GDPR Compliant

Privacy Policy

Last updated: December 18, 2024

Important: This Privacy Policy explains how Confidant (operated by KMN SOLUTIONS d.o.o.) collects, uses, and protects your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you use our service:

Account Information: Username, email address, and password (encrypted)
Profile Information: Any additional information you provide in your profile
Chat Data: Messages you send and AI responses you receive
Session Information: Chat session IDs and timestamps
Technical Data: IP address, browser type, device information, and usage analytics

1.2 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: To provide our chat service and maintain your account
Legitimate Interest: To improve our service, ensure security, and prevent fraud
Consent: For optional features and marketing communications (where applicable)
Legal Obligation: To comply with applicable laws and regulations

2. How We Use Your Information

We use your personal information for the following purposes:

Providing and maintaining our chat service
Processing your chat messages and generating AI responses
Managing your account and authentication
Improving our service and user experience
Ensuring security and preventing fraud
Complying with legal obligations
Communicating with you about service updates and important notices

3. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

Service Providers: With trusted third-party service providers who assist us in operating our service (e.g., hosting providers, analytics services)
Legal Requirements: When required by law, court order, or government request
Business Transfers: In connection with a merger, acquisition, or sale of assets
Protection of Rights: To protect our rights, property, or safety, or that of our users

All third-party service providers are contractually obligated to protect your data and use it only for specified purposes.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication measures
Secure data centers and infrastructure
Employee training on data protection
Incident response procedures

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

Account Data: Retained while your account is active and for a reasonable period after deactivation
Chat Messages: Stored for the duration of your account and may be retained for service improvement purposes
Log Data: Typically retained for 12 months for security and debugging purposes
Legal Requirements: Some data may be retained longer if required by law

You can request deletion of your data at any time (see Section 7 - Your Rights).

6. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers:

Adequacy decisions by the European Commission
Standard contractual clauses approved by the European Commission
Other appropriate safeguards as required by GDPR

7. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

Request a copy of your personal data and information about how it's processed.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restriction

Request limitation of processing under certain circumstances.

Right to Portability

Receive your personal data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent where processing is based on consent.

Right to Lodge a Complaint

Complain to your local data protection authority.

To exercise these rights, please contact us using the information provided in Section 9.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies: Required for basic functionality and security
Session Cookies: Maintain your login session and chat state
Analytics Cookies: Help us understand how you use our service (with your consent)

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect service functionality. For more detailed information, please see our Cookie Policy.

9. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

KMN SOLUTIONS, svetovanje, razvoj in raziskave, d.o.o.

Email: privacy@confidant.love

Address: Rovte 113, 1373 Rovte, Slovenia

Tax Number: SI94870438

Registration Number: 7016239000

We will respond to your request within 30 days of receipt.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy on our website
Sending an email notification to registered users
Displaying a notice on our service

Your continued use of our service after such changes constitutes acceptance of the updated policy.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

Note: This Privacy Policy is effective as of the date listed above. Please review it regularly to stay informed about how we protect your information.