Protecting your data on Dialoom

1. Purpose of this privacy policy

Dialoom is a professional booking and real-time video communication service operated by Fremmenn Dynamics, S.L.. This privacy policy explains how we collect, use, disclose, store, and protect personal data when individuals browse our websites, create an account, host or join a call, receive communications, or otherwise interact with our products and support channels.

We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, or GDPR), the Spanish Organic Law 3/2018 on Data Protection and Digital Rights, and other applicable European and Spanish regulations on electronic communications and consumer protection.

2. Data controller and contact details

• Controller: Fremmenn Dynamics, S.L.
• Tax ID: CIF B75342105
• Registered address: Avda. Catedral, Núm. 6, Planta 1, 08002 Barcelona, Spain
• Primary contact: info@fremmenndynamics.com
• Privacy contact: privacy@dialoom.com

We have not appointed a Data Protection Officer. All privacy-related enquiries should be submitted via the above email addresses or by writing to our registered address with the subject line “Data Protection”.

3. Personal data we collect

We collect the following categories of personal data, depending on how you interact with Dialoom:

• Account and profile data: name, surname, display name, profile photo, biography, professional categories, availability preferences, preferred language, and authentication identifiers.
• Contact data: email address, telephone number (if you choose to provide it), country, and billing address for invoicing.
• Booking and payment data: booking references, selected services, price, currency, VAT number, invoicing data, Stripe customer IDs, payment confirmations, payout summaries, and payout bank details provided by hosts through Stripe Connect.
• Usage data: log-in timestamps, device information, browser type, IP addresses, approximate location inferred from IP, in-app actions, and diagnostics from our video infrastructure (Agora) to maintain call quality and security.
• Support and correspondence: messages sent to support, feedback, survey responses, recordings of support calls (when applicable), and ticket metadata.
• Marketing and consent data: subscription preferences, consent receipt, and interaction data with marketing emails when you opt in.

We do not intentionally collect special categories of data (Article 9 GDPR). Users must refrain from sharing sensitive information unless strictly necessary for the requested service and protected by appropriate safeguards.

4. Legal bases and purposes of processing

We only process personal data when there is a lawful basis under Article 6 GDPR:

• Performance of a contract: to create and manage accounts, enable bookings, deliver video sessions, issue invoices, pay hosts, and provide support to registered users.
• Compliance with legal obligations: to meet tax, accounting, anti-fraud, and regulatory requirements, and to respond to lawful requests from competent authorities.
• Legitimate interests: to operate and improve the platform, ensure network and information security, prevent misuse, handle business analytics, and send service communications that are reasonably expected by users. We balance our interests against your fundamental rights and freedoms before relying on this ground.
• Consent: for optional email marketing, use of non-essential cookies, and when users request call recordings or transcripts. You may withdraw consent at any time without affecting prior lawful processing.

5. How we obtain personal data

• Directly from users when they create an account, fill in their profile, make or accept bookings, submit forms, or communicate with our team.
• Automatically through cookies, SDKs, and similar technologies when using our websites and apps.
• From third-party providers (for example, Stripe for payment confirmations or identity information required for host payouts) when this is necessary to deliver our services.

6. Sharing information and processors

We do not sell personal data. We share personal data only with service providers that help us operate the platform, always under written data processing agreements that reflect Article 28 GDPR requirements. Key partners include:

• Stripe Payments Europe, Limited: secure payment processing, host payouts, and fraud prevention.
• Agora Lab, Inc.: real-time video infrastructure and quality diagnostics.
• Hosting and infrastructure providers: cloud hosting, content delivery, and email delivery (including providers such as Vercel, AWS, and transactional email services).
• Professional advisers: legal, compliance, accounting, or audit firms when necessary.

We may also disclose data when required by law, in connection with corporate transactions, or to protect our rights, users, and the public from harm, always ensuring that disclosure is lawful and proportionate.

7. International data transfers

Some of our processors are located outside the European Economic Area. When data is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, additional technical and organisational measures, and strict access controls. You may request a copy of the relevant safeguards using the contact details provided in this policy.

8. Retention periods

We retain personal data only for as long as necessary for the purposes outlined above or to comply with legal obligations:

• Account data: kept while the account remains active and deleted or anonymised within 12 months of closure.
• Booking and payment data: retained for up to 6 years to meet tax and accounting requirements.
• Support correspondence: retained for up to 24 months to improve service quality and resolve disputes.
• Marketing consents: retained until you withdraw consent or your account is closed, whichever comes first.
• Security logs: retained for up to 12 months unless a longer period is needed to investigate incidents.

When data is no longer required, we securely delete it or anonymise it so that it can no longer be linked to an identifiable individual.

9. Security measures

We implement technical and organisational measures aligned with industry best practices to protect personal data, including encryption in transit and at rest, access controls based on least privilege, multi-factor authentication for administrative access, vulnerability management, staff confidentiality agreements, and regular security reviews with our processors.

10. Data subject rights

Under GDPR, you have the following rights:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Request erasure when data is no longer necessary or processing is unlawful.
• Restrict processing under certain circumstances.
• Object to processing carried out on legitimate interests or direct marketing grounds.
• Receive data you provided in a structured, commonly used, machine-readable format (data portability).
• Withdraw consent at any time, without affecting processing carried out before withdrawal.
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, since Dialoom does not carry out such decisions without human involvement.

11. Exercising your rights

You can exercise your rights by emailing privacy@dialoom.com or by writing to our registered address with proof of identity. We will respond within one month of receiving a complete request. This period may be extended by a further two months for complex or numerous requests, in which case we will inform you of the extension and the reasons for the delay.

If you believe your rights have not been respected, you may lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, www.aepd.es) or with your local supervisory authority.

12. Children

Dialoom is intended for professionals and clients who are at least 18 years old. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete the information and may close the account.

13. Changes to this policy

We may update this policy to reflect changes in our services or applicable law. Substantial changes will be communicated through the platform or by email. The version published on this page is the one currently in force.

14. Contact

If you have any questions about how we handle personal data, please contact us: