Privacy Policy

Last updated: March 3, 2026

1. INTRODUCTION

This Privacy Policy explains how [Your Full Legal Name], conducting business as Smuvi AI, a sole proprietorship registered in Poland (“Smuvi AI”, “Company”, “we”, “us”, or “our”), collects, uses, processes, stores, and protects personal data.

This Privacy Policy applies to:

Visitors to our website
Clients using our platform
Individuals contacted through messaging services operated on behalf of our clients (“End Customers”)
Users interacting with our automated communication systems

2. OUR ROLE IN DATA PROCESSING

2.1. When We Act as Data Processor

In most cases, Smuvi AI processes personal data on behalf of our clients who control how and why personal data is used.

When acting as a Data Processor:

We process personal data solely according to client instructions.
Our clients are responsible for obtaining lawful consent and ensuring compliance with applicable marketing and privacy laws.

End Customers who receive messages from our systems should contact the business that initiated the communication for privacy-related requests.

2.2. When We Act as Data Controller

We act as Data Controller when processing personal data relating to:

Website visitors
Prospective clients
Account registration and billing information
Customer support inquiries
Business communications with clients

3. PERSONAL DATA WE COLLECT

Purpose of Processing

Categories of Data

Legal Basis (GDPR)

Account & Service Provision: Creating your account, providing platform access, and managing our business relationship.

Name, email address, business details, account credentials.

Contract Performance (Art. 6(1)(b)): Necessary to fulfill our agreement with you.

Billing & Administration: Issuing invoices, processing payments, and maintaining financial records.

Billing address, NIP/VAT ID, payment history, transaction details.

Legal Obligation (Art. 6(1)(c)): Necessary to comply with Polish tax and accounting laws.

Customer Support: Responding to your inquiries, technical issues, or feedback.

Contact details, communication history, support ticket content.

Legitimate Interest (Art. 6(1)(f)): Our interest in providing high-quality support and maintaining client satisfaction.

Marketing & Updates: Sending newsletters, product updates, or promotional offers.

Name, email address.

Consent (Art. 6(1)(a)): Provided voluntarily when you sign up for our newsletter or marketing.

Security & Analytics: Monitoring platform performance, preventing fraud, and improving user experience.

IP address, browser type, usage logs, device identifiers.

Legitimate Interest (Art. 6(1)(f)): Our interest in ensuring system security and optimizing our services.

4. AUTOMATED PROCESSING AND AI

Our Services use automated artificial intelligence systems to:

Generate and respond to messages
Analyze communication patterns
Assist in scheduling appointments
Improve system performance

We do not use your personal data for profiling or automated decision-making that produces legal effects or significantly affects you.

Profiling is any form of automated processing of personal data to evaluate certain personal aspects of an individual—for example, analyzing or predicting a person's economic situation, health, personal preferences, interests, reliability, or behavior.

While Smuvi AI utilizes artificial intelligence to assist in communication and scheduling, these processes are technical tools designed to facilitate interactions. We do not use these systems to "profile" you or your End Customers in a way that would result in automated legal decisions (such as automatically rejecting a contract or assessing creditworthiness).

All final business decisions and the management of relationships remain under human control, and you retain all rights to object to any automated processing of your data.

5. LEGAL BASIS FOR PROCESSING (GDPR)

Where applicable under GDPR, and we act as data controller we rely on the following legal bases as detailed in the table above:

Performance of a contract
Legitimate business interests
Compliance with legal obligations
Consent (where required)

When acting as Data Processor, the legal basis is determined by our client.

6. DISCLOSURE OF PERSONAL DATA

We may share personal data with:

6.1. Service Providers and Subprocessors

Including providers of:

SMS and messaging infrastructure
Cloud hosting services
Artificial intelligence processing services
Payment processing
Customer relationship management systems
Analytics and monitoring tools

All subprocessors are subject to confidentiality and data protection obligations.

6.2. Legal Compliance

We may disclose personal data when required by law or to protect legal rights, safety, or system security.

6.3. Business Transfers

If Smuvi AI undergoes merger, acquisition, or asset transfer, personal data may be transferred subject to confidentiality protections.

7. INTERNATIONAL DATA TRANSFERS

Personal data may be transferred and processed outside the country where it was collected.

