Legal Document

Privacy
Policy

Last updated: February 1, 2026

1. Introduction

AllAI (hereinafter referred to as "we", "our", or "the Company") operates the allai.ro platform, a SaaS chatbot and voicebot solution powered by artificial intelligence. This Privacy Policy describes how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable Romanian legislation, including Law no. 190/2018.

This policy applies to all users of the AllAI platform, visitors to our website, and individuals whose data is processed through the chatbots and voicebots of our clients.

2. Data Controller

The personal data controller is:

  • Company: AllAI
  • Website: allai.ro
  • Contact email: contact@allai.ro
  • Headquarters: Romania, European Union

3. Data We Collect

We collect the following categories of personal data:

3.1. Data provided directly by you

  • Account information: first name, last name, email address, phone number, company name
  • Billing data: address, tax ID, information necessary for issuing invoices
  • Uploaded content: documents, texts, files used for training AI agents
  • Communications: messages sent to our support team

3.2. Automatically collected data

  • IP address, browser type, operating system
  • Pages visited, session duration, referral source
  • Cookie data and similar tracking technologies

3.3. Conversation data

  • Logs of conversations conducted through chatbots and voicebots created on our platform
  • Lead information captured by AI agents (name, email, phone, questions)
  • Voice recordings (only for voicebots, with prior consent)

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

  • Contract performance (Art. 6(1)(b) GDPR): providing AllAI services, account management, payment processing, technical support
  • Legitimate interest (Art. 6(1)(f) GDPR): platform improvement, security analysis, fraud prevention, direct marketing to existing customers
  • Consent (Art. 6(1)(a) GDPR): sending marketing communications, use of non-essential cookies, voice recordings
  • Legal obligation (Art. 6(1)(c) GDPR): maintaining accounting records, responding to legal requests

5. Data Sharing

We do not sell your personal data to third parties. We may share data with:

  • Cloud infrastructure providers: data centers located in the EU (Germany, Netherlands) for platform hosting
  • Payment processors: PCI-DSS compliant providers for transaction processing
  • AI model providers: for natural language processing, with DPA agreements in place
  • Analytics services: for monitoring platform performance
  • Competent authorities: when there is a legal obligation or an official request

All third-party data processors have signed Data Processing Agreements (DPA) and provide adequate protection guarantees in accordance with GDPR.

6. International Data Transfers

Your data is stored on servers located in the European Union. In the event that a data transfer outside the European Economic Area is necessary (for example, to AI model providers), we ensure that adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

7. Data Retention Period

  • Account data: for the entire duration of the active account and 30 days after its deletion
  • Conversation logs: according to the period configured by the client (between 30 and 365 days)
  • Billing data: 10 years according to Romanian tax legislation
  • Cookies: according to the durations specified in the Cookie Policy
  • Voice recordings: maximum 90 days, unless the client configures a shorter period

8. Your Rights

In accordance with GDPR, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can request correction of inaccurate or incomplete data
  • Right to erasure — you can request the deletion of personal data (“right to be forgotten”)
  • Right to restriction of processing — you can request limitation of how we process your data
  • Right to data portability — you can receive your data in a structured, commonly used format
  • Right to object — you can object to the processing of your data in certain situations
  • Right not to be subject to automated decisions — including profiling with legal effects

To exercise these rights, please contact us at contact@allai.ro. We will respond within 30 days of receiving your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including: AES-256 encryption for stored data, TLS 1.3 protocol for data in transit, two-factor authentication, role-based access control, continuous security monitoring, and periodic security audits.

10. Data Processing in the AI Context

The AllAI platform uses artificial intelligence technologies for natural language processing. We note that:

  • Conversation content is processed to generate relevant responses
  • Training data uploaded by clients is used exclusively for their respective chatbot
  • We do not use your data for training general AI models without explicit consent
  • Voice recordings are processed according to privacy standards and deleted after the configured period

11. Complaints

If you believe your rights have been violated, you have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP), headquartered in Bucharest, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, website: www.dataprotection.ro.

12. Policy Changes

We reserve the right to update this Privacy Policy periodically. Any significant changes will be communicated by email or through a notification on the platform. We recommend checking this page periodically.

For questions or requests related to data privacy, you can contact us at contact@allai.ro.