PRIVACY POLICY
Last updated: June 7, 2026
This privacy policy (hereinafter — the Policy) explains how self-employed person Ilona Samoviča (hereinafter — the Controller) processes users' personal data in the AI GDPR Audit Tool application (hereinafter — the Application).
The Application is an automated tool that uses artificial intelligence (AI) technologies to perform initial express analysis of documents (preliminary audit). The Application is not a legal services provider, does not replace a qualified lawyer or attorney, and its recommendations are for informational purposes only. The final decision on document compliance and making corrections is always made by the User (a human).
1. General provisions
1.1. The Application infrastructure is provided by Next.js (Vercel) and Python/FastAPI technologies, while data analysis is performed by GeminiAI (Google Cloud) API services.
1.2. The Application is intended only for adults (18 years of age or older) in the context of economic or professional activities (B2B environment). By using this tool, You confirm that You are of legal age.
1.3. The service is provided on a "pay-per-document" basis: each new document analysis requires a separate payment, unless Demo mode is used.
2. Processed data and purposes
The Controller processes only the minimally necessary data to ensure Application functionality:
• 2.1. Uploaded document content: Processed solely for the purpose of automatic text analysis and preparation of a provisional GDPR audit report.
• 2.2. Contact information: The User's email address is processed to send purchase confirmation (payment receipt) and a unique link (_magic link_) to access the generated report.
• 2.3. Session and payment metadata: session_id, email address, payment status (e.g., _pending/paid_), payment identifiers, as well as request creation and processing timestamps.
• 2.4. Security and analytics data: IP address, browser identifiers (including digital fingerprint), to prevent abuse of the service and control Demo mode limitations.
3. Demo mode rules
3.1. Demo mode is intended only for the User to become familiar with the Application's operating principles and analysis quality. 3.2. To prevent system overload and fraud, free checks are technically limited to 2 (two) documents per day per anonymous user (identified by browser and IP address combination).
4. Data storage, security and "Zero-Retention" principle
4.1. Immediate document deletion (Zero-Retention): Uploaded documents are not stored permanently and are not written to the Controller's databases. Document content processing occurs in operational memory in real time, and the file is completely deleted immediately after analysis completion and report creation.
4.2. Prohibition of AI model training: User-uploaded document content and data contained therein are never used for training or improving artificial intelligence models (including Google Gemini).
4.3. The Controller stores only minimal session and payment metadata (see points 2.2 and 2.3) to ensure the User's access to the paid report for a specified period and to resolve possible technical incidents.
5. Payment processing
5.1. Payment processing and tax calculation (including VAT) on behalf of the Controller is performed by the Merchant of Record (MoR) payment provider. 5.2. The Controller does not access, process, or store the User's bank card or other payment instrument data. The Controller receives only the payment status and related transaction metadata sent by the payment provider.
6. Data transfer to third parties (Processors)
To ensure Application operation, data is transferred to the following trusted service providers:
• 6.1. Google Cloud / GeminiAI API: Document content is transferred in encrypted form for analysis. Data processing is performed on servers located in the European Union (EU) territory (e.g., Belgium or the Netherlands), ensuring full compliance with EU data protection standards.
• 6.2. Supabase: Used as database infrastructure for secure storage of sessions, access metadata, and user email.
• 6.3. Payment provider (MoR): Receives necessary data for purchase transaction processing and sending receipt to the User.
7. Legal basis for processing and compliance with EU legislation
7.1. The legal basis for personal data processing is:
• User consent (Article 6(1)(a) of the General Data Protection Regulation (GDPR));
• Contract performance or service provision upon User request (Article 6(1)(b) of the GDPR).
7.2. In accordance with the European Union Artificial Intelligence Act (EU AI Act), this Application is classified as a low-risk AI system because it does not make autonomous decisions with legal consequences, but operates only as a consultative auxiliary tool under the supervision of a natural person (the User).
8. User rights
8.1. You have the right to access your metadata, request its rectification, deletion or restriction of processing, and to object to processing, insofar as permitted by legislation.
8.2. Important notice: Given that uploaded documents are immediately deleted after analysis (see point 4.1), the Controller technically cannot restore, display, or provide the User with previously uploaded document content after the session ends.
8.3. To exercise your data subject rights or ask questions, please contact us electronically: info@prosolvely.com.
9. Consent and confirmation
9.1. By uploading a document, entering an email address and proceeding to payment, You confirm that You have fully read this Policy, understand and agree that:
• The results provided by the Application are advisory in nature only;
• The Application does not replace a lawyer and does not relieve You of the obligation to verify the legal correctness of the document yourself;
• Your data will be processed for the purposes and scope specified in this Policy.