Where required, Smuvi AI implements appropriate safeguards including:

Standard Contractual Clauses (SCCs)
Contractual data protection commitments
Vendor due diligence procedures

8. DATA RETENTION

Category of Data / Purpose

Retention Period

Legal Justification

Client Account Data (Service provision)

For the duration of the contract plus 6 years after its termination or such longer period as may be required by the statute of limitations under the law governing the contract.

Polish Civil Code: Limitation period for claims arising from business activities.

Billing & Accounting Records (Invoices, tax data)

5 years from the end of the calendar year in which the tax payment was due.

Polish Accounting Act and Tax Ordinance.

Marketing & Newsletter Data

Until you withdraw your consent or object to the processing.

GDPR: Consent remains valid until withdrawn.

Support & Contact Inquiries

For the duration of the communication plus 3 years for evidence purposes.

Protection against potential claims and history of customer relations.

End Customer Data (Processed on behalf of Clients)

From 30 days up to 12 months, depending on the type of log.

Legitimate interest: Ensuring security and analyzing website performance.

Technical Logs & Cookies

From 30 days up to 90 days, depending on the type of log.

Legitimate interest: Ensuring security and analyzing website performance.

Notwithstanding the periods mentioned above, we may retain your personal data for a longer duration whenever such retention is necessary for the establishment, exercise, or defense of legal claims (e.g., in the event of a dispute or litigation). In such cases, data will be stored until the respective claims are time-barred under applicable law or until the final resolution of any ongoing proceedings.

Please note that when Smuvi AI acts as a Data Processor (e.g., processing data of individuals contacted by our Clients), we do not determine the retention periods for that data. The duration for which your data is stored is decided solely by the Data Controller (our Client). If you are an End Customer, you should consult the privacy policy of the specific organization that initiated the communication with you to find information about their data retention practices

9. DATA SECURITY

Depending on your location, you may have rights including:

Right of Access: You have the right to obtain confirmation as to whether or not your personal data is being processed, and where that is the case, access to the personal data and information regarding the purposes of processing, categories of data, and recipients.
Right to Rectification: You have the right to request the correction of inaccurate personal data or the completion of incomplete data we hold about you without undue delay.
Right to Erasure / “Right to be Forgotten”: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal ground for processing.
We may be legally required to retain certain data for tax, accounting, or legal compliance purposes.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your data (meaning we store it but do not use it) if you contest the accuracy of the data, if the processing is unlawful, or if we no longer need the data but you require it for legal claims.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller where the processing is based on consent or a contract.
Right to Object: You have the right to object to the processing of your data based on our legitimate interests or for direct marketing purposes. If you object to processing for marketing, we will stop processing your data for these purposes immediately.
Right to Withdraw Consent: If our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. For Smuvi AI, the competent authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych – PUODO). Addres: ul. Stawki 2, 00-193 Warsaw, Poland. https://uodo.gov.pl/en.

Requests should be submitted using contact information provided below.

If we process personal data on behalf of a client, requests should be directed to that client organization.

11. MARKETING AND COMMUNICATION PREFERENCES

Individuals receiving communications generated through our platform should follow opt-out instructions included in messages or contact the organization that initiated the communication. We send marketing messages only in case of receiving prior agreement or information that data collector received one.

12. COOKIES AND TRACKING TECHNOLOGIES

We may use cookies and similar technologies to:

Operate platform functionality
Improve user experience
Analyze usage patterns
Maintain security controls

Users may modify browser settings to manage cookie preferences.

13. THIRD-PARTY SERVICES AND LINKS

Our Services may contain links or integrations with third-party platforms. Smuvi AI is not responsible for third-party privacy practices. Users should review third-party privacy policies separately.

14. CHILDREN’S PRIVACY

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware of such data collection, we will delete the information.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Updated versions will be posted on our website with a revised “Last Updated” date. Continued use of Services constitutes acceptance of updated terms.

16. CONTACT INFORMATION

If you have questions, requests, or concerns regarding this Privacy Policy or personal data processing, please contact:

Smuvi AI

Mateusz Weltrowski-Knopik

[Business Address]

Email: [Insert Email]

Website: www.smuviai.com

Nip: [Insert Nip]

KRS: [Insert KRS]

mateusz@smuviai.com