|

Privacy Policy

Last updated: 14. 3. 2026

1. Data controller

The data controller is:

  • Name / Company: THIS IS FINE / Ing. Vojtěch Hujňák, MSc.
  • ID No.: 22018131
  • Registered office: Smetanova 362, 252 25 Jinočany, Czech Republic
  • Email: feedus@thisisfine.ai

The controller is not a VAT payer.

2. What data we process

Depending on the features used, we may process the following categories of data:

Identification and contact data

  • first and last name
  • email address
  • ID number, VSDP (variable symbol for pension insurance)
  • birth number (for the purpose of tax return processing)
  • residential / business address
  • foreign person data (nationality, passport number — if relevant)

Tax and financial data

  • tax overview (income, expenses, flat-rate regime)
  • tax office code, OSSZ code, NACE code
  • tax calculation results and generated XML files

AI conversation data

  • chat conversation history with AI agents
  • cross-agent conversation summaries (agent_memory)
  • user business profile (user_brain) — automatically extracted information from onboarding

Business and content data

  • brand voice profile and questionnaire responses
  • content library (marketing texts, posts)
  • kanban tasks, process checklists

Technical data

  • IP address and technical device information
  • error and performance data (only with consent — see Cookie Policy)

Billing data

  • data processed by the payment service provider Stripe (card number, billing address)

3. Purpose of processing

We process personal data for the purpose of:

  • providing the service and individual AI agent features
  • managing user accounts and authentication
  • processing payments and managing subscriptions
  • generating tax returns and calculations (agent Gary)
  • personalizing content and communication (agents Chuck, Kevin, Jolana)
  • ensuring the security and stability of the system
  • communicating with the customer (email notifications)

4. Legal basis

We process personal data on the basis of:

  • Performance of a contract (Art. 6(1)(b) GDPR) — providing the service, account management, payment processing
  • Legitimate interest (Art. 6(1)(f) GDPR) — ensuring security, preventing misuse
  • Consent (Art. 6(1)(a) GDPR) — analytics cookies, sending marketing communications
  • Legal obligation (Art. 6(1)(c) GDPR) — tax and accounting obligations

We process the birth number exclusively for the purpose of generating tax returns, based on the performance of a contract and to the extent required by the relevant tax forms.

5. Data recipients and processors

Data may be disclosed to the following processors:

ProcessorPurposeLocation
Stripe, Inc.Payment processing and billingUSA / EU
Supabase, Inc.Hosting, database, authentication, edge functionsEU (Frankfurt)
Anthropic, PBCAI model provider (processing of chat conversations)USA
Functional Software, Inc. (Sentry)Error and performance tracking (only with consent)USA
PostHog, Inc.Product analytics and usage tracking (only with consent)EU
Resend, Inc.Transactional email deliveryUSA

6. Transfer of data to third countries

Some data is processed by providers based in the USA (Anthropic, Sentry, Resend, Stripe). These transfers are secured by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and/or an adequacy decision (EU-U.S. Data Privacy Framework).

The database and authentication are hosted in the EU region (Frankfurt) via Supabase. PostHog is hosted in the EU and no analytics data is transferred outside the EU.

7. Data retention period

We retain personal data for the following periods:

  • Account data — for the duration of the account + 30 days after deletion
  • Conversation history — for the duration of the account (deleted with the account)
  • Tax data — 10 years as required by law
  • Billing data — managed by Stripe according to their own retention policies
  • Analytics data (Sentry) — 90 days
  • Analytics data (PostHog) — 1 year
  • Email records — 1 year

8. Automated decision-making and profiling

AI agents process your data in order to provide the service (generating responses, calculations, content). No automated decision-making has legal effects or other significant impact on the user within the meaning of Art. 22 GDPR.

The user always decides on the use of AI outputs and is responsible for them.

9. User rights

As a data subject, you have the right to:

  • access your data — find out what data we process about you
  • rectification — request correction of inaccurate data
  • erasure — request deletion of data (in account settings or via email)
  • data portability — download your data in a machine-readable format (in account settings)
  • restriction of processing
  • object to processing based on legitimate interest
  • withdraw consent — at any time (e.g. consent to analytics cookies in the website footer)
  • lodge a complaint with the Office for Personal Data Protection

To exercise your rights, contact us at feedus@thisisfine.ai. Data export and deletion are available directly in your account settings.

10. Security

We use technical and organizational measures to protect personal data, including:

  • encrypted communication (HTTPS/TLS)
  • database-level access control (Row Level Security)
  • identity verification with each request
  • protection against prompt injection in AI processing
  • cascading deletion of all data upon account deletion

11. Cookies

Information about cookie usage and consent options can be found in the Cookie Policy.

12. Contact

For questions regarding personal data protection, contact us:

feedus@thisisfine.ai

13. Effective date

This policy takes effect on: 14. 3. 2026.

Cookies