DMCE.ai is operated by [Legal entity name TBC], a company registered in [Country TBC] at [Registered address TBC].

For any privacy question, write to max@dmce.ai. Our Data Protection Officer reads this inbox directly.

We collect four categories of data, and only what we need to operate the service.

• Form data. Name, work email, company name, role, country, current quoting tool, and monthly quote volume - submitted when you book a demo or contact us.
• Account data. User profile, authentication credentials, and team membership information when you become a customer.
• Usage data. Aggregate, pseudonymized product usage that helps us improve the service. We do not sell or disclose this data.
• Customer data. Supplier records, itineraries, pricing rules, and customer-uploaded content. This belongs to you. We process it on your behalf, under contract.

• To operate, secure, and improve the DMCE.ai service.
• To provide customer support and onboarding.
• To bill you and meet our accounting and tax obligations.
• To comply with legal and regulatory requirements.

For account holders and customers, we rely on contract performance (delivering the service you signed up for).

For prospects and visitors, we rely on legitimate interest (operating a B2B website and following up on demo requests) or consent where required by law.

For statutory obligations (e.g. tax, accounting, anti-fraud), we rely on legal obligation.

We use a small list of subprocessors. Each is bound by a Data Processing Agreement.

• Hosting: [Provider TBC] - EU region.
• Email & transactional messaging: [Provider TBC] - EU region where available.
• Analytics: [Provider TBC] - privacy-preserving (no cross-site tracking).
• Payments & invoicing: [Provider TBC].
• Customer support tooling: [Provider TBC].
• CRM: Pipedrive - used internally to manage prospect and customer relationships.

We update this list when subprocessors change. Customers under contract are notified directly. For the current list, email max@dmce.ai.

We host customer data in the European Union. Where data must move outside the EU (e.g. for a subprocessor with global operations), we rely on the European Commission's Standard Contractual Clauses or equivalent transfer mechanisms.

If we cannot meet your data-residency requirement, we will tell you before you sign.

• Form submissions from prospects: 24 months from last contact, then deleted.
• Customer data: for the duration of the contract plus 90 days, after which it is exported and deleted on request.
• Billing and accounting records: retained for the period required by applicable law (typically 5-10 years).
• Backups: rotated on a 30-day cycle.

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Have your personal data deleted.
• Restrict processing or object to it.
• Receive your data in a portable format.
• Lodge a complaint with your supervisory authority.

To exercise any of these rights, email max@dmce.ai. We respond within 30 days.

We use a small number of strictly necessary cookies and a privacy-preserving analytics cookie. We do not use third-party advertising cookies. Full details and opt-out controls are at our cookies notice.

DMCE.ai is a B2B product. We do not knowingly collect personal data from anyone under 16. If you believe a minor has shared personal data with us, contact max@dmce.ai and we will delete it.

We may update this policy as the product, our subprocessors, or regulation changes. Material changes are emailed to active customers at least 30 days before they take effect. The current version is always at /privacy.

Email: max@dmce.ai

Postal address: [TBC]

Data Protection Officer: [Name TBC] · [max@dmce.ai]