The IA works, you rest.
Privacy Policy Effective date: 04.10.2025 Ipsoia (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you visit our website and when you contact us about our AI-powered automation solutions for service businesses. For the purposes of EU/EEA data protection law (GDPR), Ipsoia is the data controller for personal data described in this notice, unless stated otherwise. When we process personal data on behalf of our business customers via our products, we act as a data processor and our processing is governed by a Data Processing Agreement (DPA) with the relevant customer. 1) What data we collect We collect and process the following categories of personal data: Identification & contact data: name, email address, phone number, country/time zone, language preference. Communications: content of messages you send us (e.g., form submissions, emails, chat transcripts), meeting notes, and related metadata. Commercial data: records of inquiries, proposals, contracts, invoices, service usage context, and account configuration. Usage & technical data (website/app): IP address, device and browser type, operating system, referral source, pages viewed, time on page, clicks, approximate location (city/country), and cookie identifiers. Cookies and similar technologies: please see Cookies & similar technologies below. Content processed by our AI features (if you demo or use our tools on the website): text prompts, uploaded files, images/screenshots, transcriptions, classifications, and derived outputs. Sensitive data: we do not seek to collect special category data. Please avoid submitting it through our website. If your use case requires processing such data, it must be governed by a written DPA and appropriate safeguards. We obtain data directly from you, automatically from your device when you browse our site, and, where lawful, from third-party sources (e.g., professional networking sites, publicly available business registers, or referrals). 2) Purposes and legal bases We process personal data only where a lawful basis applies: Provide and operate the website; respond to inquiries; schedule calls Legal bases: Contract (Art. 6(1)(b) GDPR) where we discuss or perform services at your request; Legitimate interests (Art. 6(1)(f)) to operate a secure, functional site. Marketing and newsletters (B2B) Legal bases: Consent (Art. 6(1)(a)) where required; Legitimate interests (Art. 6(1)(f)) for relevant B2B outreach, with an easy opt-out. Analytics and service improvement Legal bases: Consent (Art. 6(1)(a)) for non-essential cookies/analytics; Legitimate interests (Art. 6(1)(f)) for aggregated, privacy-preserving measurements necessary to understand performance. Security, fraud prevention, and debugging Legal bases: Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c)) where applicable. Compliance with law and enforcement requests Legal basis: Legal obligation (Art. 6(1)(c)). Product demos and AI features on the site (e.g., chat assistant) Legal bases: Contract (to provide the requested demo) and Legitimate interests (to ensure quality and prevent abuse). We do not use your demo inputs to train our general models unless we have your explicit consent or a DPA states otherwise. Where we rely on consent, you may withdraw it at any time via our cookie banner/settings or by contacting us. Withdrawing consent does not affect prior lawful processing. 3) Automated decision-making and profiling Our site and AI assistant may perform automated processing (e.g., routing, prioritizing, classifying inquiries) to provide quick responses and schedule calls. This does not produce legal or similarly significant effects on individuals. You can request human review or object to such processing by contacting us. 4) Cookies & similar technologies We use cookies and similar technologies: Strictly necessary cookies – required for the site and security. (No consent required.) Analytics/performance cookies – help us understand traffic and improve the site. (Consent required in the EEA/UK.) Functionality cookies – remember preferences such as language. (Consent where required.) You can manage or withdraw consent at any time through our Cookie Settings on the site. Your browser may also allow you to block cookies; however, some features may not work without them. 5) Sharing of personal data We share personal data only with: Service providers (processors) who host our infrastructure, provide analytics, communications, scheduling, email delivery, CRM, security, and support. They process data under our instructions and are bound by confidentiality and data protection obligations. Professional advisers and auditors (where necessary). Authorities and courts where legally required. Business transfers: if we undergo a merger, acquisition, or reorganization, your data may be transferred under appropriate safeguards. We maintain a list of core sub-processors and update it when materially changed. Contractual safeguards (e.g., DPAs) apply to all processors. 6) International data transfers If personal data is transferred outside the EEA/UK/Switzerland, we will ensure an adequate level of protection using one or more of the following mechanisms: An adequacy decision by the European Commission or UK Government (where available); The EU Standard Contractual Clauses (SCCs) and/or UK IDTA/Addendum, plus transfer impact assessments and supplementary measures where appropriate; Participation by the recipient in an approved certification or framework recognized under applicable law. You can request a copy of the relevant transfer safeguards by contacting us (redactions may apply for confidentiality). 7) Data retention We retain personal data only as long as necessary for the purposes above, including to comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods: Website inquiries and communications: 24 months after last interaction (unless a business relationship forms). Marketing contacts: until you opt out or we determine data is outdated/inactive. Analytics data: according to our cookie settings and provider retention controls. Contracts, billing, and tax records: as required by law (often 6–10 years). When retention ends, we delete or irreversibly anonymize the data. 8) Security We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls (role-based, least privilege), environment segregation, logging/monitoring, and vendor due diligence. No method of transmission or storage is 100% secure; if we detect a personal data breach with a risk to your rights and freedoms, we will notify you and/or the competent authority as required by law. 9) Your rights (EEA/UK/Swiss residents) Subject to the conditions and exceptions in applicable law, you have the right to: Access your personal data and obtain a copy; Rectify inaccurate or incomplete data; Erase your data (“right to be forgotten”); Restrict processing; Port your data to another provider (data portability); Object to processing based on legitimate interests (including direct marketing); Withdraw consent at any time (where processing is based on consent); Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects; and Lodge a complaint with your local Data Protection Authority. You can find contact details of EU/EEA authorities on the European Data Protection Board’s website and of the UK ICO on its website. To exercise your rights, please contact us using the details above. We may need to verify your identity and will respond within the time limits set by law. 10) Children’s privacy Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children under the age applicable in their country (up to 16 in the EEA). If you believe a child has provided us personal data, please contact us so we can delete it. 11) Controller–processor roles for customers For data that our customers submit to our products (e.g., reservations, messages, transcripts, classifications, images) we typically act as a data processor. Customers are responsible for providing their own privacy notices and obtaining any required consents. We process such data strictly under the customer’s instructions and our DPA. This website Privacy Policy does not replace the DPA. 12) Third-party links Our website may include links to third-party sites or services. We are not responsible for their privacy practices. Please review their policies before providing personal data. 13) Changes to this policy We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will post the updated version with a new “Effective date” and, where appropriate, provide additional notice. 14) Contact If you have any questions or concerns about this Privacy Policy or our data practices, please contact: Ipsoia Email: privacy@ipsoia.com Postal address: san sabe 231, 91054 erlangen DPO/Privacy contact: CEO If you are in the EEA/UK/Switzerland, you also have the right to complain to your local supervisory authority at any time.