👮Privacy Policy

Learn more about how Data Against Data collects and uses data and your rights as a user.

Last updated: Sep 15th, 2022


This Privacy Policy governs the processing and transfer of Personal Data that “Data Initiative SRL” (i.e. “Data Against Data”, “DAD”) collects and process in connection with our website and services (the App).

Our Privacy Policy is an integral part of our Terms of Service.

In order to explain what types of data DAD processes let’s spend a moment to understand the differences between different types of data.

By Personal Data we mean information that can identify you as an individual such as your name, email address, pictures or other online identifiers, etc.

Non-Personal Data means information that cannot be linked or traced back to an identifiable individual and are usually found in an aggregated form regardless of how it is being reasonably used by data operators directly or indirectly.

At DAD, we believe privacy policies should help you understand how your Data is being used and provide you with a fair choice to control it.

Registration with DAD

Your digital footprint is stored mostly trough the interractions in you Inbox. DAD uses a technology that reconstructs that footprint using very little data to start with.

The moment you register with DAD, we will ask you to provide permission to connect to your email inbox. This is done trough the „Connect with Google” or similar login systems, that enable us to establish a secured connection. The system is based on a secured authorisation protocol named OAUTH2. This ensures that DAD does not, at any time, have access to your password.

Once this step in completed we look for exchanges of emails between you and all the companies you interacted with and present you with a comprehensive list of them. We only scan for the sender’s domains where the emails originated, as well as the email message meta-data (like date and time, etc.).

We do not process or collect any of the content in any of the emails in your Inbox.

Once you have the list of companies you interacted with you can exercise various Personal data rights like to access or delete the information with that company. Every time you select to send such a request, it will be sent directly from your email Inbox. DAD enables you to keep track of these requests but it will be you who actually sends them. DAD does not act as an agent on your behalf.

In some instances accessing or deleting your Personal Data is not straight forward and may require additional communications between yourself and the company. In some cases the companies will come back to further verifiy you are who you claim and to verify your identity. To get an ideea of the status of the requests you can check the status in „My Requests”. And remember, we do not collect or store these messages with DAD, we only display them for you as they remain secured in your Inbox.

We do not sell, rent, trade your Perosnal Data. We share Personal Data with essential third parties, in connection to the Services we provide, for example our cloud environment provider, customer support and analytics. Also when you choose to send a request to a company, this will include your name and surname, as well as the email address. Additionally you may choose to share other information that will enable the company to confirm your identity.

We make great efforts to ensure the best Perosnal Data protection and a secure environment where to deploy our service. We recommend you read our Terms of Use or contact us for any additional information.

DAD’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. The application uses the Gmail API to scan your inbox in order to provide reports regarding what third parties have data about you. You can view a list of companies that you've interacted with, and manage the relation with respect to data protection within the DAD app. The communication is done using the Gmail API. You can find out more at: Google API Services User Data

Persons under 16 years of age

Our services are not intended for users under the age of 16. Children under the age of 16 are prohibited from the use of DAD Services nor provide us with any Personal Data without written consent of a parent or guardian.

Data collection: Personal Data collected and processed by DAD

We collect the Personal data provided to you when you register with us and create your user account. This includes Full Name, Email Address, Country of residence and Email Token.

We need this information to provide you with our services and be able to manage your requests and to be able to address any customer service or support you may require and to be able to remain in contact with you.

We are also processing Personal Data during the review and discovery of your digital footprint from your email Inbox:

  • The sender’s email address
  • The date of the first email message received from a sender
  • The date of the last email message received from a sender.
  • We are never accessing your actual emails or reading the content during this process.

To make the process of reviewing the responses received from companies, you can see the replies and requests sent, directly from the DAD application. We do not collect any of these messages and they are always stored safely in your own Inbox. We simply reflect the relevant threads for your attention in the DAD app.

The purpose of the processing is that we use the Personal Data to perform the duties and obligations to you under our contract and providing you with our services.

Our website is also using some basic Analytics data in relation to the use of our website, which collect information like your IP address and data sent by your device like operating system type, device type, path taken to reach our website, time and date of the current session, directing URL’s, Country of access, Browser type, Preferred Language.

This data is used to enable and improve our services.

We collect online identifiers included in Cookies as per our Cookie Policy available HERE.

We are processing these types of Personal Data to support our legitimate business interests like operating the service, protecting access and data of our users and services and for auditing and tracking usage statistics and website traffic flow.

Some of our legitimate business interests for which Personal Data is used are: to prevent identity theft and other fraudulent activities, to handle customer support requests as well as complaints, to protect our legal rights, for legal purposes that include tax and auditing purposes, to comply with court orders and to respond to mandatory requests from law enforcement agencies.

We do not intentionally collect any data which constitutes Special Categories of Personal Data (like data constituting or revealing racial or ethnic origin, political opinions, religious or spiritual beliefs, trade union membership, genetic and biometric data, health data, data concerning a person’s sexual orientation or sex life) and we urge you not to share any of these types of data with us.

Data collection: Non-Personal Data Processed by DAD

We collect Non-personal data regarding our website and services. This can include the scope of use of our service, how often it is used, pages accessed and viewed, interactions with materials displayed and the types of devices used to access our website and services.

