1. Who we are
Dominio System LLC (hereinafter "Dominio System", "we", "us" or "the Company") is the data controller responsible for personal data collected through dominiosystem.com and our associated services.
- Legal name: Dominio System LLC
- Entity type: Limited Liability Company (Wyoming, USA)
- Address: 30 N Gould St STE R, Sheridan, WY 82801, United States
- Contact email: support@dominiosystem.com (with subject
[PRIVACY]or[ARCO]for privacy requests) - Website: https://dominiosystem.com
This Privacy Policy explains what data we collect, how we use it, with whom we share it, and what your rights are. It is prepared in compliance with:
- Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) — Mexico
- General Data Protection Regulation (GDPR) — European Union (if applicable)
- Other applicable privacy laws in jurisdictions where we operate
2. Your role and our role
We recognize two distinct relationships:
2.1 When you visit dominiosystem.com or are our direct customer
Dominio System is the data controller of your data.
2.2 When you are a customer and use the platform for your business
- You are the data controller for Contact data (your patients, prospects, customers)
- Dominio System is the data processor that processes that data on your behalf
3. Data we collect
3.1 Account data (when you subscribe)
- Full name
- Phone (optional)
- Business name
- Industry type
- Country / city
- Preferred language
- Billing information (processed by Stripe, not stored by us)
3.2 Platform usage data
- Activity logs within the platform
- Your business configurations (schedules, services, prices)
- Contact data uploaded by you
- Appointments created / cancelled
- WhatsApp conversations processed by ARIA
- Usage and performance metrics
3.3 Automatic technical data
- IP address
- Browser user agent
- Operating system
- Date and time of each session
- Pages visited on dominiosystem.com
- Actions performed (clicks, navigation, etc.)
3.4 Cookies and similar technologies
We use the following categories:
- Essential cookies: necessary for site functionality (session, authentication, language preferences). No consent required.
- Analytics cookies: Google Analytics 4 (GA4) with Consent Mode v2. Activated only with your explicit consent.
- Marketing cookies: currently NOT used. If we add Meta Pixel or Google Ads in the future, we will request your explicit consent.
You can manage your cookie preferences at any time through the consent banner shown on your first visit or from the cookie preferences link in the site footer.
4. Legal bases for processing
We process your data under the following legal bases:
- Contract performance: to provide the Service once you have contracted a subscription
- Consent: for marketing communications, non-essential cookies, and optional data processing
- Legitimate interest: to improve the Service, prevent fraud, ensure security, and develop new features
- Legal obligation: to comply with tax, accounting, anti-money-laundering, and other applicable requirements
5. Purposes of processing
We use your data to:
- Create and maintain your account
- Provide you access to the Service and its features
- Process payments through Stripe
- Send operational communications (confirmations, reminders, incident notifications)
- Send marketing communications (newsletters, product news) — only if you gave explicit consent
- Analyze Service usage to improve it
- Detect and prevent fraud, misuse, or violations of the Terms
- Comply with legal and tax obligations (Form 5472, 1120, etc.)
6. With whom we share your data
We do not sell your personal data. We share data only with:
6.1 Service providers (sub-processors)
| Provider | Function | Country | Data shared |
|---|---|---|---|
| Supabase | Database + authentication | USA / multi-region | Account data, usage data, configurations |
| Vercel | Website hosting | USA / global edge | Technical navigation data |
| Stripe | Payment processing | USA | Billing data, transactions |
| Resend | Email sending | USA | Email, email content |
| Meta Platforms (WhatsApp Business API) | Messaging | USA / global | WhatsApp messages, phone numbers |
| OpenAI | Natural language processing (ARIA) | USA | Conversations to generate responses |
| Google Analytics 4 | Website analytics | USA / global | Anonymized navigation data |
| Sentry | Error monitoring | USA | Technical error logs |
| GitHub | Desktop app hosting | USA | DMG distribution only, no customer data |
All these providers have contractual agreements with Dominio System that guarantee minimum security and privacy standards.
