Privacy Policy

Effective Date: January 1, 2025

1. Data Controller Information

This Privacy Policy is provided by:

Martin Krizan
Petrovicka 510/60
79401 Krnov
Czech Republic
Company ID: 76529819
VAT ID: CZ8605075380
Email: [email protected]

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Name and email address
  • Company name (if applicable)
  • Billing address and payment information
  • Phone number (optional)

2.2 Email Data

  • Email metadata (sender, recipient, subject, date)
  • Email attachments you choose to process
  • Email content necessary for document extraction

2.3 Document Data

  • Invoices, contracts, receipts, and other business documents
  • Extracted data from documents (amounts, dates, vendor information)
  • Document categorization and tags

2.4 Usage Data

  • Log data (IP address, browser type, access times)
  • Feature usage statistics
  • Performance metrics

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our services and fulfill our contractual obligations
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud
  • Legal Obligations: To comply with tax, accounting, and other legal requirements
  • Consent: For marketing communications and optional features

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and maintaining our document processing services
  • Processing and organizing your email attachments
  • Extracting and analyzing document information using AI
  • Managing your account and billing
  • Providing customer support
  • Improving our services and developing new features
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations
  • Sending service updates and marketing communications (with consent)

5. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • Service Providers: Cloud storage (AWS), payment processing (Stripe), email services
  • AI Processing: OpenAI for document analysis (data is processed securely and not used for training)
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In case of merger, acquisition, or sale of assets

We never sell your personal data to third parties.

6. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Data is encrypted in transit using TLS/SSL
  • Data is encrypted at rest using AES-256 encryption
  • Access controls and authentication mechanisms
  • Regular security audits and monitoring
  • Secure data centers in the European Union

7. Data Retention

We retain your data for the following periods:

  • Account Data: For the duration of your account plus 30 days after deletion
  • Documents: Until you delete them or for 90 days after account closure
  • Billing Records: 7 years as required by tax laws
  • Support Communications: 2 years after resolution
  • Analytics Data: 24 months

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit processing of your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

9. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA) for processing. We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Additional security measures and safeguards

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functionality (authentication, security)
  • Performance monitoring and analytics
  • User preferences and settings

You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or through our service.

13. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Email: [email protected]
Address: Martin Krizan, Petrovicka 510/60, 79401 Krnov, Czech Republic

You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at www.uoou.cz