1. Who we are
DAPITA LTD ("DAPITA", "we", "us") is a software company registered in the United Kingdom under Companies House number 16634395, with its registered office at 71-75 Shelton Street, London WC2H 9JQ. We are the data controller for personal data processed through our website (dapita.net) and our products.
Contact for data protection matters: info@dapita.net.
2. Data on dapita.net
This website uses a 4-category GDPR cookie consent banner on first visit. You can accept all, reject all, or customize each category individually. See our full Cookie Policy for details.
The four categories are:
- Necessary (always on) โ session, security, basic preferences. Includes the cookie-consent record itself and CSRF protection.
- Analytics (opt-in) โ anonymous usage statistics. We do not track individuals across sites.
- Marketing (opt-in) โ relevant advertising and campaign measurement.
- Preferences (opt-in) โ remember theme, language and other choices.
Your consent record is stored in localStorage["dapita_cookies_v1"] as a timestamped JSON object. You can change preferences anytime via the Cookie preferences link in our footer.
3. Data in DAPITA Auth (account registration)
When you create an account in the DAPITA ecosystem (via auth.dapita.net), we process the following:
- Account identifier: an anonymized internal ID. The registration API itself is anonymized.
- Email address: only if you provide it (used for account recovery, security alerts, and product communications).
- Phone number: only if you provide it (used for two-factor authentication and account recovery).
- Language preference: stored to deliver the interface in your language.
- Session cookie: a server-issued session identifier required for you to remain logged in. This cookie is essential โ without it, login is technically impossible.
- Authentication factors: hashed passwords (Argon2id), passkey public keys, TOTP secrets โ all encrypted at rest using AES-256 via HashiCorp Vault.
- Audit logs: records of login events, IP addresses, and security-relevant actions. Retention varies by plan (15โ90 days).
We do not sell, rent, or share this data with third parties for marketing.
4. Data in our products
Each product (Core, BaaS, Algo, Security) has its own privacy considerations. In summary:
- DAPITA Core is self-hosted on your own server. We do not have access to data inside your Core installation. License validation is the only call your Core makes to our servers.
- DAPITA BaaS processes API requests you make. We log API key usage, request metadata (timestamp, endpoint, IP), and response status for billing and abuse prevention. We do not log request bodies or response payloads.
- DAPITA Algo stores your chats, files, and project data on our servers. Encryption at rest is available on paid plans. AI prompts may be sent to third-party AI providers (OpenAI, Anthropic, Google, etc.) โ please review their privacy policies separately.
- DAPITA Security details are in section 3 above.
5. Legal basis (UK GDPR)
We process personal data on the following lawful bases:
- Contract: to provide the services you sign up for.
- Legitimate interest: security monitoring, abuse prevention, and service improvement.
- Consent: for any optional communications and for analytics, marketing or preferences cookies you opt into.
- Legal obligation: tax records, law enforcement requests with valid legal basis.
6. Your rights
Under UK GDPR you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Export your data in a portable format
- Object to processing
- Withdraw consent at any time
- Lodge a complaint with the UK Information Commissioner's Office (ICO)
To exercise any of these rights, contact info@dapita.net. We respond within 30 days.
7. Data retention
We retain personal data only as long as necessary for the purpose it was collected, plus any legally required retention periods (typically 6 years for tax records). Account data is deleted within 30 days of account closure, except where retention is required by law.
8. International transfers
Our infrastructure is primarily hosted in the European Union and the United Kingdom. Where data is processed outside the UK/EU (for example, by AI providers in DAPITA Algo), transfers are made under appropriate safeguards (Standard Contractual Clauses or adequacy decisions).
9. Changes to this policy
We may update this policy. The Last updated date at the top reflects the most recent version. Material changes will be communicated by email to registered users.
10. Contact
Email: info@dapita.net
Phone: +44 20 4577 0719
Post: DAPITA LTD, 71-75 Shelton Street, London WC2H 9JQ, United Kingdom (Companies House 16634395).
UK supervisory authority: Information Commissioner's Office (ICO).