PrivacyPolicy

Your privacy is important to us. Learn how we protect your data.

Last updated: January 9, 2025

1. Introduction

Emerlya AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

Personal Information

  • Email address
  • Name (optional)
  • Payment information (processed securely via Stripe)
  • Usage data and analytics

Content Data

  • Documents you upload
  • Brand configurations
  • Generated content
  • Prompts and queries

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide our services as agreed in our Terms of Service
  • Legitimate Interests: To improve our services and ensure security
  • Consent: For marketing communications (you can opt-out anytime)
  • Legal Obligations: To comply with applicable laws

4. How We Use Your Information

  • Provide and maintain our service
  • Process payments and manage subscriptions
  • Generate AI-powered content based on your specifications
  • Improve and personalize your experience
  • Send service updates and notifications
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Data Storage and Security

Your data is stored securely using industry-standard encryption. We use:

  • Supabase for database storage (EU servers)
  • Pinecone for vector embeddings
  • SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and updates

6. Your Rights Under GDPR

As an EU resident, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit processing of your data
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at: privacy@emerlya.com

7. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Stripe (payments), OpenAI (AI processing)
  • Legal Requirements: When required by law or court order
  • Business Transfers: In case of merger or acquisition (with notice)

8. Data Retention

We retain your data only as long as necessary:

  • Account data: Until account deletion
  • Content data: 30 days after deletion request
  • Payment records: As required by tax laws (typically 7 years)
  • Analytics: Anonymized after 2 years

9. International Transfers

Your data is primarily stored in the EU. When we transfer data outside the EU, we ensure appropriate safeguards through Standard Contractual Clauses or adequacy decisions.

10. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

11. Cookies

We use essential cookies for authentication and functionality. For details, see ourCookie Policy.

12. Updates to This Policy

We may update this policy periodically. We will notify you of significant changes via email or prominent notice on our service.

13. Contact Information

Data Controller: Emerlya AI B.V.

Email: privacy@emerlya.com

Address: Amsterdam, Netherlands

Data Protection Officer: dpo@emerlya.com

14. Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your privacy rights.

Questions About Your Privacy?

We're here to help. Contact us with any privacy-related questions.