Privacy Policy

1. What is the Privacy Policy and what does it cover?

This Privacy Policy explains how Purcoll collects, uses, stores, protects, and shares personal data when you:

• Visit our website
• Use our products and services
• Register for an account
• Subscribe to our services
• Contact our customer support
• Engage with our communications

This policy covers all personal data that you provide to us directly or that we collect automatically through your interactions with our service. It also explains your rights regarding your personal data and how you can exercise those rights.

This Privacy Policy does not cover:

• Information collected by third-party websites that may be accessed through links on our Service
• Information collected by third-party applications that integrate with our Service but have their own privacy policies

We encourage you to read this Privacy Policy carefully to understand our practices regarding your personal data.

2. What information do we collect?

Personal data you provide directly

We collect the following personal data that you provide directly to us:

• Account information: When you create an account, we collect your name, email address, and password as well as language and country.
• Profile information: Any additional information you choose to add to your profile, such as profile picture, job title, or organization.
• Payment information: When you subscribe to our paid services, we collect payment details, billing address, and transaction history. Payment processing is handled by Stripe, and we do not store your complete payment card details.
• Communication data: Information you provide when contacting our customer support, responding to surveys, or subscribing to our newsletter.
• User content: Information you input when using our AI Assistant, including queries, prompts, and any files you upload for processing.

Data we collect automatically

When you use our products and services, we automatically collect:

• Usage data: Information about how you interact with our products and services, including features used, time spent, and actions taken.
• Conversation history: Records of your interactions with our AI services to provide continuity in conversations.
• Technical data: IP address, browser type and version, operating system, device information, time zone setting, and location data.
• Log data: Server logs, error reports, and performance data.
• Cookies and similar technologies: Information collected through cookies and similar technologies as described in our Cookie Policy.

Data from third parties

We may receive information about you from:

• Business partners: Information shared by our business partners with whom you have a relationship.
• Public sources: Publicly available information that may be relevant to our Service.

Special categories of personal data

Our products and services are not designed to collect or process special categories of personal data (such as health information, political opinions, religious beliefs, etc.). We recommend that you do not share such information with our products and services.

Children's data

Our products and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.

3. How do we collect your information?

We collect your information through various methods:

Direct collection

• When you create an account or register for our services
• When you input information into our products and services
• When you complete forms on our website
• When you subscribe to our newsletter or marketing communications
• When you contact our customer support
• When you participate in surveys or provide feedback

Automated collection

• Through cookies and similar tracking technologies
• Through server logs and analytics tools
• Through interaction logs
• Through usage monitoring of our services

Third-party sources

• From our business partners with your consent
• From publicly available sources
• From payment providers for payment processing information

AI-specific collection

Our AI products and services, powered by external models, process the content of your conversations to:

• Understand and respond to your queries
• Improve the relevance and accuracy of responses
• Maintain conversation context
• Learn from interactions to enhance service quality

All AI processing is done in accordance with the EU AI Act requirements, including transparency, risk assessment, and human oversight.

4. How do we use your information?

We use your personal data for the following purposes:

Providing and improving our Products and services

• To deliver the core functionality of our products and services
• To process and complete your payment transactions
• To authenticate your identity and maintain your account
• To personalize your experience based on your preferences
• To analyze usage patterns and optimize our products and services
• To develop new features and services
• To maintain the security and integrity of our services

Communications

• To respond to your inquiries and support requests
• To send service-related announcements and updates
• To provide information about features, updates, and changes
• To send marketing communications if you've opted in
• To conduct surveys and collect feedback

Legal and compliance

• To comply with legal obligations
• To enforce our Terms of Service
• To detect, prevent, and address fraud, security issues, or technical problems
• To protect the rights, property, or safety of Purcoll, our users, or the public

AI-specific processing

• To train and improve our AI models (with appropriate anonymization)
• To monitor for biases and discriminatory outputs
• To ensure compliance with the EU AI Act requirements
• To provide human oversight of AI operations

Analytics and business intelligence

• To generate aggregated, non-identifying analytics about service usage
• To measure the effectiveness of our marketing campaigns
• To understand user behavior and preferences
• To improve business operations

5. How do we share information with third parties?

We may share your personal data with the following categories of recipients:

Service providers

We share information with third-party service providers who help us operate, provide, and improve our Service:

• Cloud infrastructure: Our partners host our services with data centers located in Europe to ensure data locality.
• AI technology: We use AI models from reliable and security oriented partners to power our AI services.
• Payment processing: We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its Privacy Policy.
• Analytics: Services that help us understand user behavior and improve our Service.
• Customer support: Tools that enable us to provide customer assistance.
• Email and communication: Services that help us communicate with you.

