1.What data we collect
On sign-up: name, email address, password (stored in hashed form).
Profile data: university, faculty, study programme, thesis topic — used to personalize generated outputs.
Payment data: processed exclusively via Stripe. The operator has no access to card details. We store only a payment identifier and the amount.
Generation inputs: topic, outline, keywords and other text input the User enters into service forms. This data is required to generate the Output.
Technical data: IP address, browser type, access time — collected automatically for security and diagnostics.
2.How we use the data
Service delivery — generating outputs based on User input.
Auto-fill — profile data is pre-filled in forms so the User doesn't have to re-enter the same information.
Billing — payment processing and bookkeeping in line with the law.
Service improvement — anonymized usage statistics to improve quality and reliability.
We do not sell your data to third parties for marketing. We share data only with service providers necessary to run the platform (Stripe, hosting).
3.Your rights
Under Regulation (EU) 2016/679 (GDPR) you have the right to:
Access — request a copy of the personal data we process about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion of your data (right to be forgotten), unless a legal reason to retain it exists.
Portability — receive your data in a structured, commonly used, machine-readable format.
Objection — object to processing based on legitimate interest.
Send all requests to: gdpr@aiprace.sk
We reply within 30 days at the latest.
4.Retention and security
Communication between browser and server is encrypted with HTTPS/TLS.
Passwords are stored using the pbkdf2 hashing function — they cannot be reversed.
Payment data is processed by Stripe, certified under PCI DSS Level 1 — the highest security standard in the payments industry.
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law (e.g. accounting records for 10 years).
In the event of a security incident, affected Users will be notified in line with Art. 34 GDPR.