Privacy Policy

This Privacy Policy describes how Resolvia Ltd. ("we", "us", "our", or "Resolvia") collects, uses, processes, and protects your personal data when you use our AI-powered customer support automation platform and related services (collectively, the "Services").

We are committed to protecting your privacy and ensuring the security of your personal data in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the ePrivacy Directive 2002/58/EC, and other applicable European Union and national data protection laws.

The data controller responsible for processing your personal data is:

If you have any questions about this Privacy Policy or our data processing practices, please contact us using the details provided above.

This Privacy Policy applies to all personal data processed by Resolvia in connection with:

• Our website accessible at resolvia.ai and all associated subdomains
• Our SaaS platform and web application
• Email automation and AI-powered customer support services
• Integration with third-party services (Gmail, Shopify, OpenAI, Stripe, etc.)
• Customer support and communication channels
• Marketing and promotional activities

This Privacy Policy does not apply to third-party websites, services, or applications that may be linked from our Services. We recommend reviewing the privacy policies of any third-party services you access through our platform.

Under the GDPR, we process your personal data only when we have a valid legal basis. The legal bases we rely on include:

3.1 Contractual Necessity (Article 6(1)(b) GDPR)

Processing is necessary for the performance of our contract with you or to take steps at your request before entering into a contract. This includes:

• Creating and managing your user account
• Providing access to our AI-powered email automation services
• Processing emails and generating automated responses
• Managing integrations with Gmail, Shopify, and other third-party services
• Processing payments and managing subscriptions
• Providing customer support and technical assistance

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes:

• Improving and optimizing our Services and user experience
• Conducting analytics and research to enhance platform functionality
• Detecting, preventing, and investigating fraud and security threats
• Maintaining the security and integrity of our systems
• Enforcing our Terms of Service and protecting our legal rights
• Marketing our services to existing customers (soft opt-in)

3.3 Legal Obligation (Article 6(1)(c) GDPR)

Processing is necessary to comply with legal obligations to which we are subject, including:

• Compliance with tax and accounting regulations
• Responding to lawful requests from law enforcement and regulatory authorities
• Maintaining records required by applicable laws
• Compliance with data protection and privacy regulations

3.4 Consent (Article 6(1)(a) GDPR)

Where required by law, we process your personal data based on your explicit consent, including:

• Marketing communications to prospective customers
• Use of non-essential cookies and tracking technologies
• Processing of special categories of personal data (if applicable)
• Sharing data with third parties beyond what is necessary for service provision

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We collect and process the following categories of personal data:

4.1 Account and Identity Data

• Authentication Information: Email address, password (hashed), authentication tokens provided by Clerk authentication service
• Profile Information: Full name, display name, job title, phone number, profile picture
• Organization Information: Organization name, organization ID, role within organization, organization settings and preferences
• Account Settings: Language preferences, notification settings, timezone, user preferences

4.2 Email Communication Data

• Email Messages: Complete email content including subject lines, body text (plain text and HTML), sender and recipient information, CC and BCC recipients, timestamps
• Email Metadata: Message IDs, thread IDs, Gmail labels and tags, read/unread status, importance markers, folder locations
• Email Attachments: Files attached to emails, file names, file types, file sizes, attachment metadata
• AI Processing Data: AI-generated responses, response templates, processing status, automation rules applied, confidence scores
• Email Analytics: Response times, processing duration, automation success rates, email volume statistics

4.3 Third-Party Integration Data

• Gmail Integration: OAuth 2.0 access tokens and refresh tokens (encrypted with AES-256-CBC), Gmail API permissions, email synchronization settings
• Shopify Integration: Store credentials (encrypted), shop domain, API access tokens, customer order data, product information, customer details
• OpenAI Integration: API keys (encrypted), assistant configurations, model preferences, prompt templates, function calling configurations
• Stripe Integration: Customer IDs, subscription information, payment method details (tokenized), billing history, invoice data
• Other Integrations: API credentials for any additional third-party services you connect (all encrypted)

4.4 Financial and Billing Data

• Payment Information: Payment card details (processed and stored by Stripe, not by us), billing address, VAT/tax identification numbers
• Transaction Data: Purchase history, subscription plans, payment amounts, transaction dates, invoice numbers
• Usage Metrics: Ticket usage counts, monthly usage limits, overage calculations, billing cycle information