All service providers are contractually obligated to use your personal data only for the purposes of providing services to us and in compliance with applicable data protection laws.

Legal requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

With your consent

We may share your personal data with third parties when you have given us your consent to do so.

6. How do we transfer information?

Purcoll is based in the European Union, and we primarily process and store your data within the EU. However, some of our service providers may be located outside the European Economic Area (EEA).

When we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data:

Adequacy decisions

Where possible, we transfer data to countries that have been recognized by the European Commission as providing adequate protection for personal data.

Standard contractual clauses

For transfers to service providers in countries without an adequacy decision, we implement the Standard Contractual Clauses approved by the European Commission.

Additional safeguards

We implement additional technical and organizational measures to ensure that your data is protected according to EU standards, even when processed outside the EEA.

Specific transfer mechanisms

• Storage: Our data is exclusively hosted in European data centers, ensuring data locality within the EU.
• AI processing: Processing is conducted in compliance with EU data protection requirements, with appropriate data transfer mechanisms in place.
• Payment processing: Transfers payment data with appropriate safeguards as outlined in Stripe's Global Privacy Policy.

7. What is our legal basis for processing your information, and what are your rights?

Legal bases for processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Performance of a contract: Processing necessary to provide you with our services as outlined in our Terms of Service.
• Legitimate interests: Processing necessary for our legitimate interests, such as improving our products and services, ensuring security, and marketing our services, provided these interests are not overridden by your rights and freedoms.
• Consent: Processing based on your specific consent, such as for marketing communications or certain types of cookies.
• Legal obligation: Processing necessary to comply with our legal obligations.
• Vital interests: In rare cases, processing necessary to protect someone's life.

Your rights

Under the GDPR and applicable data protection laws, you have the following rights:

• Right to access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete personal data.
• Right to erasure: You can request deletion of your personal data in certain circumstances.
• Right to restrict processing: You can request restriction of processing of your personal data in certain circumstances.
• Right to data portability: You can request a copy of your personal data in a structured, machine-readable format and transfer it to another controller.
• Right to object: You can object to processing based on legitimate interests, including profiling, and for direct marketing purposes.
• Right to withdraw consent: You can withdraw consent where processing is based on consent at any time.
• Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise your rights, please contact us using the contact information provided in Section 10. We will respond to your request within one month, with the possibility of extending this period by two additional months if necessary, due to the complexity or number of requests.

Complaints

If you have concerns about our data processing, please contact us first. You also have the right to lodge a complaint with a supervisory authority in the EU member state where you reside.

8. How long do we keep your information for?

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable laws. The specific retention periods depend on the nature of the information and the purposes for which it is used.

Retention periods

• Account information: We retain your account information for as long as your account is active, plus a reasonable period thereafter to handle any account-related inquiries.
• Conversation history: We retain your conversation history with our AI Assistant for 12 months to provide service continuity and improve our AI models.
• Payment information: We retain payment information as required by tax and accounting laws, typically 7 years.
• Usage data: We retain usage data for 24 months to analyze trends and improve our products and services.
• Communication data: We retain customer support communications for 24 months to ensure continuity of service.
• Marketing preferences: We retain your marketing preferences until you withdraw your consent or request deletion.

Data deletion

When personal data is no longer needed, we securely delete or anonymize it. If you request deletion of your personal data, we will delete or anonymize it in accordance with applicable laws, unless we are required to retain certain information for legal or legitimate business purposes.

Backup retention

For disaster recovery purposes, we maintain backups of our systems, which may contain your personal data. These backups are retained for a limited period and are securely deleted according to our backup retention schedule.

9. How will you know that the Policy has changed?

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this Privacy Policy.

For significant changes that materially alter your rights or our obligations, we will provide notice through:

• A prominent notice on our website
• Direct communication, such as email notification (for registered users)
• In-app notifications

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our products and services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

10. How to contact Purcoll?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For general inquiries or customer support, please contact:

We are committed to addressing your concerns and will respond to your inquiry as soon as possible, and in any event, within the timeframes required by applicable law.