6.2 Authorities
We may share data when:
- Required by court order, subpoena, or competent authority
- Necessary to investigate fraudulent or illegal activities
- Necessary to protect rights, property, or safety of Dominio System, its customers, or third parties
6.3 Acquisitions / Mergers
In case of merger, acquisition, or asset sale, your data may be transferred to the acquiring entity, subject to this Privacy Policy or prior notification with option to cancel.
7. International transfers
Your data is processed primarily on servers located in the United States, where Dominio System LLC is incorporated. If you are in Mexico, Latin America, or another region outside the U.S., your data may be transferred to the U.S. and other countries where our providers operate (always within jurisdictions with adequate data protection frameworks).
If in the future our users include European Union residents, we will ensure GDPR compliance through the corresponding contractual frameworks — including Standard Contractual Clauses (SCCs) already implemented by our main sub-processors (Stripe, OpenAI, Supabase, Vercel, Meta Platforms).
8. Your rights (ARCO in Mexico, GDPR rights in EU)
You have the following rights regarding your personal data:
- Access: know what personal data we have about you
- Rectification: correct inaccurate or incomplete data
- Cancellation / Deletion: request deletion of your data
- Objection: object to certain processing
- Portability (GDPR): receive your data in a structured format
- Restriction (GDPR): restrict processing of your data
- Withdrawal of previously granted consent
How to exercise your rights
Send an email to support@dominiosystem.com with:
- Subject:
[ARCO] Request — [your full name] - Your scanned official ID (INE, passport)
- Specific description of the right you are exercising
- Data to which it applies
We respond within a maximum period of 20 business days from receipt of the complete request. If we deny your request, we will explain the legal grounds.
9. Data retention
We retain your data during:
- Active account: while your subscription is in force
- Cancelled account: 30 additional days to allow recovery upon request
- Accounting / tax data: the period required by law (minimum 5 years in USA for Form 5472+1120 purposes)
- Marketing data: until you withdraw your consent
After these periods, data is permanently deleted or irreversibly anonymized.
10. Information security
We implement the following security measures:
- Encryption in transit: TLS 1.3 in all communications
- Encryption at rest: AES-256 for data stored in Supabase
- Authentication: 2FA mandatory for Dominio System administrators
- Restricted access: only authorized personnel have access to personal data
- Automatic backups: daily, encrypted, 30-day retention
- Audit logs: records of accesses and modifications
- Security testing: periodic vulnerability reviews
While we take these measures, no system is 100% secure. In case of a security incident affecting your personal data, we will notify you within a maximum period of 72 hours from its detection, along with the corrective measures applied.
11. Children's privacy
The Service is NOT directed at persons under 18 years of age. We do not intentionally collect data from minors. If we detect that we have collected data from a minor without verifiable parental consent, we will delete it immediately.
If you are a parent or legal guardian and detect that your minor child has provided data to Dominio System, contact us at support@dominiosystem.com with subject [PRIVACY] Minor for immediate deletion.
12. Automated decisions and profiling
ARIA, our artificial intelligence agent, performs automated processing of WhatsApp conversations to:
- Generate conversational responses
- Qualify Contact purchase intent
- Automatically schedule appointments
- Report your business metrics
These automated decisions have operational (not legal) impact and are always supervised by you as business owner. You can pause or deactivate ARIA at any time from the dashboard.
13. Changes to this Policy
We may update this Privacy Policy. Material changes will be notified by email to active users at least 30 days in advance of their effective date.
The most recent version is always available at dominiosystem.com/privacy-en with its last update date.
14. Contact
For any privacy-related matter or about this Policy:
Email: support@dominiosystem.com
Suggested subject prefixes:
[PRIVACY]— general privacy requests[ARCO]— ARCO rights (Mexico)[GDPR]— GDPR rights (EU)
Postal address: Dominio System LLC, 30 N Gould St STE R, Sheridan, WY 82801, United States
If your request is not satisfactorily addressed, you can file a complaint with:
- INAI (Mexico): National Institute of Transparency, Access to Information and Personal Data Protection — home.inai.org.mx
- GDPR supervisory authority of the EU country where you reside