PRIVACY POLICY
1. Identity of the Data Controller
The operator of this mobile application and the Data Controller responsible for your personal data is:
RUSU D. DINU-ȘTEFAN PERSOANĂ FIZICĂ AUTORIZATĂ
Registered Office:
Fiscal Registration Code (CUI): 50977819
Trade Registry Number: F2024017646002
Country: Romania
Email for Data Privacy Inquiries: [email protected]
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian Law No. 190/2018.
RUSU D. DINU-ȘTEFAN PERSOANĂ FIZICĂ AUTORIZATĂ
Registered Office:
Fiscal Registration Code (CUI): 50977819
Trade Registry Number: F2024017646002
Country: Romania
Email for Data Privacy Inquiries: [email protected]
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian Law No. 190/2018.
2. Categories of Data We Collect and Processing Purposes
We process personal data to provide, maintain, and improve our application. The data collected is
categorized as follows:
2.1 Automatically Collected Technical Data
When you access our application, we collect certain technical information via Google Firebase and Google Play Services.
Data Points: IP Address (processed ephemerally for geolocation then discarded), Mobile Device IDs (Android Advertising ID / iOS IDFA), App Instance IDs, device model, operating system version, and mobile carrier.
Purpose: To analyze app performance, maintain stability, and understand regional usage trends.
Legal Basis:
Consent (Art. 6(1)(a)): For Analytics identifiers and Advertising IDs. You will be asked for permission upon first launching the app.
Legitimate Interest (Art. 6(1)(f)): For strictly necessary technical diagnostics (Crashlytics) to prevent app crashes and ensure security.
2.2 User-Generated Content and AI Interactions
Our application allows you to interact with Artificial Intelligence models.
Data Points: Text prompts, images, or audio recordings you submit to the AI; the generated responses (completions); metadata associated with your request (timestamps, tokens used); and chat conversation history.
Purpose: To provide the generative AI features requested by you (e.g., answering questions, creating content) and to maintain context for ongoing conversations.
Legal Basis: Contractual Necessity (Art. 6(1)(b))—we cannot perform the service of generating content without processing your input.
2.3 Diagnostic and Crash Data
In the event of an error, we collect crash reports via Firebase Crashlytics.
Data Points: Installation UUID (a random number identifying the installation), stack traces (code status at the time of crash), and device state (battery level, free storage).
Purpose: To identify, reproduce, and fix software defects.
Legal Basis: Legitimate Interest (Art. 6(1)(f)). We have a legitimate interest in ensuring the stability and security of our application. This data is retained for 90 days.
2.1 Automatically Collected Technical Data
When you access our application, we collect certain technical information via Google Firebase and Google Play Services.
Data Points: IP Address (processed ephemerally for geolocation then discarded), Mobile Device IDs (Android Advertising ID / iOS IDFA), App Instance IDs, device model, operating system version, and mobile carrier.
Purpose: To analyze app performance, maintain stability, and understand regional usage trends.
Legal Basis:
Consent (Art. 6(1)(a)): For Analytics identifiers and Advertising IDs. You will be asked for permission upon first launching the app.
Legitimate Interest (Art. 6(1)(f)): For strictly necessary technical diagnostics (Crashlytics) to prevent app crashes and ensure security.
2.2 User-Generated Content and AI Interactions
Our application allows you to interact with Artificial Intelligence models.
Data Points: Text prompts, images, or audio recordings you submit to the AI; the generated responses (completions); metadata associated with your request (timestamps, tokens used); and chat conversation history.
Purpose: To provide the generative AI features requested by you (e.g., answering questions, creating content) and to maintain context for ongoing conversations.
Legal Basis: Contractual Necessity (Art. 6(1)(b))—we cannot perform the service of generating content without processing your input.
2.3 Diagnostic and Crash Data
In the event of an error, we collect crash reports via Firebase Crashlytics.
Data Points: Installation UUID (a random number identifying the installation), stack traces (code status at the time of crash), and device state (battery level, free storage).
Purpose: To identify, reproduce, and fix software defects.
Legal Basis: Legitimate Interest (Art. 6(1)(f)). We have a legitimate interest in ensuring the stability and security of our application. This data is retained for 90 days.
3. Artificial Intelligence and Data Processing
We utilize advanced AI technologies provided by Google Cloud Vertex AI and OpenRouter.
3.1 No Training on User Data
We value your intellectual property and privacy.
Google Vertex AI: We utilize enterprise-grade instances of Google's AI models. According to our agreements with Google, your inputs (prompts) and outputs are not used to train Google's foundation models that are shared with other customers.
OpenRouter: We configure our routing to prioritize "Zero Data Retention" providers. This means your data is processed transiently to generate a response and is not stored by the AI provider for model training purposes.
3.2 Automated Decision Making
The AI features in this app assist you in generating content or obtaining information. The application does not make decisions based solely on automated processing that produce legal effects concerning you (such as credit scoring, employment eligibility, or legal profiling).
3.1 No Training on User Data
We value your intellectual property and privacy.
Google Vertex AI: We utilize enterprise-grade instances of Google's AI models. According to our agreements with Google, your inputs (prompts) and outputs are not used to train Google's foundation models that are shared with other customers.
