
Privacy Policy
Last updated: 3 July 2026
This Policy explains how CARIAKI processes personal data, in line with the General Data Protection Regulation (GDPR). For any privacy question, contact suporte@cariaki.pt.
1. Data controller
The controller for the data described in this Policy is the entity operating CARIAKI, reachable at suporte@cariaki.pt.
2. What data we process
Account data: name, email and authentication credentials.
Operational data you enter: properties, budgets, milestones, photos and documents of works and deals.
Technical data: access logs and a session/analytics identifier for security and Service improvement.
3. Purposes and legal basis
Providing the Service and managing the account (performance of a contract).
Security, fraud prevention and legal compliance (legitimate interest and legal obligation).
Essential Service communications (performance of a contract).
4. Sharing and processors
We use processors for hosting, database, email and payments, who process data on our behalf under data-processing agreements. We do not sell personal data.
5. International transfers
Where data is processed outside the European Economic Area, we ensure appropriate safeguards (e.g. Standard Contractual Clauses).
6. Retention
We keep data while the account is active and for as long as needed to meet legal obligations. Entities are deleted via soft delete and permanently removed per our retention policy.
7. Your rights
You have the right to access, rectification, erasure, restriction, portability and objection, and to lodge a complaint with the Portuguese authority CNPD (www.cnpd.pt). To exercise these rights, contact suporte@cariaki.pt.
8. Security
We apply appropriate technical and organisational measures (per-organisation isolation, access control, encryption in transit). During beta, we recommend not uploading unnecessary sensitive data.