This Privacy Policy explains how we collect, use, and protect personal data when you use Companion services, including platform features, account functions, analytics, communication features, and AI-supported search and content tools.
Personal data means any information relating to an identified or identifiable natural person.
The controller under Art. 4(7) GDPR is:
We process personal data only where necessary and on an appropriate legal basis. Depending on the situation, this may include Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps), Art. 6(1)(c) GDPR (legal obligations), and Art. 6(1)(f) GDPR (legitimate interests, such as secure and reliable service operation).
EEA means the European Economic Area, which includes all European Union (EU) member states plus Iceland, Liechtenstein, and Norway.
Where data is transferred outside the EEA, we use lawful transfer mechanisms, such as adequacy decisions or Standard Contractual Clauses (SCCs), and apply additional safeguards where required.
Unless otherwise stated, personal data is stored only as long as required for the relevant purpose or to comply with legal retention obligations. When data is no longer needed, it is deleted or restricted.
Data subjects have the right to access, rectification, erasure, restriction, objection, and data portability, as well as the right to withdraw consent at any time where processing is based on consent. Data subjects also have the right to lodge a complaint with a supervisory authority.
Some personal data is required to establish, perform, and maintain service relationships. If required data is not provided, we may be unable to provide all or part of the service.
As a general rule, we do not use fully automated decision-making under Art. 22 GDPR that produces legal or similarly significant effects for individuals.
Depending on service usage, we may process:
We process personal data for the following purposes:
We work with carefully selected service providers that process data on our behalf where needed to deliver our services. Depending on configuration and use case, this may include cloud infrastructure, communication providers, payment providers, vector search infrastructure, and selected integration partners.
Where providers process personal data on our behalf, we put contractual safeguards in place (including data processing terms where required).
Some Companion features use AI-supported processing to improve search and content experience. In plain terms, this may include:
We only share personal data where there is a valid legal reason, such as providing the service, meeting legal obligations, protecting rights, or supporting essential operations through trusted providers.
If data is transferred internationally, we apply GDPR-compliant safeguards, including adequacy decisions and/or SCCs.
We retain data only for as long as needed for the purposes described in this policy, unless a longer period is required by law.
Retention periods are defined internally by data type and purpose, for example account and contractual records, security and audit logs, service usage and analytics records, and communication and support records.
We implement appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit, secure credential handling, monitoring, and internal authorization controls.
If you contact us (for example by email or support channels), we process the information you provide to handle your request and keep records where necessary for follow-up, quality assurance, and legal compliance.
Where paid services are offered, billing-related information may be processed to manage subscriptions, invoices, and payments through payment service providers.
The exact data categories processed for payment depend on the payment method and provider used.
You can exercise your GDPR rights by contacting . We may need to verify identity before processing a request to protect personal data and prevent unauthorized disclosure.
You have the right to lodge a complaint with a data protection supervisory authority if you believe your personal data has been processed unlawfully.
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The current version will be made available through our usual communication channels.
Users are responsible for the files, media, and other content they upload, submit, or make available through the service.
By uploading content, users confirm that:
Our platform provides hosting, processing, and search features for user-provided content. We do not claim ownership of user-uploaded content.
We process such content to provide agreed service functions, including storage, indexing, security controls, analytics, quality improvements, and AI-supported search features. We do not actively verify every upload before it is processed.
Where legally required, contractually required, or necessary to protect users, rights holders, or the service, we may review, restrict, remove, or block content, and may suspend related access.
If we receive credible reports of illegal content, intellectual property infringement, privacy violations, or abuse, we may investigate and take proportionate action, including temporary restriction or removal of relevant content.
Where required by law, court order, or binding regulatory request, we may disclose relevant information to public authorities or other legally authorized recipients.
We may also retain relevant records where necessary for legal claims, dispute handling, fraud prevention, or compliance obligations.
By using our website, you consent to this Privacy Policy and agree to its terms.
Like most websites, we use log files and cookies. Log files may include IP address, browser type, ISP, date/time stamps, referring/exit pages, and click information, generally for service operation, trend analysis, security, and improving the website.
Cookies may be used to store visitor preferences and optimize content based on browser and device context. You can usually manage cookies through your browser settings.
Under the CCPA, California consumers may request disclosure of data categories and specific personal data collected, request deletion of personal data, and request that a business not sell personal data.
If you make a request, we will respond within the legally required timeframe.
Protecting children online is important. We do not knowingly collect personal identifiable information from children under 13. If you believe a child has provided such information, please contact us and we will take prompt steps to remove it.