Privacy Policy

Last updated: 6/2/2026

📧 Privacy Contact

For privacy-related questions, data requests, or concerns, please contact us at:legal@prioai.co

1. Controller and Contact Information

Data Controller under GDPR:

Yassin El Khati
d/b/a PrioAI
Seligenstädter Straße 57
63322 Rödermark (Oberroden)
Germany

Email: legal@prioai.co
Website: https://www.prioai.co

Data Protection Officer: For data protection inquiries, please contact legal@prioai.co

2. Collection and Processing of Personal Data

Account Data:

  • Email address (required for account creation)
  • Full name (optional)
  • Profile picture/avatar (optional)
  • Authentication data (password hashes, OAuth tokens)

Feedback Data:

  • Feedback texts submitted through our platform
  • Email addresses provided in feedback forms
  • Ratings and evaluations
  • Categories and classifications
  • Metadata (submission time, user agent, IP address)

Technical Data:

  • IP addresses for security and analysis
  • Browser type and version
  • Device information and screen resolution
  • Usage statistics and interaction data
  • Log files and system diagnostics

Payment Information:

  • Billing address and contact information
  • Payment method details (processed by Stripe)
  • Transaction history and invoices
  • Subscription status and plan details

3. Legal Basis for Processing

We process your personal data based on the following legal grounds according to Art. 6 GDPR:

  • Consent (Art. 6(1)(a) GDPR): For feedback collection and marketing communications
  • Contract Performance (Art. 6(1)(b) GDPR): To provide our services and process payments
  • Legitimate Interest (Art. 6(1)(f) GDPR): For security, fraud prevention, and service improvement
  • Legal Obligation (Art. 6(1)(c) GDPR): For tax reporting and compliance requirements

4. Purposes of Data Processing

  • Providing and maintaining our feedback management services
  • Processing and analyzing feedback using AI technology
  • Managing user accounts and authentication
  • Processing payments and billing
  • Sending service-related communications
  • Improving our services and developing new features
  • Ensuring platform security and fraud prevention
  • Complying with legal obligations
  • Sending marketing communications (with consent)

5. Data Sharing and Third Parties

We share your data with the following trusted service providers:

Essential Service Providers:

  • Supabase (Database): Data storage and authentication - EU/US, Adequacy Decision
  • Vercel (Hosting): Website hosting and content delivery - EU/US, Adequacy Decision
  • Stripe (Payments): Payment processing - EU/US, Adequacy Decision
  • Google Analytics: Website analytics and usage statistics - EU/US, Adequacy Decision
  • AI Processing Provider: Feedback analysis - US, Standard Contractual Clauses

We may also share data when:

  • Required by law or legal proceedings
  • Necessary to protect our rights or security
  • Part of a business transfer or merger
  • You have explicitly consented

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure adequate protection through:

  • EU-US Data Privacy Framework Adequacy Decisions
  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules of certified service providers
  • Other adequate safeguards under GDPR

7. Data Retention

We store your personal data only as long as necessary for the purposes outlined in this policy:

  • Account Data: Until account deletion plus 30 days for security purposes
  • Feedback Data: Until project deletion or upon request
  • Payment Data: 7 years for tax and accounting purposes
  • Marketing Data: Until consent withdrawal
  • Log Files: 90 days for security and performance analysis

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data
  • Right to Restrict Processing (Art. 18): Limit the use of your data
  • Right to Data Portability (Art. 20): Receive your data in structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at legal@prioai.co. We will respond within 30 days. You also have the right to file a complaint with your local data protection authority.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication and session management
  • Security and fraud prevention
  • Performance analysis and optimization
  • User preferences and settings
  • Analytics and usage statistics (Google Analytics)

Google Analytics:

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as:

  • Pages visited and time spent on each page
  • Device and browser information
  • Geographic location (country/city level)
  • Traffic sources and referrers
  • User interactions and behavior patterns

Google Analytics uses cookies to collect this information anonymously. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. Detailed information can be found in our Cookie Policy.

10. Data Security

We implement comprehensive security measures, including:

  • End-to-end encryption for data transmission
  • Encrypted data storage with industry-standard protocols
  • Multi-factor authentication for administrative access
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and security
  • Incident response procedures and breach notification protocols

11. Children's Privacy

Our services are not intended for and not directed to persons under 18 years of age. We do not knowingly collect, use, or disclose personal data from children under 18 years of age.

If you are under 18 years of age, you are not permitted to use our services or create an account. If you believe we have inadvertently collected personal data from a person under 18, please contact us immediately at legal@prioai.co and we will take prompt action to delete such information.

Parents and guardians are encouraged to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our services without parental permission.

12. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or applicable laws. Material changes will be communicated via email or prominent website notification at least 30 days before taking effect. Continued use of our services constitutes acceptance of the updated policy.

13. Contact Information

For questions about this privacy policy or our data protection practices:

Email: legal@prioai.co

Data Protection Inquiries: legal@prioai.co

Website: https://www.prioai.co

EU Representative: If you are located in the EU and need to contact a local representative, please use the contact information provided above.