Privacy Policy

Effective Date
[Insert Date]
Last Updated
[Insert Date]

1. Introduction

This Privacy Policy explains how [Company Name] (“Company”, “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data when you use our website, applications, APIs, and services (collectively, the “Service”).

We process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Data Controller

[Company Legal Name] is the data controller for the personal data processed under this Privacy Policy.

Contact: [Company Legal Name] [Company Address] [Contact Email] [Organization Number]

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Account Information

  • name
  • email address
  • account credentials
  • organization or company name
  • billing details

Usage Data

  • IP address
  • browser type
  • device information
  • operating system
  • log data
  • session activity
  • usage metrics

User Content

  • search queries
  • prompts
  • saved searches
  • uploaded content
  • chat history
  • user notes
  • support requests

Transaction Data

  • subscription plan
  • billing status
  • payment metadata
  • invoices

We do not intentionally collect sensitive personal data unless you explicitly submit it through the Service.

4. How We Use Personal Data

We use personal data to:

  • provide, operate, and maintain the Service
  • create and manage user accounts
  • authenticate users
  • process payments and subscriptions
  • provide customer support
  • improve search quality, system performance, and product functionality
  • monitor usage, detect abuse, and maintain security
  • comply with legal obligations
  • enforce our Terms of Service.

5. Legal Bases for Processing

We process personal data on the following legal bases under GDPR:

Performance of Contract To provide the Service, maintain accounts, and process subscriptions.

Legitimate Interests To improve the Service, maintain security, prevent abuse, analyze usage, and operate our business.

Legal Obligation To comply with tax, accounting, legal, and regulatory obligations.

Consent Where required by law, including for certain cookies or marketing communications.

6. Sharing of Personal Data

We may share personal data with trusted third-party service providers that help us operate the Service, including providers for:

  • cloud hosting and infrastructure
  • authentication
  • analytics
  • payment processing
  • customer support
  • email delivery
  • AI model processing

These providers process personal data on our behalf under contractual safeguards.

We may also disclose personal data:

  • where required by law
  • to enforce legal rights
  • to prevent fraud, abuse, or security threats
  • in connection with a merger, acquisition, or asset sale.

7. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

Where such transfers occur, we implement appropriate safeguards, including Standard Contractual Clauses or equivalent lawful transfer mechanisms.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, including:

  • account data: for as long as your account remains active
  • chat and usage data: as necessary to provide and improve the Service
  • support requests: up to 24 months
  • billing and tax records: as required by applicable law
  • security logs: as reasonably necessary for fraud prevention and system integrity

We may retain limited data longer where required by law or for legitimate legal interests.

9. Your Rights Under GDPR

Subject to applicable law, you have the right to:

  • access your personal data
  • request correction of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to processing
  • request data portability
  • withdraw consent where processing is based on consent
  • lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

10. Cookies and Tracking

We may use cookies and similar technologies to operate the Service, improve functionality, analyze usage, and maintain security.

Where required, we will request consent before placing non-essential cookies.

11. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, disclosure, or alteration.

However, no system can be guaranteed fully secure.

12. Children

The Service is not intended for children under 18, and we do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide reasonable notice through the Service or by other appropriate means.

14. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

[Company Legal Name] [Company Address] [Contact Email] [Organization Number]