We use this data to develop our website and service, for general analytics and ensuring that our website and services are functioning correctly and also to help prevent fraudulent use and to protect from any other cyber threats.

Use of Personal Data

We use your Personal Data for the following reasons:

  • to provide you access and use of our services;
  • to ensure that our platform and services are working as they should;
  • to prevent attempts to break in our platform and systems or missapropiate use of your Personal Data;
  • where there is a legal obligation imposed on us to do so;
  • to protect our legal rights;

Security of Data

DAD follows industry standard and applicable laws to use physical, technical and process security measures for our services. The measures are aimed at preventing unauthorised access, accidental or unlawfully destruction or data manipulation.

Please be aware that all Internet communications are susceptible to a certain degree to malware, unlawfull interception and monitoring. To this extend we pursue to offer the best level of protection regarding our service and your Personal Data but, like all other online services we cannot fully guarantee the security of data transmitted via our website and services.

If your Personal Data is involved in a data incident we will make all efforts to contain the incident, minimize risks and if required by applicale law, notify you.

International transfer of Personal Data

DAD stores your Personal Data on servers located in the European Union.

Whenever you send a request to access and delete Personal Data that various companies hold on you, you are also sending the details necessary to identify you such as Name and Email Address. This is crucial for the company to be able to service your request.

This type of data transfer is necessary to enable out services and to serve your interests.

Please note that the recepient companies of your access or deletion requests store the Personal Data in various countries, depending on their footprint and infrastructure, and where the data protection regulations and laws may be different that those in your country of residence.

Your consent to this policy implies that you explicitly consent to the transfers described above.

Sharing Personal data with third parties.

DAD shares Personal Data with selected service providers that enable us to provide the best service to our customers.

However, we do not sell, trade or rent your personal data to anyone, nor shall we do so in the future.

Apart from the situations listed above we share your personal data in the following defined situations:

  • With the companies you selected online and instructed them to give you access or delete your Personal Data. The requests you make to the company are sent from your own email address and contain the relevant information to support your request, as well as to support the verification of your identify by the receiver.
  • With third parties in order to comply with the applicable laws and regulations, such as legal or regulatory agencies, administration of justice, in order to protect your or others vital interests, to protect the integrity and security of our services and records, to protect against legal liability, to enforce policies and other types of agreements as well as in the event of a corporate sale, merger or dissolution.

DAD may share non-personal data, statistical and anonymised data for legitimate business purposes without limitation, in accordance with existing legal frameworks.

Third party list

Google Cloud Platform** (GC

GCP is DAD’s Cloud environment.

Our cloud infrastructure is hosted entierly with Google Cloud and our servers are located in Europe. For more information about how Google processes your Personal Data, please visit https://cloud.google.com/security/privacy.

For information about Google’s GDPR provisions please look here: https://cloud.google.com/security/gdpr.

Control of your Personal Data that is beeing collected and processed by DAD.

We take great care in how we handle your Personal Data. With this in mind we made it very easy for you to be able to control it, in your dedicated profile page. We did our best to accomodate all of the various individual rights related to Personal Data that apply to our products and services. In case you want to exercise a right that we need to comply with or ask about information that you were unable to locate in our policies please contact us.

In order to access your personal data collected and processed by DAD you can access your profile page. Alternatively you can also contact us directly.

In order to delete or restrict your personal data collected and processed by DAD you can access your profile page. Alternatively you can also contact us directly.

At any time you can withdraw your consent given to us. Once you do this we will stop processing your Personal Data that is governed by your consent. This may imply that we will need to remove your account and you will no longer be able to use our services.

At any time you can Unsubscribe from our newsletter and marketing materials. Once you make such a request to us we will modify our distribution list within a couple of days. In order to check and modify your email prefferences you can do it in your profile page.

Regarding Data Migration from our service elsewhere you may request this if it is applicable to you by current laws and regulations and is relevent in relation to you and our services. You are entitled to file a complaint with the applicable data protection regulator in connection with concerns you may have about privacy and Personal Data.

If we receive requests from you related to the privacy rights above, we may request certain information to verify your identity and in order to locate your Personal Data.

We will do our best to respond to your requests in a timely manner, not exeeding any deadline defined by applicable law. In some situations we may need an extension period, in accordance with applicable law. If this applies to your requests you will be notified regarding such an extension period, and about the reasons for the delay.

Data Retention

DAD retains your Personal Data for as long as you are a registered user of our services. When you decide to close your account or if we need to remove your account, this will also delete your Personal Data.

This will be reflected in our systems within 30 days of the termination of your account with DAD from the application, and within 60 days from all the back-up instances.

To comply with legal tax and accounting requirements, certain details are stored for the timeframes stipulated in the applicable laws. We also will retain information that we deem necessary for current or expected legal proceedings. The retention of data is kept to a minimal by principle and not stored any longer than needed.

DAD stores Non-Personal data, statistical data or anonymized data without a limitation in time.

Changes and updates

DAD may update the Privacy Policy from time to time. All modification to the Privacy Policy will be visible on our website and we will also notify you by email of such changes.

Any high-impact changes will take effect in 30 days since they are published on our website.

For other types of changes they will take effect in 10 days since they are published on our website.

For any changes due to the modification of laws and applicable regulation, changes may be needed to be implemented in a shorter period of time.

This website stores data such as cookies to enable essential site functionality and performance.