OpenRouter: We configure our routing to prioritize "Zero Data Retention" providers. This means your data is processed transiently to generate a response and is not stored by the AI provider for model training purposes.
3.2 Automated Decision Making
The AI features in this app assist you in generating content or obtaining information. The application does not make decisions based solely on automated processing that produce legal effects concerning you (such as credit scoring, employment eligibility, or legal profiling).
4. Data Recipients and International Transfers
To operate this application, we share data with the following third-party service providers
("Processors"):
Hetzner Online GmbH
Role & Location: Cloud Infrastructure & Hosting (Germany/Finland)
Safeguards for Transfer: Data Processing Agreement (DPA) and hosting within the EU (GDPR compliant).
Google Ireland Limited / Google LLC
Role & Location: Cloud Infrastructure, Analytics, AI Services (USA/EU)
Safeguards for Transfer: EU-U.S. Data Privacy Framework (Adequacy Decision) and Standard Contractual Clauses (SCCs).
OpenRouter (OpenRouter, Inc.)
Role & Location: AI Model Gateway (USA)
Safeguards for Transfer: Standard Contractual Clauses (SCCs).
Sub-processors via OpenRouter
Role & Location: AI Model Providers (e.g., Anthropic, OpenAI)
Safeguards for Transfer: Data is routed based on user selection; safeguarded by OpenRouter's data processing agreements.
International Transfers: Your data may be transferred to the United States. We rely on the EU-U.S. Data Privacy Framework for transfers to Google. For other transfers, we implement Standard Contractual Clauses approved by the European Commission to ensure your data remains protected to GDPR standards.
Hetzner Online GmbH
Role & Location: Cloud Infrastructure & Hosting (Germany/Finland)
Safeguards for Transfer: Data Processing Agreement (DPA) and hosting within the EU (GDPR compliant).
Google Ireland Limited / Google LLC
Role & Location: Cloud Infrastructure, Analytics, AI Services (USA/EU)
Safeguards for Transfer: EU-U.S. Data Privacy Framework (Adequacy Decision) and Standard Contractual Clauses (SCCs).
OpenRouter (OpenRouter, Inc.)
Role & Location: AI Model Gateway (USA)
Safeguards for Transfer: Standard Contractual Clauses (SCCs).
Sub-processors via OpenRouter
Role & Location: AI Model Providers (e.g., Anthropic, OpenAI)
Safeguards for Transfer: Data is routed based on user selection; safeguarded by OpenRouter's data processing agreements.
International Transfers: Your data may be transferred to the United States. We rely on the EU-U.S. Data Privacy Framework for transfers to Google. For other transfers, we implement Standard Contractual Clauses approved by the European Commission to ensure your data remains protected to GDPR standards.
5. Data Retention
We retain your personal data only for as long as necessary:
Crash Reports: Deleted automatically after 90 days.
Analytics Data: Retained for 14 months (or 2 months, depending on user settings) to allow for year-over-year analysis, then automatically deleted.
AI Inputs: We store your chat prompts and conversation history on our servers to allow you to review past conversations and maintain context. This data is retained until you delete it or your account.
User Account Data: Retained until you request deletion of your account.
Crash Reports: Deleted automatically after 90 days.
Analytics Data: Retained for 14 months (or 2 months, depending on user settings) to allow for year-over-year analysis, then automatically deleted.
AI Inputs: We store your chat prompts and conversation history on our servers to allow you to review past conversations and maintain context. This data is retained until you delete it or your account.
User Account Data: Retained until you request deletion of your account.
6. Your Rights under GDPR
You have the following rights regarding your personal data:
Right to Withdraw Consent: You may withdraw your consent for Analytics or Ads at any time via the app settings.
Right of Access: You can request a copy of the data we hold about you.
Right to Erasure ("Right to be Forgotten"): You may request the deletion of your account and all associated data. Note that for crash reports, linked via Installation UUID but otherwise anonymous, usually expire automatically after 90 days. If you can provide the UUID, we can manually delete them sooner.
Right to Rectification: You can correct inaccurate personal data.
Right to Object: You have the right to object to processing based on legitimate interest.
Right to Portability: You may request your data in a structured, machine-readable format.
To exercise these rights, please contact us at: [email protected]. We will respond to your request within 30 days.
Right to Withdraw Consent: You may withdraw your consent for Analytics or Ads at any time via the app settings.
Right of Access: You can request a copy of the data we hold about you.
Right to Erasure ("Right to be Forgotten"): You may request the deletion of your account and all associated data. Note that for crash reports, linked via Installation UUID but otherwise anonymous, usually expire automatically after 90 days. If you can provide the UUID, we can manually delete them sooner.
Right to Rectification: You can correct inaccurate personal data.
Right to Object: You have the right to object to processing based on legitimate interest.
Right to Portability: You may request your data in a structured, machine-readable format.
To exercise these rights, please contact us at: [email protected]. We will respond to your request within 30 days.
7. Competent Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with the Romanian
Supervisory Authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: www.dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod poștal 010336, București, Romania.
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: www.dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod poștal 010336, București, Romania.
Last modified: January 2026