Privacy Policy

Last Updated: February 2026

This Privacy Policy explains how AYETO.ai ("we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our AI assistant services (the "Service"). It also outlines your rights under the General Data Protection Regulation (GDPR) and other applicable EU/Czech laws. By using our Service, you consent to the practices described herein.

Definitions

• Account: A unique profile enabling access to our Service.
• Affiliate: An entity controlling, controlled by, or under common control with us (where "control" means ≥50% ownership).
• Company (Data Controller): Refers to AYETO.ai
• Cookies: Small text files placed on your device to track activity (e.g., session or persistent cookies).
• Device: Any tool (computer, phone, tablet) used to access the Service.
• Personal Data: Information identifying or relating to you as an individual (e.g., email, IP address).
• Service: The AI assistant platform provided via AYETO.ai.
• Service Provider (Data Processor): Third parties processing data on our behalf (e.g., cloud hosting, analytics).
• Usage Data: Automatically collected metrics (e.g., visit duration, device type).

Data Collection & Use

Types of Data Collected

Personal Data

• Voluntarily provided: Email address, payment details (for subscriptions).
• Automatically collected: IP address, device ID, browser type, usage patterns.

Usage Data

• Includes metadata (e.g., pages visited, time spent, diagnostic data).

AI Interaction Data

• Inputs (prompts) you submit to AI services
• Outputs generated by AI models
• Conversation history within sessions

Tracking Technologies

• Cookies: Essential for functionality (e.g., login sessions), preference settings, and analytics.
• Web Beacons: Track engagement with emails/webpages.

You may adjust cookie settings via your browser, but blocking essential cookies may limit Service functionality.

Third-Party AI Providers and Data Processing

International Data Transfers

Your data may be processed by our third-party AI providers in various jurisdictions:

For transfers outside the EEA, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) where applicable.

AI Provider Data Practices

• Paid services: Most providers do not use your data for model training
• Free tiers: Some providers may use data for service improvement
• Safety monitoring: All providers may retain data temporarily for abuse detection

Transfers to Third Countries Without Adequacy Decisions

The following providers operate in countries without EU adequacy decisions:

Risks of Third-Country Transfers: These countries may have laws that permit government access to data under circumstances different from those in the EU. While we implement SCCs and additional safeguards, we cannot guarantee that such access will not occur.

Your Choices: You may choose to use only AI models from providers in countries with adequacy decisions (US providers under EU-US Data Privacy Framework, or EU-based processing). Contact us for guidance on available options. We recommend not submitting sensitive, confidential, or personal information to AI services.

Legal Basis & Purpose of Processing

We process your data under the following GDPR lawful bases:

• Contractual Necessity: To provide the Service (e.g., account management, payment processing).
• Consent: For marketing communications or non-essential cookies (revocable at any time).
• Legal Obligations: To comply with Czech/EU laws (e.g., tax records).
• Legitimate Interests: To improve Service security, analytics, or business operations.

Data Sharing & Transfers

We may share your data with:

• Service Providers: Processors bound by GDPR-compliant agreements (e.g., payment gateways, hosting providers).
• AI Model Providers: As necessary to provide AI-powered features.
• Affiliates & Business Partners: Only with your explicit consent or for contractual fulfilment.
• Legal Authorities: If required by law (e.g., court orders, fraud prevention).
• International Transfers: Data may be transferred outside the EU/EEA only to countries with adequate data protection (e.g., via EU Standard Contractual Clauses).

Data Retention

We retain Personal Data: - As long as necessary for Service delivery (e.g., account maintenance). - To comply with legal obligations (e.g., tax records: 10 years under Czech law). - Usage Data is anonymized or deleted after 24 months unless used for security improvements. - AI conversation data is retained according to the retention policies of respective AI providers.

Your Rights (GDPR)

You have the right to: - Access, correct, or delete your data. - Restrict processing or object to direct marketing. - Data portability (receive your data in a machine-readable format). - Withdraw consent (where applicable). - Lodge a complaint with the Czech Office for Personal Data Protection.

To exercise these rights, contact support@ayeto.ai. We will respond within 30 days.

Security Measures

We implement safeguards like encryption, access controls, and regular audits. However, no system is 100% secure—promptly report suspicious activity to us.

Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect data from minors. Contact us if you believe a child has provided data without parental consent.

Third-Party Links

We are not responsible for the privacy practices of external sites linked through our Service. Review their policies before sharing data.

Policy Updates

We will notify you of material changes via email or in-service alerts 30 days before they take effect. Continued use constitutes acceptance.

Contact Information

Data Controller:

AYETO.ai
Email: info@ayeto.ai

For complaints, contact the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů).