PRIVACY & COMPLIANCE (GDPR) – AINETBUSINESS
Last updated: 21-01-2026

This page explains how AINETBUSINESS (“Platform”, “we”, “us”) processes information, how AI features work, what data we store, for how long, and what safeguards we apply. It is written to support transparency under the EU GDPR and related European privacy principles.

1) WHO WE ARE (DATA CONTROLLER) & CONTACT
Data Controller:
CONNEXT EOOD
Dunav 35, Sofia Center, 1000 Sofia, Bulgaria

Privacy contact (data requests / GDPR):
connexcteood@proton.com

If you submit a privacy request, please include:
- the email address used for your account
- request type (access, deletion, etc.)
- enough information to verify your identity (only if necessary for security)

2) SCOPE
This policy applies to:
- the AINETBUSINESS website and platform
- account registration, authentication, and use of platform features
- support communications and operational notices

No marketing trackers / no advertising pixels:
We do not use advertising trackers or marketing pixels. We do not sell personal data.

3) HOW AI WORKS (IMPORTANT – READ FIRST)
AINETBUSINESS is an orchestration layer that can connect to external AI engines (e.g., OpenAI and/or equivalent providers enabled in the Platform configuration) to generate outputs.

Key points:
- AINETBUSINESS does NOT provide a proprietary foundation AI model.
- AINETBUSINESS does NOT train its own AI model using customer prompts/content.
- AI outputs are generated by selected third-party AI providers based on the input the user submits and the platform’s request-optimization logic (formatting, structured prompts, guardrails, and output handling).

User responsibility & content warning:
- Do not submit unnecessary personal data.
- Do not submit sensitive/special categories of personal data (e.g., health, biometric, genetic, political opinions, religious beliefs, sexual life), children’s data, or confidential third-party information unless you have a lawful basis and it is strictly necessary for your use case.
- You remain responsible for the legality of the content you submit and for the instructions you provide to the Platform.

4) DATA WE COLLECT
Depending on how you use AINETBUSINESS, we may process:

A) Account & Contact Data
- email address
- authentication data (stored securely)
- optional profile details you voluntarily provide (e.g., name/company)

B) Technical & Security Data (Logs)
- IP address (for security and anti-abuse)
- timestamps, device/browser technical identifiers
- error logs and security event logs
Purpose: platform security, troubleshooting, preventing abuse, ensuring availability.

C) Content Submitted by Users (Prompts / Requests)
- text you enter into the Platform
- outputs returned to you (responses)
If you use AI features, your content may be transmitted to external AI providers strictly to provide the requested service functionality.

D) Support Data
- messages you send to support
- technical information you provide to help solve an issue

E) Billing / Invoicing Data (if applicable)
- invoice details, payment status, transaction references
Note: payment card details (if any) are generally handled by payment processors and are not stored by us, depending on the billing setup.

5) PURPOSES OF PROCESSING & LEGAL BASES (GDPR)
We process data only for legitimate purposes, including:

(1) Service delivery (GDPR Art. 6(1)(b) – contract)
- create and manage your account
- provide platform functions
- provide customer support and operational communications

(2) Security and abuse prevention (GDPR Art. 6(1)(f) – legitimate interest)
- protect the platform from attacks, fraud, and misuse
- maintain integrity, availability, and reliability
- investigate incidents and enforce platform rules

(3) Legal compliance (GDPR Art. 6(1)(c) – legal obligation)
- comply with applicable accounting and tax obligations
- respond to lawful requests from competent authorities

(4) Improvements (GDPR Art. 6(1)(f) – legitimate interest)
- improve reliability and performance based on aggregated technical insights
We do not use marketing trackers; we do not run behavioral advertising.

6) HOSTING, STORAGE, AND THIRD-PARTY PROVIDERS (SUB-PROCESSORS)
Hosting and storage:
- The Platform infrastructure is hosted on Contabo servers. This includes operational storage and backups required to run the service.

External AI providers (when AI features are used):
- The Platform may connect to external AI providers (e.g., OpenAI) to generate outputs.
- Data transmitted to external AI providers is limited to what is necessary to fulfill your request.

We only use providers that are expected to maintain appropriate confidentiality and security standards and we limit the data shared to the minimum necessary to provide the service.

7) OPENAI & EXTERNAL AI PROVIDERS – COMPLIANCE POSITION (SUMMARY)
AINETBUSINESS relies on external AI providers whose services include documented privacy and security commitments.

For OpenAI specifically (when enabled/used via the Platform configuration), OpenAI publishes:
- a Data Processing Addendum (DPA) supporting customer GDPR compliance and clarifying roles/responsibilities (including OpenAI Ireland Ltd for EEA/Switzerland customers, as applicable)
- security and privacy documentation describing compliance programs and independent audit coverage
- a “your data” program stating that data sent to the OpenAI API is not used to train or improve OpenAI models by default (unless customers opt in), and describing retention controls
- a trust portal referencing independent audit reports and compliance certifications (e.g., SOC 2 reporting and ISO certifications)

Important:
- Compliance depends on the specific provider, the selected configuration, and the customer’s use case.
- We avoid absolute guarantees because legal obligations can depend on how the customer uses the platform and what data is submitted.

8) INTERNATIONAL DATA TRANSFERS
If data is processed outside the EEA/UK/Switzerland (depending on provider configuration), transfers are handled using appropriate safeguards such as Standard Contractual Clauses (SCCs) and other lawful mechanisms, together with reasonable technical and organizational measures.

Note: processing locations may vary based on provider services and configurations.

9) DATA RETENTION (CLEAR & STRICT)
We retain personal data only for as long as needed for the purposes in this policy.

Our standard retention rules:
- Security/technical logs: retained for 30 days, then deleted or anonymized.
- Backups: retained for 10 days (rolling backups), then overwritten/deleted.
- Account data: retained while your account is active. After account closure, we retain essential records only as necessary for legal obligations and security (e.g., to prevent abuse), then delete or anonymize where possible.
- Billing/invoices (if applicable): retained for the period required by applicable accounting/tax laws.

Deletion requests:
You can request deletion of your account and associated personal data. We will delete or anonymize data where technically feasible and legally permissible, noting that certain records may need to be retained to comply with legal obligations.

10) SECURITY MEASURES
We apply reasonable technical and organizational measures designed to protect data against unauthorized access, loss, misuse, alteration, or disclosure, including:
- access controls and least-privilege practices
- secure authentication and credential protection
- encryption in transit (TLS/HTTPS)
- monitoring and security logging (retained 30 days)
- backup and recovery procedures (10-day rolling backups)
No system is 100% secure; however, we continuously work to maintain and improve platform security.

11) YOUR RIGHTS UNDER GDPR
Subject to applicable law, you have the right to:
- access your personal data
- rectify inaccurate data
- request deletion (where applicable)
- restrict processing
- data portability
- object to processing (where based on legitimate interests)
- withdraw consent (where processing is based on consent)
- lodge a complaint with a supervisory authority

To exercise your rights, contact: connexcteood@proton.com

12) COOKIES
We use only essential cookies required for basic website/platform functionality (e.g., session/login).
We do not use advertising trackers or marketing pixels.
You can control cookies via your browser settings.

13) CHILDREN
The Platform is not intended for individuals under 18. We do not knowingly collect data from children. If you believe a minor provided personal data, contact us and we will take appropriate steps.

14) CHANGES
We may update this page from time to time. The “Last updated” date indicates the latest revision. Changes become effective when posted here.

END OF PRIVACY & COMPLIANCE PAGE
Company: CONNEXT EOOD – Dunav 35, Sofia Center, 1000 Sofia – connexcteood@proton.com