Privacy Policy

Last updated: February 26, 2026

1. Data Controller

Your personal data is processed by:

Omnifio s.r.o.

Korunní 2569/108, 101 00 Praha – Vinohrady, Czech Republic

Company ID (IČO): 06737081

VAT ID (DIČ): CZ06737081

Email: info@omnifio.cz

For any privacy-related questions or to exercise your rights, contact us at info@omnifio.cz.

2. What Data We Collect

Data Category	Examples	Purpose
Account data	Name, email, hashed password	Account creation, authentication
Conversation data	Messages, photos you send	Providing the AI service, memory features
Memory data	Extracted facts, preferences	Persistent personalization across sessions
Payment data	Stripe customer ID, subscription status	Subscription management (card details stored by Stripe only)
Device & usage data	Browser type, push subscription, IP address	Service delivery, notifications, security
Consent records	Timestamps, IP at time of consent	Legal compliance, proof of consent

3. How We Use Your Data

Providing the Service: Processing your messages through AI, generating responses, maintaining conversation context and memory
Account management: Authentication, email verification, session management
Billing: Processing subscriptions via Stripe, managing trial periods
Notifications: Sending push notifications for proactive AI messages
Security: Protecting against unauthorized access, fraud detection
Improvement: Analyzing aggregate usage patterns to improve the Service (never selling individual data)

4. Legal Basis for Processing (GDPR Art. 6)

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to
Consent (Art. 6(1)(a)): For optional features like push notifications and AI memory extraction
Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, service improvement
Legal obligation (Art. 6(1)(c)): Tax records, legal compliance

5. AI Processing of Your Data

Important: Your conversations are processed by AI models (OpenAI) to provide responses. This means your messages are sent to OpenAI's API for processing. OpenAI processes this data as a sub-processor under their data processing agreement.

Specifically:

Your messages are sent to OpenAI's Responses API to generate AI replies
The AI extracts and stores "memories" (facts about you) to personalize future interactions
Photos you share are processed by AI for image understanding
Background AI tasks (proactive messages, daily planning) use your stored memories
OpenAI does not use your data to train their models (per their API data processing terms)

You may request deletion of all AI-processed data and memories at any time.

6. Third-Party Services

Service	Purpose	Data Shared
OpenAI	AI conversation processing	Message content, images
Stripe	Payment processing	Email, payment method (stored by Stripe)
Railway	Infrastructure hosting	Application data (encrypted at rest)

All third-party processors are contractually bound to process data in accordance with GDPR requirements.

7. Data Retention

Account data: Retained while your account is active, deleted within 30 days of account deletion
Conversations & memories: Retained while your account is active, deleted on account deletion
Payment records: Retained for 10 years as required by Czech tax law
Consent logs: Retained for 5 years for compliance purposes
Server logs: Automatically rotated, retained for a maximum of 90 days

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

Access: Request a copy of all personal data we hold about you
Rectification: Correct inaccurate personal data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request limitation of processing
Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interest
Withdraw consent: Withdraw consent at any time without affecting prior processing

To exercise any right, email us at info@omnifio.cz. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ) at uoou.cz.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA (specifically the United States, where OpenAI and Stripe operate). These transfers are protected by:

EU-US Data Privacy Framework certification (where applicable)
Standard Contractual Clauses (SCCs) approved by the European Commission

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Passwords hashed with bcrypt (12 rounds)
HTTPS encryption for all data in transit
Session-based authentication with secure cookies
Database hosted on encrypted infrastructure
Payment data handled exclusively by Stripe (PCI DSS compliant)

11. Children's Privacy

SEEYAAA is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover that a user is under 18, we will promptly delete their account and all associated data.

The Family/Kids mode is a content-safe mode for use by children under direct supervision of an adult account holder. The adult account holder is responsible for all activity in this mode.

12. Cookies

SEEYAAA uses the following cookies:

Session cookie (essential): Maintains your login session. Expires after 7 days of inactivity. Strictly necessary — no consent required.

We do not use tracking cookies, analytics cookies, or advertising cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact

For privacy inquiries, data requests, or complaints:

Omnifio s.r.o.

Email: info@omnifio.cz

Address: Korunní 2569/108, 101 00 Praha – Vinohrady, Czech Republic