1. Data controllers
Joint data controllers for the Service are:
Ai Powerhouse Swiss AG — Gotthardstrasse 18, 6300 Zug, Switzerland.
HAZEL LABS d.o.o. — Litostrojska cesta 42B, 1000 Ljubljana, Slovenia, VAT ID SI33997250.
For any privacy request, contact us at hrastar.uros@gmail.com.
2. What we collect
We collect the minimum personal data needed to run the Service:
- Account data: name, email, password hash, company, role, locale.
- Billing data: VAT ID, billing address, masked payment identifiers (full card data is held by our payment processor, not by us).
- Content data: prompts, files, conversations, generated Outputs, and any data you connect via third-party integrations.
- Usage data: feature usage, credit consumption, API call timestamps, error logs, device and browser metadata.
- Communication data: support tickets, emails, contact form submissions.
- Cookies and similar technologies: see the Cookie Policy.
3. Why we process it (legal bases)
- Performance of contract — to provide the Service you signed up for.
- Legitimate interest — to secure, improve, and analyze the Service.
- Legal obligation — accounting, tax, anti-fraud, and lawful requests.
- Consent — for non-essential cookies, marketing emails, and optional analytics.
4. AI processing
Your prompts and content are sent to our orchestration engine and, where required by the requested task, to vetted third-party model providers under data-processing agreements. We do not use your content to train foundation models without explicit opt-in. Outputs are stored in your workspace and accessible only to your authenticated team members.
5. Sub-processors
We rely on a limited list of sub-processors, including:
- Cloud infrastructure providers (EU-resident).
- Database and storage providers.
- AI model providers (for specific agent tasks).
- Payment processors (Stripe and equivalent).
- Transactional email providers (Resend and equivalent).
- Analytics and product telemetry providers.
- Customer support tooling.
An up-to-date list is available on request.
6. International transfers
Our primary infrastructure is EU-resident. Where data is transferred outside the EU/EEA or Switzerland, we rely on Standard Contractual Clauses, the Swiss-US Data Privacy Framework where applicable, and supplementary technical safeguards (encryption in transit and at rest).
7. Retention
We retain personal data for as long as your account is active and as needed to provide the Service. After account closure, account and content data are deleted within 90 days, except where longer retention is required by law (e.g. 10 years for invoicing under Swiss/Slovenian law).
8. Your rights
Under GDPR and the Swiss FADP you have the right to:
- Access and obtain a copy of your personal data.
- Rectify inaccurate data.
- Erase data ("right to be forgotten") where applicable.
- Restrict or object to certain processing activities.
- Receive your data in a portable format.
- Withdraw consent at any time without affecting prior processing.
- Lodge a complaint with your supervisory authority (e.g. the Slovenian Information Commissioner or the Swiss FDPIC).
To exercise any right, email hrastar.uros@gmail.com.
9. Security
We apply industry-standard technical and organizational measures: encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logs, regular backups, dependency scanning, and segregation of production data. No system is 100% secure; we will notify affected users and regulators of any data breach without undue delay as required by law.
10. Children
The Service is not directed to anyone under 18. We do not knowingly collect data from children.
11. Changes
We will notify you of material changes to this Privacy Policy by email or in-app notice at least 14 days before they take effect.