4.5 Technical and Usage Data

• Device Information: IP address, browser type and version, operating system, device type (desktop/mobile/tablet), screen resolution
• Usage Analytics: Pages visited, features used, time spent on platform, click patterns, navigation paths, session duration
• Performance Data: Page load times, API response times, error rates, system performance metrics
• Cookies and Tracking: Session cookies, authentication cookies, preference cookies, analytics cookies (see Section 11 for details)
• Log Data: Server logs, error logs, security logs, API request logs, automation activity logs

4.6 Communication and Support Data

• Support Requests: Support ticket content, chat transcripts, email correspondence with our support team
• Feedback: Product feedback, feature requests, survey responses, user testimonials
• Marketing Communications: Email marketing preferences, communication history, engagement metrics (opens, clicks)

4.7 Customer Data Processed on Your Behalf

When you use our Services to process emails from your customers, we act as a data processor on your behalf. This data may include:

• Your customers' names and email addresses
• Customer inquiry content and support requests
• Order information and transaction details (if integrated with Shopify)
• Any other personal data contained in customer emails

You remain the data controller for this customer data, and you are responsible for ensuring you have appropriate legal bases and customer consent for processing their data through our Services. We process this data solely on your instructions and in accordance with our Data Processing Agreement.

We use your personal data for the following purposes, based on the legal bases described in Section 3:

5.1 Service Provision and Platform Operation

• Creating, maintaining, and managing your user account and organization
• Authenticating your identity and managing access to the platform
• Processing and analyzing emails using AI technology (OpenAI GPT models)
• Generating automated responses to customer support inquiries
• Managing email workflows, automation rules, and AI assistant configurations
• Synchronizing emails with your Gmail account via Gmail API
• Integrating with Shopify to retrieve order and customer information
• Storing and managing file attachments and macros
• Tracking ticket usage and enforcing subscription limits
• Providing access to the communication hub and ticket management system

5.2 Payment Processing and Billing

• Processing subscription payments through Stripe
• Managing billing cycles and calculating usage-based charges
• Generating invoices and payment receipts
• Handling refunds, chargebacks, and payment disputes
• Enforcing payment terms and collecting outstanding amounts

5.3 Customer Support and Communication

• Responding to your support requests and technical inquiries
• Providing onboarding assistance and training
• Sending transactional emails (account notifications, password resets, billing updates)
• Communicating service updates, new features, and platform changes
• Sending important security alerts and policy updates
• Conducting customer satisfaction surveys and collecting feedback

5.4 Platform Improvement and Analytics

• Analyzing usage patterns to improve user experience and platform functionality
• Conducting A/B testing and feature experiments
• Monitoring platform performance and identifying technical issues
• Developing new features and services based on user needs
• Training and improving AI models for better response quality
• Generating aggregated, anonymized statistics and reports

5.5 Security and Fraud Prevention

• Detecting and preventing fraudulent activities and unauthorized access
• Monitoring for security threats and vulnerabilities
• Investigating and responding to security incidents
• Enforcing our Terms of Service and Acceptable Use Policy
• Protecting the rights, property, and safety of Resolvia, our users, and the public
• Maintaining audit logs for security and compliance purposes

5.6 Marketing and Business Development

• Sending marketing communications about our services (with your consent or under soft opt-in)
• Personalizing marketing content based on your interests and usage
• Conducting market research and competitive analysis
• Promoting new features, special offers, and events
• Managing referral programs and affiliate partnerships

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at info@resolvia.ai.

5.7 Legal Compliance and Business Operations

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from law enforcement and regulatory authorities
• Maintaining records required by tax, accounting, and corporate laws
• Enforcing our legal rights and defending against legal claims
• Facilitating business transactions (mergers, acquisitions, asset sales)

We do not sell your personal data to third parties. We only share your personal data in the following circumstances:

6.1 Service Providers and Processors

We engage trusted third-party service providers to help us operate our platform and provide our Services. These processors act on our behalf and are contractually obligated to process your data only as instructed by us and in compliance with GDPR requirements (Article 28 GDPR). Our key service providers include:

