Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains how AITEST SRL ("AITEST", "we", "us", "our") collects, uses, and protects personal data when you use AugmentedRetrieval (the "Service") available at https://augmentedretrieval.com.

We are committed to processing personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and Romanian Law no. 190/2018.

1. Data Controller

The data controller is:

AITEST SRL

Str. Constanței nr. 15, Bl. E1, Sc. D, Et. 3, Ap. 59

905700 Năvodari, Constanța County, Romania

Trade Registry: J2024035731001

Fiscal Code (CUI): RO50782124

Email: bogdan@aiduty.dev

For all privacy-related inquiries, contact us at bogdan@aiduty.dev.

2. What Data We Collect

2.1 Data you provide directly

Account information: name, email address, password (hashed), organization name
Billing information: processed by Stripe (we do not store card numbers)
Communications: content of emails, support requests, beta program applications

2.2 Data we process on your behalf ("Customer Content")

Documents you submit for processing: processed in-memory, then immediately deleted from our servers in accordance with our "Process-and-Forget" architecture
Derived embeddings: vector representations generated from your documents, stored in the vector database of your choice (your Pinecone, Supabase, or ChromaDB instance, or ours if you elect managed storage)
API metadata: timestamps, request size, endpoint accessed (for billing and abuse prevention)

2.3 Data collected automatically

Technical data: IP address, browser type, device identifiers, operating system
Usage data: pages visited, features used, session duration
Cookies and similar technologies: see Section 8

3. Why We Process Your Data (Purposes & Legal Basis)

Purpose	Legal Basis (GDPR Art. 6)
Providing the Service	Contract performance (Art. 6(1)(b))
Account creation and authentication	Contract performance (Art. 6(1)(b))
Billing and payment processing	Contract performance + legal obligation (Art. 6(1)(b), (c))
Customer support	Contract performance (Art. 6(1)(b))
Security, fraud prevention, abuse mitigation	Legitimate interest (Art. 6(1)(f))
Product improvement and analytics	Legitimate interest (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a)) — you can opt out anytime
Legal compliance (tax, accounting)	Legal obligation (Art. 6(1)(c))

4. Who We Share Data With (Sub-processors)

We share data only with the following categories of recipients, all bound by data processing agreements:

Sub-processor	Purpose	Location	Safeguards
OpenAI, Inc.	AI model inference for document processing	USA	EU Standard Contractual Clauses
Pinecone Systems, Inc.	Vector database (if managed by us)	USA / EU	EU SCCs + EU region available
Supabase Inc.	Database and authentication	EU (Frankfurt)	Within EU/EEA
Stripe Payments Europe Ltd.	Payment processing	Ireland (EU)	Within EU/EEA
Cloudflare, Inc.	CDN, DDoS protection	Global	EU SCCs
Hosting provider	Infrastructure	EU	Within EU/EEA

We do not sell personal data to third parties.

5. International Data Transfers

Some sub-processors (e.g. OpenAI) are located outside the EU/EEA. Where data is transferred outside the EU, we rely on EU Standard Contractual Clauses adopted by the European Commission, supplemented by additional technical and organizational measures where required.

You can request a copy of these safeguards by emailing bogdan@aiduty.dev.

6. Data Retention

Data Category	Retention Period
Original documents you upload	Deleted immediately after processing (not retained)
Derived embeddings	Until you delete them or close your account
Account data	Duration of account + 30 days after closure
Billing records	10 years (Romanian tax law obligation)
Support communications	3 years after last contact
Server logs	90 days

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15) — request a copy of your data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure (Art. 17) — request deletion ("right to be forgotten")
Right to restriction (Art. 18) — limit how we process your data
Right to data portability (Art. 20) — receive your data in machine-readable format
Right to object (Art. 21) — to processing based on legitimate interest
Right to withdraw consent (Art. 7) — for any consent-based processing
Right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro) or your local EU supervisory authority

To exercise these rights, email bogdan@aiduty.dev. We respond within 30 days.

8. Cookies

We use the following categories of cookies:

Strictly necessary cookies: authentication, session management (no consent required)
Analytics cookies: to understand product usage (consent required)
Functional cookies: to remember your preferences (consent required)

You can manage cookie preferences via the cookie banner shown on first visit, or in your browser settings.

9. Security

We implement appropriate technical and organizational measures including:

TLS 1.3 encryption in transit
Encryption at rest for all stored data
Access controls and least-privilege principles
Regular security audits
Incident response procedures

In the event of a data breach affecting your rights, we will notify you and the supervisory authority within 72 hours as required by GDPR Art. 33-34.

10. Children's Privacy

The Service is not intended for individuals under 16. We do not knowingly collect data from children. If you believe we have, contact us for deletion.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or via prominent notice on the Service at least 30 days before taking effect.

12. Contact

AITEST SRL

Email: bogdan@aiduty.dev

Address: Str. Constanței nr. 15, Bl. E1, Sc. D, Et. 3, Ap. 59, 905700 Năvodari, Romania