.
Contact Privacy Team