• Clerk (clerk.com): User authentication, identity management, and session management. Data processed: email, name, authentication tokens. Location: United States (EU-US Data Privacy Framework certified).
• OpenAI (openai.com): AI processing for email analysis and automated response generation using GPT models. Data processed: email content, prompts, AI responses. Location: United States. Note: We use OpenAI's API with data processing agreements in place.
• Google LLC (Gmail API): Email synchronization and management. Data processed: Gmail messages, metadata, OAuth tokens. Location: United States (EU-US Data Privacy Framework certified).
• Stripe (stripe.com): Payment processing, subscription management, and billing. Data processed: payment information, billing details, transaction history. Location: United States (EU-US Data Privacy Framework certified).
• Cloudflare R2 (cloudflare.com): Secure file storage for email attachments and file macros. Data processed: uploaded files, file metadata. Location: European Union data centers available.
• Render (render.com): Database hosting and infrastructure services. Data processed: all platform data. Location: European Union (Frankfurt region).
• Vercel (vercel.com): Application hosting and content delivery. Data processed: application data, logs. Location: European Union data centers available.

All service providers are carefully selected based on their security practices, GDPR compliance, and data protection standards. We have Data Processing Agreements (DPAs) in place with all processors handling personal data.

6.2 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your personal data may be transferred to the successor entity or acquiring party. In such cases:

• We will notify you via email and/or prominent notice on our website before your data is transferred
• The successor entity will be bound by the terms of this Privacy Policy
• You will have the opportunity to delete your account before the transfer
• The successor entity must comply with all applicable data protection laws

6.3 Legal Obligations and Law Enforcement

We may disclose your personal data if required or permitted by law, including:

• In response to valid legal processes (court orders, subpoenas, search warrants)
• To comply with applicable laws and regulations
• To respond to lawful requests from public authorities, including law enforcement
• To protect our rights, property, or safety, or that of our users or the public
• To detect, prevent, or investigate fraud, security breaches, or illegal activities
• To enforce our Terms of Service and other agreements

Where legally permitted, we will notify you of such requests and provide you with a copy of the legal demand. We will challenge overbroad or inappropriate requests.

6.4 With Your Consent

We may share your personal data with third parties when you have given us explicit consent to do so. You can withdraw your consent at any time by contacting us.

6.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data is not considered personal data under GDPR and may be used for research, analytics, marketing, or other business purposes without restriction.

Resolvia Ltd. is based in Cyprus, a member state of the European Union. However, some of our service providers are located outside the European Economic Area (EEA), particularly in the United States.

When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place as required by Article 44-50 GDPR:

• EU-US Data Privacy Framework: We rely on service providers certified under the EU-US Data Privacy Framework (Clerk, Google, Stripe) for transfers to the United States.
• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (Decision 2021/914) with service providers not covered by adequacy decisions.
• Additional Safeguards: We implement supplementary measures including encryption, access controls, and regular security assessments to ensure data protection equivalent to EU standards.

You have the right to obtain information about the safeguards we have in place for international transfers and to obtain a copy of the relevant documents by contacting us at privacy@resolvia.ai.

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Article 32 GDPR:

8.1 Technical Security Measures

• Encryption at Rest: All sensitive data (OAuth tokens, API keys, Shopify credentials) is encrypted using AES-256-CBC encryption with user-specific encryption keys derived using PBKDF2 (100,000 iterations).
• Encryption in Transit: All data transmission uses TLS 1.3 encryption with strong cipher suites.
• Database Security: PostgreSQL database with encrypted connections, parameterized queries to prevent SQL injection, and connection pooling with secure credential management.
• Password Security: Passwords are hashed using industry-standard algorithms (bcrypt) and never stored in plain text.
• Secure File Storage: Files are stored in Cloudflare R2 with server-side encryption and signed URLs with time-limited access.
• API Security: Rate limiting, authentication tokens, and secure API key management.

8.2 Organizational Security Measures

• Access Controls: Role-based access control (RBAC) with organization-level data isolation. Employees have access only to data necessary for their job functions.
• Multi-Factor Authentication: MFA available for all user accounts and required for administrative access.
• Security Monitoring: Continuous monitoring of system logs, security events, and anomalous activities with automated alerting.
• Incident Response: Documented incident response procedures with defined escalation paths and notification protocols.
• Regular Audits: Periodic security audits, vulnerability assessments, and penetration testing.
• Employee Training: Regular security awareness training for all personnel with access to personal data.
• Vendor Management: Due diligence and ongoing monitoring of all third-party service providers.

8.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Article 33 GDPR)
• Notify affected individuals without undue delay if the breach is likely to result in a high risk (Article 34 GDPR)
• Provide clear information about the nature of the breach, likely consequences, and measures taken to address it
• Document all data breaches and our response actions

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents and continuously improving our security posture.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements (Article 5(1)(e) GDPR - storage limitation principle).

