Privacy Policy

Sapience AI s.r.o. ("Sapience AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.sapienceai.eu and use our GPU cloud infrastructure services.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us, including:

• Name and contact information (email, phone number, company name)
• Account credentials (username, password)
• Payment information (processed securely through Stripe)
• Company information and industry details
• GPU reservation and service preferences
• Communications with our support team

1.2 Technical Information

We automatically collect certain information when you use our services:

• IP address and location data
• Browser type and version
• Device information
• Usage data and analytics (via Google Analytics)
• Log files and error reports
• API usage and performance metrics

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. You can control cookie preferences through your browser settings.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our GPU cloud services
• To process reservations and payments
• To communicate with you about services, updates, and promotions
• To provide customer support and respond to inquiries
• To monitor usage and prevent fraud or abuse
• To comply with legal obligations and enforce our terms
• To analyze usage patterns and improve our platform

3. Data Storage and Security

3.1 EU Data Residency

All personal data is stored within the European Union, primarily in our Tier 3 data centers located in Bratislava, Slovakia. We use Neon PostgreSQL databases hosted in EU-Central-1 (Frankfurt) and US-East-1 regions.

3.2 Security Measures

We implement industry-standard security measures including:

• 256-bit SSL/TLS encryption for data in transit
• Encrypted databases and storage systems
• Multi-tenant architecture with hardware-level isolation
• Regular security audits and penetration testing
• SOC 2 Type II and ISO 27001 compliance (in progress)
• Access controls and authentication mechanisms

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Stripe (payment processing), AWS SES (email delivery), Google (authentication and analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

5. Your Rights Under GDPR

As a European-based company, we comply with the General Data Protection Regulation (GDPR). You have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, contact us at privacy@sapienceai.eu

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Typically:

• Account data: Duration of account plus 7 years for financial records
• Reservation data: 7 years for contractual and tax purposes
• Support communications: 3 years after resolution
• Analytics data: Anonymized after 26 months

7. Third-Party Services

Our website and services integrate with third-party providers:

• Stripe: Payment processing (PCI-DSS compliant)
• Google OAuth: Authentication services
• Google Analytics: Website analytics
• AWS SES: Email delivery

These services have their own privacy policies. We encourage you to review them.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

While we primarily operate within the EU, some service providers (like Stripe and Google) may process data outside the EU. In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications for material changes

Your continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred. In Slovakia, the supervisory authority is: