Sign in Try for free
🇬🇧 English 🇩🇪 Deutsch 🇨🇿 Čeština 🇫🇷 Français 🇵🇱 Polski 🇪🇸 Español 🇮🇹 Italiano 🇭🇺 Magyar

Personal Data Processing Policy (GDPR)

Effective from: February 4, 2026

1. Data Controller

Controller: Roman Šlancar, DiS., ID No.: 75717051, with registered office at Bohuslava Martinů 802/9, 602 00, Brno - Stránice.

Contact e-mail: info@papagai.net

2. Scope and Purpose of Processing

2.1. In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), we process personal data exclusively to the extent necessary for providing the service and fulfilling legal obligations.

2.2. Processing is carried out on the basis of the following legal grounds:

  • Article 6(1)(b) GDPR – performance of a contract
  • Article 6(1)(c) GDPR – compliance with a legal obligation
  • Article 6(1)(f) GDPR – legitimate interests of the controller
  • Article 6(1)(a) GDPR – consent of the data subject

3. Categories of Processed Data

3.1. Identification data – first name, last name, company name, ID number, VAT number.

3.2. Contact data – email address.

3.3. Billing data – data required for issuing tax documents.

3.4. Technical data – IP address, browser type, operating system, cookies.

3.5. Service usage data – conversation history, knowledge base content.

4. Personal Data Processors

4.1. We use the following processors for personal data processing:

  • Stripe, Inc. – payment processing
  • Hetzner Online GmbH – hosting and data storage
  • AI model providers – chatbot query processing

4.2. Data processing agreements in accordance with Article 28 GDPR have been concluded with all processors.

5. Retention Period

5.1. We retain personal data only for the period necessary to fulfill the purpose of processing:

  • For the duration of the contractual relationship
  • Billing data – 10 years (Accounting Act)
  • Account data – 30 days after deletion
  • Technical logs – maximum 12 months

6. Rights of Data Subjects

6.1. Every data subject has the right to:

  • Access to data (Art. 15 GDPR)
  • Rectification of data (Art. 16 GDPR)
  • Erasure of data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)

6.2. Please send requests to info@papagai.net. We will respond within 30 days.

6.3. You have the right to lodge a complaint with the supervisory authority – the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

7. Security

7.1. We have adopted technical and organizational measures to ensure the security of processing in accordance with Article 32 GDPR, in particular:

  • Data transmission encryption (TLS)
  • Data access control
  • Regular backups
  • Security incident monitoring

8. Processing of User's Client Data

8.1. The User of the PapagAI service acts as an independent data controller in relation to the end users of their chatbot.

8.2. The Provider acts as a data processor in relation to the data of chatbot end users within the meaning of Article 28 GDPR.

8.3. The User is obliged to ensure that the processing of personal data of end users through the chatbot complies with GDPR, including informing end users about the processing of their data.

9. Records of Processing Activities

9.1. The Controller maintains records of processing activities in accordance with Article 30 GDPR.

Contact: info@papagai.net

Last updated: February 4, 2026