9.1 Retention Periods by Data Category

• Account and Profile Data: Retained while your account is active. After account deletion, retained for 30 days to allow for account recovery, then permanently deleted.
• Email Data: Processed emails and AI-generated responses are retained for the duration of your active subscription. Upon subscription cancellation, retained for 90 days to allow for service reactivation, then permanently deleted unless you request earlier deletion.
• Integration Credentials: OAuth tokens and encrypted API keys are retained while the integration is active. Immediately deleted upon disconnection of the integration or account deletion.
• Payment and Billing Data: Transaction records, invoices, and payment information retained for 10 years to comply with tax, accounting, and anti-money laundering regulations.
• Usage and Analytics Data: Aggregated, anonymized analytics data retained for up to 3 years for platform improvement and research purposes.
• Activity Logs: Detailed activity logs retained for 12 months for security monitoring and troubleshooting, then archived or deleted.
• Support Communications: Customer support tickets and correspondence retained for 3 years to maintain service quality and handle follow-up inquiries.
• Marketing Data: Marketing preferences and communication history retained until you unsubscribe or request deletion, then retained for 2 years to honor your opt-out preferences.
• Legal and Compliance Data: Data required for legal proceedings or regulatory compliance retained for the duration of the legal obligation plus any applicable statute of limitations period.

9.2 Deletion Procedures

When personal data is no longer needed or when you exercise your right to erasure:

• Data is permanently deleted from our production systems and backups within 90 days
• Encrypted data is rendered unrecoverable by destroying encryption keys
• Data in third-party systems is deleted in accordance with our processor agreements
• Anonymized or aggregated data that cannot identify you may be retained indefinitely

You can request early deletion of your data at any time by contacting privacy@resolvia.ai, subject to our legal obligations to retain certain data.

As a data subject under the GDPR, you have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions and limitations:

10.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with information about:

• The purposes of processing
• The categories of personal data concerned
• The recipients or categories of recipients to whom data has been disclosed
• The envisaged retention period
• Your other rights (rectification, erasure, restriction, objection)
• The right to lodge a complaint with a supervisory authority
• Information about the source of the data (if not collected from you)
• The existence of automated decision-making, including profiling

10.2 Right to Rectification (Article 16 GDPR)

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update most of your account information directly through your account settings.

10.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

This right does not apply when processing is necessary for:

• Compliance with legal obligations
• Establishment, exercise, or defense of legal claims
• Archiving purposes in the public interest, scientific or historical research, or statistical purposes

10.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing when:

• You contest the accuracy of the data (for the period needed to verify accuracy)
• Processing is unlawful but you oppose erasure and request restriction instead
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of our legitimate grounds

10.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV) and to transmit that data to another controller when:

• Processing is based on consent or contract
• Processing is carried out by automated means

10.6 Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data when:

• Processing based on legitimate interests: You can object at any time. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims.
• Direct marketing: You have an absolute right to object to processing for direct marketing purposes at any time, including profiling related to direct marketing.
• Scientific/historical research or statistics: You can object unless processing is necessary for a public interest task.

10.7 Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw consent by:

• Clicking "unsubscribe" in marketing emails
• Adjusting settings in your account dashboard
• Contacting us at privacy@resolvia.ai

10.8 Right to Lodge a Complaint (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of alleged infringement. For Cyprus, the supervisory authority is:

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@resolvia.ai
• Subject line: "GDPR Rights Request - [Your Right]"
• Include: Your full name, email address, and specific request

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

We may request additional information to verify your identity before processing your request. Requests are generally free of charge, but we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

We use cookies and similar tracking technologies to provide, protect, and improve our Services. This section explains what cookies we use and your choices regarding them, in compliance with the ePrivacy Directive 2002/58/EC.

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your browser and capture certain information about your preferences and usage patterns.

