How we protect your data.

Full GDPR + Romanian law compliance. Read once — come back any time via the footer.

Effective: 2026-05-12·← Home

Introduction

This Privacy Policy describes how Electrolyzed.AI ("we", "controller") collects, uses, and protects your personal data when you use our platform, in accordance with the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian law.

We are an AI productivity, wellness-education, and business-support platform. We do not provide medical, legal, or financial advice.

Data controller

The data controller is Electrolyzed.AI.

Contact: electrolyzedai@gmail.com

Address: Romania (EU). Full registered address available on written request.

Data we collect

We collect only the data needed to deliver the service. Main categories:

Account: email, password (bcrypt-encrypted), name (optional), preferred language.
AI conversations: your messages and AI-generated replies — stored to build your personal history and let the AI learn your style.
Personal AI memory: preferred tone, reply length, goal, language (auto or locked), reply feedback (👍 👎 ⚡ 🤝 ✂️).
Hydration data: approximate weight, age, gender, climate, wellness goal (voluntarily entered to personalise the daily protocol).
Business audit: URLs and screenshots you upload — we keep only the result, not the screenshots themselves.
WhatsApp integration: your business number, Twilio connection, inbound/outbound messages (only if you connect the feature).
Payments: Stripe handles payments — we never see your card number. We receive only: Stripe customer ID, subscription status, renewal date.
Affiliate: your unique affiliate code, clicks on your link (attribution cookie), commissions earned, payouts made.
Usage: routes visited, agent used, message count (for rate limiting).
Technical: IP address, browser user agent, device ID (for security and anti-fraud).

Legal basis for processing

We process your data on the following legal bases (GDPR Art. 6):

Contract performance — to deliver the service you bought or accessed free.
Consent — for non-essential cookies, marketing communications, optional data sharing.
Legitimate interest — for security, fraud prevention, product improvement (balanced against your rights).
Legal obligation — for accounting and fiscal records (Romanian law).

AI usage and AI-generated content

We use AI models (Anthropic Claude) to generate replies, daily plans, audits, and message suggestions. AI content is informational and educational — it does NOT constitute medical, legal, financial, or professional advice.

Your conversations are sent to the Anthropic API for inference. Per Anthropic's terms, conversations are NOT used to train their models.

AI can produce inaccuracies ("hallucinations"). You must independently verify critical information before acting on it.

Cookies and tracking

We use cookies and similar technologies. The categories we use are shown in the consent modal ("Cookie Settings" in the footer).

Strictly necessary cookies load without consent (justification: required to deliver the service). All others load ONLY after you explicitly choose "Accept all" or "Customize".

Subprocessors

The following providers may process personal data on our behalf:

Anthropic (Claude API): AI model inference for chat agents, hydration intelligence, business audit · United States · EU-US Data Privacy Framework participant
Stripe: Subscription billing, payment processing · Ireland (EU) + United States
Vercel: Application hosting, edge delivery, serverless functions · European regions for compute · global CDN
Neon (Vercel Postgres): Primary application database · EU (Frankfurt)
Twilio: WhatsApp Business message delivery (only when feature connected) · Ireland (EU) + United States
Upstash (Redis): Rate limiting + ephemeral cache (no PII) · EU

International transfers

Some processors (Anthropic, Stripe, Twilio) may process data in the United States. They participate in the EU-US Data Privacy Framework or rely on Standard Contractual Clauses (SCC) approved by the European Commission.

We do not transfer data to countries that lack adequate protection under GDPR.

Retention periods

We retain data only as long as needed for the purpose of collection:

Account data: While the account exists + 90 days after deletion request
AI conversation history: While the account exists; deletable any time from Settings
Billing records: Up to 10 years (Romanian fiscal law)
Affiliate commissions: Up to 10 years for accounting purposes
Server logs: 30 days rolling
Analytics aggregates: 13 months (industry standard)

Your rights (GDPR)

You have the following rights regarding your personal data:

Access: Get a copy of your personal data
Rectification: Correct inaccurate data about you
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interest
Withdraw consent: Withdraw consent at any time, without affecting prior processing
Lodge complaint: Complain to ANSPDCP (Romania) or your local DPA

How to exercise your rights

For most rights, you can act yourself from Settings → Account:

"Request data export" — get a JSON file with all your data.
"Request account deletion" — we delete the account and all associated data within 30 days.
For any other request, email electrolyzedai@gmail.com.
We respond within 30 days, in the language you contact us in.

Security measures

We apply reasonable technical and organisational measures:

TLS encryption for all traffic.
Passwords stored bcrypt-hashed (never in plaintext).
Session tokens signed JWT with rotation.
Daily encrypted backups.
Restricted database access.
Automated anti-fraud monitoring.

Breach notification

In case of a security incident affecting your data and posing high risk to your rights, we will notify you within 72 hours, per GDPR Art. 33-34. We will also notify ANSPDCP if required.

Minors

The service is not directed at people under 16. We do not knowingly collect data from minors. If you learn that a minor has provided data, please contact us for immediate deletion.

Complaints

If you have concerns about how we process your data, please contact us first (electrolyzedai@gmail.com). You have the right to lodge a complaint with the supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) · www.dataprotection.ro

Changes to this policy

We may update this Policy from time to time. Material changes will be announced via email and/or an in-app banner at least 14 days before they take effect. The current version date is shown at the bottom of the page.