Privacy Policy
On data we collect and how we use them
OpinioAI, run and managed by OpinioAI International s.r.o (registered in Brno, Czech Republic with ID (IČO) 19983328; ‘OpinioAI’ or ‘We’ afterwards) is committed to respecting your privacy.
1. Our Commitment to Your Privacy
OpinioAI International s.r.o. (“OpinioAI,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains what personal data we collect, how we use and protect it, and the rights you have in relation to your information when you use our website (www.opinio.ai) and our research platform (collectively, the “Services”).
As a company registered in Brno, Czech Republic, we are the Data Controller for your information and process it in full compliance with the EU’s General Data Protection Regulation (GDPR).
2. The Information We Collect
We collect information that is necessary to provide and improve our Services.
A. Information You Provide Directly:
-
Account Information: When you register for an account, we collect your name and email address.
-
Payment Information: When you subscribe to a paid plan, our secure payment processor (Stripe) collects your payment details. OpinioAI does not receive or store your full credit card information.
-
Communications: When you contact us for support or inquiries, we collect your contact information and the content of your messages.
-
User-Generated Content: Any data you voluntarily provide within our platform, such as research queries, persona definitions, and reports. We strongly advise that you do not include any sensitive personal data (e.g., health information, political opinions) in this content, as our platform is not designed to process it.
B. Information We Collect Automatically:
-
Usage Data & Cookies: When you use our Services, we automatically collect certain information through cookies and similar technologies, such as your IP address, browser type, device information, and pages visited. This helps us analyze performance and improve your experience.
3. Legal Basis and Purpose for Using Your Information
We only use your personal data when we have a valid legal basis to do so under GDPR.
| Purpose of Processing | Type of Data Used | Legal Basis |
| To Provide Our Services | Account Info, Payment Info, User-Generated Content | Performance of a Contract (to fulfill our terms of service with you) |
| To Improve Our Services | Usage Data & Cookies | Legitimate Interest (to enhance our platform for our users) |
| For Marketing & Communications | Account Info, Communications, Email | Consent (where we ask for your permission to send promotional emails or if you leave email for support purposes) |
| For Security & Legal Compliance | All relevant data | Legal Obligation (to comply with laws and protect our platform) |
4. How We Share and Disclose Information
We do not sell your personal data. We only share information with trusted third parties (subprocessors) who are essential to delivering our Services.
-
Infrastructure & Platform Providers: We use leading cloud providers for secure hosting, database management, and user authentication.
-
AI Model Providers: To power our platform’s core functionality, we send your query data to third-party AI providers via a secure API. Our binding agreements with these providers strictly prohibit them from using your data to train their models.
-
Payment Processors: We use a secure, PCI-compliant payment processor to handle subscriptions.
-
Communication & Analytics Tools: We use third parties to send service emails and to analyze website traffic to improve our Services.
For a full list of our key subprocessors and links to their Data Processing Addendums (DPAs), please see Section 12 of this policy.
5. Data Security
We take the security of your data very seriously. We implement and maintain robust technical and organizational security measures designed to protect your information from unauthorized access, loss, or destruction. These measures include:
-
Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256.
-
Access Controls: Access to your data is strictly limited to authorized personnel on a need-to-know basis, with two-factor authentication enforced for all critical systems.
-
Incident Response: We have a formal Incident Response Plan to promptly address any potential data breaches.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. We keep your account information as long as your account is active. After you close your account, we may retain some data to comply with legal obligations, resolve disputes, or enforce our agreements, after which it will be securely deleted. Data you delete within the platform is permanently removed from our active systems.
7. International Data Transfers
Your data is primarily processed and stored on secure servers located within the European Union (EU). However, some of our subprocessors are based in other countries. When we transfer your data outside the EU, we ensure it receives an equivalent level of protection through legally-recognized transfer mechanisms, such as the European Commission’s Standard Contractual Clauses (SCCs).
8. Your Data Protection Rights Under GDPR
You have comprehensive rights over your personal data. We are committed to facilitating these rights.
-
The Right to Access: You have the right to request a copy of the personal data we hold about you.
-
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete any information you believe is incomplete.
-
The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
-
The Right to Restrict Processing: You have the right to request that we limit the processing of your personal data, under certain conditions.
-
The Right to Object to Processing: You have the right to object to our processing of your personal data, particularly where we rely on “legitimate interest” as our legal basis.
-
The Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
-
The Right to Withdraw Consent: Where we rely on your consent for processing (e.g., for marketing emails), you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at support@opinio.ai. We will respond to your request in accordance with applicable data protection laws.
9. Cookies Policy
Cookies are small text files placed on your device. We use them to operate our site, understand user behavior, and for marketing.
-
Strictly Necessary Cookies: These are essential for the website to function (e.g., security, user logins).
-
Analytics Cookies: We use these to collect anonymous information about how visitors use our site (e.g., via Google Analytics) to help us improve it.
-
Advertising Cookies: These help us and our partners deliver relevant ads about our Services to you on other websites.
-
Affiliate Cookies: These are used to credit our affiliate partners for referrals.
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.
10. Children’s Privacy
Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice.
12. Our Subprocessors
For full transparency, here are our key subprocessors:
-
Google Cloud (Firebase): Infrastructure & Database. Cloud Data Processing Addendum | Google Cloud Documentation.
-
Digital Ocean, LLC: Application Hosting. Legal – Data Processing Agreement.
-
OpenAI, L.L.C.: AI Models. Data processing addendum | OpenAI.
-
Google LLC (Gemini): AI Models. Gemini API Additional Terms of Service | Google AI for Developers.
-
Anthropic, PBC: AI Models. Data Processing Addendum \ Anthropic.
-
Brevo: Email Communications. Brevo Terms of Service. DPA in the annex.
-
Stripe, Inc.: Payment Processing. Data Processing Agreement between Stripe and Stripe User.
- Smartsupp, Live Chat Support. Data Processing Terms.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: support@opinio.ai.
14. Supervisory Authority
If you have unresolved concerns, you have the right to file a complaint with your local data protection authority. Our lead supervisory authority is the Czech Republic’s Office for Personal Data Protection (posta@uoou.cz).