11.2 Types of Cookies We Use

Strictly Necessary Cookies (No Consent Required)

These cookies are essential for the operation of our Services and cannot be disabled:

• Authentication Cookies: Managed by Clerk to maintain your login session and verify your identity
• Security Cookies: Protect against cross-site request forgery (CSRF) and other security threats
• Load Balancing Cookies: Ensure proper distribution of traffic across our servers
• Session Cookies: Maintain your session state and preferences during your visit

Functional Cookies (Consent Required)

These cookies enable enhanced functionality and personalization:

• Preference Cookies: Remember your language, timezone, and display preferences
• Feature Cookies: Enable specific features you've activated (e.g., automation settings)

Analytics Cookies (Consent Required)

These cookies help us understand how users interact with our Services:

• Usage Analytics: Track page views, feature usage, and navigation patterns
• Performance Monitoring: Measure page load times and identify technical issues
• A/B Testing: Test different versions of features to improve user experience

11.3 Third-Party Cookies

Some cookies are set by third-party services we use:

• Clerk: Authentication and user management cookies
• Stripe: Payment processing and fraud prevention cookies
• Vercel: Performance and analytics cookies

11.4 Your Cookie Choices

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies. Consult your browser's help documentation for instructions.
• Cookie Consent Banner: Manage your cookie preferences through our consent banner on first visit.
• Account Settings: Adjust analytics and tracking preferences in your account dashboard.

Please note that disabling strictly necessary cookies will prevent you from using our Services. Disabling other cookies may limit functionality and personalization.

Our Services use artificial intelligence (AI) and automated processing to analyze emails and generate responses. This section explains how we use AI and your rights regarding automated decision-making under Article 22 GDPR.

12.1 How We Use AI

• Email Analysis: AI models (OpenAI GPT) analyze incoming email content to understand customer inquiries and intent
• Response Generation: AI generates contextually appropriate responses based on your configured templates, knowledge base, and past interactions
• Email Classification: AI categorizes emails by topic, urgency, and sentiment to route them appropriately
• Shopify Integration: AI retrieves relevant order information and customer data to provide personalized responses

12.2 No Solely Automated Decisions with Legal Effects

We do not make solely automated decisions that produce legal effects or similarly significantly affect you (Article 22(1) GDPR). Specifically:

• AI-generated responses are suggestions that you can review, edit, or reject before sending
• You maintain full control over which emails are processed automatically
• You can disable automation at any time and switch to manual processing
• No decisions about your account, billing, or access are made solely by automated means

12.3 AI Training and Data Usage

Important clarifications about how your data is used with AI:

• No Training on Your Data: Your email content and customer data is NOT used to train OpenAI's models or any other AI systems
• API-Only Processing: We use OpenAI's API with data processing agreements that prohibit using your data for model training
• Temporary Processing: Email content is sent to OpenAI's API only for the duration needed to generate a response, then discarded by OpenAI
• Your Control: You can configure which emails are processed by AI and which require manual handling

12.4 Your Rights Regarding AI Processing

You have the right to:

• Obtain human intervention and review of AI-generated responses
• Express your point of view regarding AI decisions
• Contest AI-generated responses and request manual processing
• Disable AI processing entirely and use manual email handling
• Receive explanations about how AI processes your data

When you use our Services to process emails from your customers, you act as the data controller and we act as your data processor under Article 28 GDPR. Our relationship is governed by our Data Processing Agreement (DPA), which includes:

• The subject matter, duration, nature, and purpose of processing
• The types of personal data and categories of data subjects
• Your obligations and rights as the controller
• Our obligations as the processor, including security measures
• Sub-processor arrangements and your approval rights
• Data subject rights assistance procedures
• Data breach notification requirements
• Deletion and return of data upon termination
• Audit rights and compliance verification

As the data controller for your customer data, you are responsible for:

• Ensuring you have a valid legal basis to process your customers' personal data
• Providing appropriate privacy notices to your customers
• Obtaining necessary consents from your customers
• Responding to data subject rights requests from your customers
• Ensuring compliance with applicable data protection laws

Our full Data Processing Agreement is available upon request at privacy@resolvia.ai or can be accessed through your account dashboard.

Our Services are intended for business use and are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@resolvia.ai. We will take steps to delete such information from our systems within 30 days.

If we become aware that we have collected personal data from a child without appropriate parental consent, we will delete that information as quickly as possible.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if the changes are material or significantly affect your rights
• Display a prominent notice on our platform for 30 days after material changes
• Obtain your consent if required by applicable law

Material changes include:

• Changes to the purposes for which we process personal data
• Changes to the categories of personal data we collect
• Changes to data retention periods
• Addition of new third-party processors or data recipients
• Changes to international data transfer mechanisms
• Changes that reduce your rights or increase our processing activities

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes become effective constitutes acceptance of the updated policy, unless a more explicit form of consent is required by law.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We aim to respond to all inquiries within 5 business days and to fulfill data subject rights requests within one month as required by GDPR.