Euthymia

Privacy Policy

Last updated: February 1, 2026

1. Introduction and data controller

This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you use our services. It applies to users in the European Economic Area (EEA), the United Kingdom (UK), and the State of California, and is designed to comply with the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

The data controller responsible for your personal data is Dopredu s.r.o. (“we”, “us”, or “our”). If you have questions about this policy or our data practices, please contact us using the details in Section 12.

2. Data we collect

We collect and process the following categories of personal data in connection with our services:

  • Account data: When you create an account, we collect your name, email address, a hashed representation of your password, email verification status, and optionally a profile image. We use this to create and manage your account and to authenticate you.
  • Session data: When you sign in, we store session identifiers, your IP address, browser or app user agent, and session expiry information. We use this to maintain your session and for security and fraud prevention.
  • Integration data: If you connect third-party services (such as Gmail or Google Drive), we store OAuth tokens, granted scopes, the connected account email and profile picture, and connection metadata. We use this to provide the integrated functionality you request.
  • Product usage data: We store the agents you create (including name and task description), chat runs, messages (including content and metadata), and schedules you configure. We use this to provide and improve our service and to fulfill your requests.
  • Organization data: We store organization name, plan type, trial period end date, and where applicable Stripe customer ID and subscription status. We use this to manage your organization and billing.
  • Technical and security data: We may collect and process logs, error reports, and other technical or security-related data necessary to operate, secure, and improve our services.

3. Purposes and legal basis (GDPR)

We process your personal data for the following purposes. Where the GDPR applies, we rely on the following legal bases:

  • Providing the service: Performance of our contract with you.
  • Authentication and account management: Performance of our contract with you.
  • Integrations (e.g. Gmail, Google Drive): Performance of our contract with you; your consent where required for connecting third-party accounts.
  • AI processing (e.g. chat and agent tasks): Performance of our contract with you.
  • Payments and subscriptions: Performance of our contract with you; compliance with legal obligations where applicable.
  • Support and communication: Performance of our contract with you; where applicable, our legitimate interest in communicating with you about the service.
  • Security, fraud prevention, and system integrity: Our legitimate interest in protecting our systems and users; compliance with legal obligations where applicable.
  • Legal and regulatory compliance: Compliance with legal obligations.

Where we rely on legitimate interest, we have balanced our interests against your rights and freedoms. You may have the right to object to processing based on legitimate interest (see Section 7).

4. Third parties and subprocessors

We share or allow access to personal data with the following categories of recipients, under appropriate contractual and technical safeguards:

  • OpenAI: We send chat messages and agent task content to OpenAI to provide AI-powered features. OpenAI processes this data in accordance with its privacy policy and our agreements.
  • Google: When you connect Gmail or Google Drive, we use Google OAuth and may send or receive data as needed to provide the integration. This is done at your direction when you connect your account.
  • Stripe: We use Stripe for payment and subscription management. Payment-related and subscription data may be shared with Stripe as necessary to process payments and manage your subscription.
  • Hosting and infrastructure: We use third-party providers for hosting, databases, and related infrastructure. These providers process data on our instructions and are bound by data processing agreements where required by law. A list of key subprocessors can be provided on request.

5. International transfers

Your personal data may be transferred to and processed in countries outside the EEA, UK, or your country of residence, including the United States. Where such transfers occur, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities, or other mechanisms permitted by applicable law. You may request further information about the safeguards we use for international transfers by contacting us at the address in Section 12.

6. Retention

We retain your personal data for as long as your account is active and as needed to provide the service, comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate backup, security, or audit purposes. Session data is retained for the duration of the session and a short period thereafter. Logs and other technical data may be retained for a limited period as necessary for security and operation. When data is no longer needed for these purposes, we delete or anonymize it in accordance with our retention practices.

7. Your rights

If you are in the EEA or UK (GDPR / UK GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data in certain circumstances.
  • Restriction: Request that we restrict processing in certain circumstances.
  • Data portability: Receive your data in a structured, commonly used, machine-readable format and, where feasible, have it transmitted to another controller.
  • Object: Object to processing based on legitimate interest or for direct marketing.
  • Withdraw consent: Where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint: Lodge a complaint with a supervisory authority in your country of residence.

If you are a California resident (CCPA/CPRA), you have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes, and the categories of third parties with whom we share it.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Correct: Request correction of inaccurate personal information.
  • Opt-out of sale and sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If our practices change, we will update this policy and provide a way to opt out where required.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Limit use of sensitive personal information: To the extent we use sensitive personal information beyond what is necessary to provide the service, you may have the right to limit our use. We use sensitive personal information only as necessary to provide the service and as described in this policy.

To exercise any of these rights, please contact us using the details in Section 12. We may need to verify your identity before processing your request. For California residents, you may also designate an authorized agent to submit requests on your behalf.

8. Cookies and similar technologies

We use cookies and similar technologies (such as local storage) that are strictly necessary for the operation of our service, including to maintain your session and authenticate you. These essential cookies do not require your consent under applicable law. We do not currently use non-essential cookies (such as analytics or advertising cookies) on our main service; if we introduce them in the future, we will update this policy and obtain consent where required.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest where appropriate, access controls, secure authentication, and regular review of our security practices. No method of transmission or storage is completely secure; we encourage you to use a strong password and to protect your account credentials.

10. Children

Our service is not directed at individuals under the age of 16 (or under 13 in the United States). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at the address in Section 12 and we will take steps to delete such information.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. For material changes, we may provide additional notice (such as by email or a prominent notice on our service) where appropriate under applicable law. Your continued use of the service after the effective date of the updated policy constitutes acceptance of the revised policy, except where further consent or other steps are required by law.

12. Contact

For any questions about this Privacy Policy, to exercise your privacy rights, or to contact our data protection contact, please reach us at:

Email: privacy@yourdomain.com

Data controller: Dopredu s.r.o.