Privacy Policy
Last updated: March 7, 2026
1. Introduction
DIO Digital E-Commerce Services LLC ("the Company"), located at 30 North Gould Street, Sheridan, WY 82801, United States, operates MandrakeCRM ("the Service"), a CRM and marketing platform for e-commerce stores.
This Privacy Policy describes how we collect, use, store, and protect personal data when you visit our website or use our Service.
2. Data we collect
On this website (landing page)
We only use strictly necessary functional cookies for the website to operate. We do not collect personal data or use tracking or advertising cookies.
On the Service (SaaS platform)
When you use MandrakeCRM, we process data from your online store, including: end customer information (name, email, purchase history), order and product data, and marketing campaign metrics. This data is processed on your behalf as a data processor.
3. How we use data
The data we process is used exclusively for:
- Providing and maintaining the Service
- Sending email marketing campaigns configured by you
- Customer segmentation and communication personalization
- Generating analytics and recommendations for your store
- Executing marketing automations
- Technical support and service communications
4. Legal basis (LGPD)
We process data under the following legal bases of the Lei Geral de Proteção de Dados (LGPD):
- Legitimate interest: for strictly necessary functional cookies
- Consent: when the user accepts cookie usage
- Contract performance: to provide the contracted service
5. Our role as data processor
MandrakeCRM acts as a Data Operator (processor) under the LGPD. The online store owner who contracts our Service is the Data Controller of their end customers.
We process end customer data exclusively according to the Controller's instructions and for the purposes established in the service agreement.
6. Third parties
To provide the Service, we use third-party providers for infrastructure, payment processing, and email delivery. These providers are contractually bound to protect data and process it only according to our instructions.
7. International data transfers
Data may be processed on servers located outside your country of residence. We ensure all international transfers comply with appropriate security safeguards under applicable law.
9. Data retention
Without an active plan: data is deleted immediately upon cancellation or trial period expiration.
With an active plan: data is retained for the duration of the plan and deleted at the end of the paid billing period.
10. Data subject rights
Under the LGPD (articles 17-18) and GDPR, you have the right to:
- Access your personal data
- Correct incomplete or inaccurate data
- Request deletion of your data
- Data portability to another provider
- Object to the processing of your data
- Revoke consent previously given
To exercise any of these rights, contact support@mandrakecrm.com.
11. Security
We implement technical and organizational security measures, including data encryption in transit and at rest, role-based access controls, and continuous monitoring of our systems.
12. Minors
The Service is intended exclusively for users aged 18 and older. We do not knowingly collect data from minors.
13. Contact
For questions about this Privacy Policy or the processing of your data:
Email: support@mandrakecrm.com
DIO Digital E-Commerce Services LLC, 30 North Gould Street, Sheridan, WY 82801, United States.
14. Changes to this policy
We reserve the right to update this Privacy Policy. We will notify you of material changes through our website or by email.