Legal document

Privacy Policy

Last updated: February 28, 2026

1. Data Controller

The data controller is:

BH Drums Tomasz Swobboda

VAT/NIP: 6462441658

Email: [email protected]

2. What Data We Collect

When providing SellsAI services, we process the following personal data:

  • Registration data: name, email address, password (encrypted)
  • Store data: store name, domain, API key
  • Payment data: subscription history, Stripe customer ID (card data stored solely by Stripe)
  • Technical data: IP address, browser type, activity logs
  • Conversation data: chat history via AI widget (to the extent necessary to provide services)

3. Legal Basis and Purpose

Contract performance (Art. 6(1)(b) GDPR)

Processing necessary to provide SellsAI services – account management, subscription, AI widget operation.

Legitimate interest (Art. 6(1)(f) GDPR)

System security, fraud prevention, statistical analysis for service improvement.

Legal obligation (Art. 6(1)(c) GDPR)

Issuing invoices and maintaining accounting records in accordance with tax regulations.

Consent (Art. 6(1)(a) GDPR)

Sending marketing communications – only with your explicit consent.

4. Data Recipients

  • Stripe Inc. – payment processor (USA, Standard Contractual Clauses)
  • OpenAI / DeepSeek / Groq – AI language model providers
  • Server infrastructure providers – hosting, CDN
  • Public authorities – upon request, in accordance with applicable law

5. Retention Period

  • Account data: for the duration of the contract + 3 years after termination
  • Invoice data: 5 years from the end of the tax year
  • Technical logs: 90 days
  • Widget conversation data: 12 months or until deleted by the user

6. Your Rights

Under GDPR you have the following rights:

Right of access

You can obtain information about processed data.

Right to rectification

You can correct inaccurate data.

Right to erasure

You can request deletion of your data (right to be forgotten).

Right to restriction

You can limit the scope of processing.

Right to portability

You can receive your data in JSON/CSV format.

Right to object

You can object to processing based on legitimate interest.

To exercise your rights, contact: [email protected]

You also have the right to lodge a complaint with the supervisory authority in your country.

7. Cookies

  • Session (necessary): authentication token (next-auth.session-token) – required for login
  • Preference: selected language
  • No tracking or advertising cookies

8. Security

  • TLS/HTTPS encryption for all data in transit
  • Password hashing (bcrypt)
  • Regular database backups
  • Least-privilege access control

9. Changes

We reserve the right to update this policy. We will notify you of material changes by email or dashboard notification. The date of last update appears at the top of this document.

10. Contact

For data protection inquiries:

[email protected]

BH Drums Tomasz Swobboda · NIP: 6462441658

← HomeTerms of Service[email protected]