Privacy Policy

1. Data Controller

The controller of your personal data is Breezaro s.r.o., ID: 23465344, Address: Zborovská 2049/27, 616 00 Brno, Czech Republic.

Contact email for data protection matters: info@breezaro.com.

2. What Data We Collect and Why

a) Data you provide during registration: Email address, name, password (always securely hashed). The purpose is to create and manage your account based on the performance of a contract (legal basis: performance of a contract, Art. 6(1)(b) GDPR).

b) Data collected automatically: IP address, browser type, cookies, and usage data. The purpose is to ensure the functionality and security of the Service based on our legitimate interest (legal basis: legitimate interests, Art. 6(1)(f) GDPR).

c) We use Microsoft Clarity to improve our products by analyzing how users interact with our website. Microsoft Clarity collects data such as mouse movements, clicks, scrolls, and page usage to provide insights via heatmaps and session recordings. This data is collected and processed only if you have explicitly given your consent to the use of cookies for analytics purposes. You can withdraw your consent at any time.

d) For more information on how Microsoft Clarity handles your data, please visit their privacy policy at https://privacy.microsoft.com/privacystatement.

e) Transactional and operational communication: We use your email address to send messages directly related to your account and the provision of the Service, such as welcome emails, onboarding guidance, account updates, and technical notifications. The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR). These communications are not marketing messages and are essential for delivering the Service you have requested.

f) Uploaded files: As part of using the Service, you may upload documents (including but not limited to PDF, DOCX, TXT, and MD formats) to train and customize your Chatbot’s responses. These files are stored securely and processed to extract relevant content for the chatbot functionality. For the purpose of generating responses, parts of the file content may be transmitted to our AI model providers (such as OpenAI or Google Gemini) for processing. The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR). You are responsible for ensuring that any data you upload complies with applicable laws and that you have the necessary rights and permissions to provide such data. Data may be processed on servers located in the European Union and/or the United States.

3. File processing, retention and use by third-party AI providers

If you upload or otherwise provide files (including documents, images, or other data) to our Service, these files will be processed to provide the requested AI-based functionality (e.g. to allow the Chatbot to answer questions based on your content).

Files and/or extracted content may be temporarily transmitted to third-party AI service providers such as OpenAI and Google Cloud (Google Gemini) for the sole purpose of processing and generating responses. The transfer is limited to the minimal data required for processing.

We do not use uploaded files or their content to train or improve third-party AI models unless we explicitly notify you and obtain your separate consent.

Default retention periods (examples; configurable in your Account): uploaded files are retained for 365 days by default from upload, conversational logs are retained for 90 days by default, and account metadata is retained for the lifetime of the account unless deletion is requested. Aggregated or anonymized usage statistics may be kept longer for product improvement.

You may request deletion of uploaded files or other personal data at any time by contacting support (info@breezaro.com) or via account settings. After deletion request, we will delete the files from production storage within the stated retention window; residual copies may persist in backups for a limited period (up to 365 days).

4. Subprocessors and third-party recipients

We use third-party subprocessors to provide and operate the Service. This includes, but is not limited to:

• OpenAI, Inc. (USA) — AI model processing. Privacy policy: https://platform.openai.com/docs/privacy-policy

• Google LLC / Google Cloud (USA/EU) — AI model processing (Gemini) and cloud infrastructure. Privacy policy: https://policies.google.com/privacy

• Amazon Web Services (AWS) — file/object storage and hosting (if applicable). Privacy policy: https://aws.amazon.com/privacy/

We will update the list of subprocessors as needed. Where data is transferred to subprocessors outside the EEA, we will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on an adequacy decision (e.g., EU-US Data Privacy Framework) where applicable.

5. International transfers

Processing of personal data may involve transfers to and storage in countries outside the European Economic Area (EEA), including the United States. Where transfers to third countries occur, we rely on appropriate safeguards (such as Standard Contractual Clauses or other mechanisms recognized under EU data protection law) to ensure an adequate level of protection.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Such measures include TLS/SSL for data in transit, encryption at rest where applicable, role-based access controls, logging, and regular security reviews.

Access to personal data is limited to authorized personnel who need access to perform their job functions and is governed by internal policies and contractual confidentiality obligations.

7. Your Rights under GDPR

You have the following rights with respect to your personal data:

• Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of such data.

• Right to rectification: You can request correction of inaccurate personal data.

• Right to erasure ('right to be forgotten'): You can request deletion of your personal data, subject to legal retention obligations and the procedures described above.

• Right to restriction of processing: You can request the restriction of processing in certain circumstances.

• Right to data portability: You can request export of your personal data in a commonly used machine-readable format.

• Right to object: You can object to processing based on our legitimate interests where applicable.

To exercise any of these rights, contact us at info@breezaro.com. You also have the right to lodge a complaint with a supervisory authority (in the Czech Republic: the Office for Personal Data Protection).

8. Automated decision making and profiling

The Service uses AI models to provide chatbot responses and to assist in generating content. These processes may involve automated processing but do not normally produce legal effects concerning Users nor similarly significantly affect them. If we introduce automated decision-making that has a legal or similarly significant effect, we will provide additional information and, where required, obtain explicit consent.

9. Email communication and marketing

We use your email address to send transactional and operational messages necessary for providing the Service (welcome emails, password resets, billing and account notices). These communications are based on the performance of the contract (Art. 6(1)(b) GDPR).

Marketing communications (newsletters, promotions) will only be sent with your prior explicit consent. You may withdraw consent or unsubscribe from marketing communications at any time by using the unsubscribe link in marketing emails or via your account settings.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and via a notification in the Service. The updated policy will indicate the effective date. Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

11. Contact

If you have any questions concerning this Privacy Policy or wish to exercise your rights, contact us at info@breezaro.com.