DMM Infinity
Legal

Legal

Privacy Policy

Infosistema DMM Infinity — AI-Powered Data Management Platform for Low-Code Ecosystems

Effective: May 21, 2026INFOSISTEMA, SISTEMAS DE INFORMAÇÃO, S.A.

This Privacy Policy explains how INFOSISTEMA, SISTEMAS DE INFORMAÇÃO, S.A. (hereinafter "Infosistema", "we", "us") collects, uses, stores, and protects personal data when you use the DMM Infinity platform and related services. DMM Infinity is an AI-powered data management platform for low-code ecosystems, helping organizations migrate, transform, classify, and govern data across OutSystems, Mendix, and other low-code environments.

1. Controller Identification

INFOSISTEMA, SISTEMAS DE INFORMAÇÃO, S.A., a company incorporated under Portuguese law, with NIF 502 081 631, headquartered at Rua de Salazares 842, 4149-002 Porto, Portugal, is the data controller responsible for the processing of personal data collected through the DMM Infinity platform.

For users in the United States, the relevant entity is Infosistema Inc., incorporated in Delaware.

2. Data We Collect

2.1 Account Data

When you create a DMM Infinity account or subscribe to our services, we collect:

  • Full name, email address, and job title
  • Company name, website, and company size
  • Low-code platform context (OutSystems, Mendix, or other) declared during onboarding
  • Billing and payment information (processed by our payment provider)
  • Phone number (optional, when provided via contact forms)

2.2 Platform Usage Data

When you use the DMM Infinity platform, we collect:

  • Migration job and pipeline activity (created, executed, completed, failed)
  • Environment connections, agent registrations, and connector usage
  • Feature usage patterns (e.g., classification runs, schema-mapping suggestions accepted/rejected)
  • API usage and CLI/MCP server activity metrics
  • Performance telemetry (job duration, throughput, error rates)

2.3 Customer Data

Customer Data refers to the data you connect to or migrate through DMM Infinity, including source/target environment metadata, schemas, transformation rules, ontology definitions, classification results, and the records processed during migration jobs. You retain full ownership of your Customer Data. We process it solely to provide the DMM Infinity service to you and do not use it for any other purpose. Where migration jobs handle personal data of your customers or end-users, you remain the controller of that data and we act as your processor under a Data Processing Agreement.

2.4 Technical Data

  • IP address, browser type, operating system
  • Device identifiers and session information
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. Purposes of Processing

We process personal data for the following purposes:

  • Service delivery — providing, maintaining, and improving the DMM Infinity platform, including migration, transformation, classification, and AI-assisted features
  • Account management — creating and managing your account, processing subscriptions and billing
  • Communication — sending service notifications, job-completion alerts, support responses
  • Analytics — understanding how the platform is used to improve features, accuracy of AI suggestions, and performance
  • Security — detecting and preventing fraud, unauthorized access, and abuse of the platform or APIs
  • Legal compliance — fulfilling legal obligations, responding to lawful requests
  • Marketing — with your consent, sending product updates, ecosystem news (OutSystems, Mendix), and relevant content (you can opt out at any time)

4. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR:

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the DMM Infinity service under your subscription agreement
  • Legitimate interest (Art. 6(1)(f)) — analytics, security, AI-model improvement, and service evolution, balanced against your privacy rights
  • Consent (Art. 6(1)(a)) — marketing communications and non-essential cookies
  • Legal obligation (Art. 6(1)(c)) — compliance with applicable laws and regulations

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above:

  • Account data — retained during your active subscription and for 30 days after termination to allow data export
  • Customer Data — deleted within 60 days of account termination, unless you request earlier deletion or a Data Processing Agreement specifies otherwise
  • Migration job logs and metadata — retained for up to 90 days after job completion for audit and troubleshooting, then anonymized or deleted
  • Usage data — retained in anonymized/aggregated form for analytics (no longer personally identifiable)
  • Legal records — retained as required by applicable law (typically 5–10 years for financial records)

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers — cloud infrastructure (Google Cloud Platform), payment processing, email delivery, analytics providers (Google Analytics), advertising platforms (Meta/Facebook, LinkedIn) — all bound by data processing agreements
  • AI sub-processors — large language model providers used for schema-mapping suggestions, classification, and transformation hints. We do not send Customer Data to LLMs without your explicit configuration; metadata and schema structure may be sent depending on the feature, as described in the platform documentation
  • Low-code platform partners — official integration partners (OutSystems, Mendix) for technical interoperability, with no Customer Data shared without your authorization
  • Affiliated companies — within the Infosistema / Joyn Group corporate family, for internal administration purposes
  • Legal authorities — when required by law, regulation, or valid legal process
  • Business transfers — in connection with a merger, acquisition, or sale of assets (with notice to affected users)

7. International Transfers

DMM Infinity's infrastructure is hosted on Google Cloud Platform in the EU (europe-west1, Belgium) for non-US customers and in the US (us-central1, Iowa) for US customers. When personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data processing agreements with all sub-processors

8. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls with role-based permissions and per-environment scoping
  • Outbound HTTPS-only architecture between the on-premises agent and the DMM Infinity service — no inbound connectivity required to your low-code environments
  • Regular security audits and vulnerability assessments
  • Incident response procedures with breach notification within 72 hours (GDPR requirement)
  • ISO 27001 security practices as reference framework

9. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest or for direct marketing
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at privacy@infosistema.com. We will respond within 30 days. For complex or numerous requests, this period may be extended by up to 60 additional days, in which case we will notify you of the extension and reasons within the initial 30-day period.

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at www.cnpd.pt, or with your local supervisory authority.

9.1 Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following additional rights regarding your personal information:

  • Right to know — you have the right to know the categories of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it
  • Right to delete — you have the right to request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to opt-out of sale — DMM Infinity does not sell or share personal information for cross-context behavioral advertising
  • Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, contact us at privacy@infosistema.com.

9.2 Automated Decision-Making

DMM Infinity uses AI-powered features for schema mapping, data classification, transformation suggestions, and migration plan recommendations. These features serve as decision-support tools and do not make automated decisions with legal or similarly significant effects on individuals. All AI-generated suggestions require human review and explicit user approval before being applied to a migration job.

10. Children's Privacy

DMM Infinity is a business-to-business platform and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through the platform at least 30 days before they take effect. The "Effective" date at the top of this page indicates the latest revision.

12. Contact Information

For questions about this Privacy Policy or our data practices: