Effective Date: 17-Feb-2025
Last Updated: 15-Sep-2025
This Privacy Policy describes the policies of ActlysAI (“Company,” “we,” “us,” or “our”), a product of ActlysAI s.r.o., a company registered in the Czech Republic with its registered office at Kiesomyslova 248/5, Nusle, 140 00 Praha 4, regarding the collection, use, and disclosure of your information when you use our website (https://actlys.ai) (the “Service”).
The data controller responsible for your personal data is ActlysAI s.r.o., with its registered office at the address listed above. You may contact us at hey [a] actlys.ai regarding any data protection concerns.
By using the Service, you acknowledge this Privacy Policy. We rely on the legal bases listed below for each purpose, not blanket consent.
We do not knowingly collect or process data from children under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it.
1. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The date at the top of the page shows when it was last revised. Non-material updates take effect when posted. If we make material changes that affect your rights or how we use your personal data, we will provide advance notice by email or in-product message at least 7 days before the changes take effect. By continuing to use the Service after the effective date, you agree to the updated Privacy Policy. We encourage you to review this page regularly to stay informed.
2. Information We Collect
We collect and process the following personal information:
- Name
- Email address
- Wallet address and connected wallet provider
- Payment metadata, transaction IDs, billing country
- Device and log data, IP address, browser, operating system, event logs
- Cookie identifiers and analytics data, only with consent where required
- Any other information you voluntarily provide
3. How We Collect Your Information
We collect your information through the following methods:
- When you connect your wallet using Privy.io
- When you fill out a registration form or submit personal information
- When you interact with our website or application
- From publicly available sources
- Through cookies and similar technologies, see our Cookie Policy
- From third-party services you connect, for example Google, Slack, ClickUp, Notion, crypto wallets
4. How We Use Your Information
We use your personal information for the following purposes:
- Creating and managing your user account
- Providing customer support
- Collecting feedback to improve our services
- Responding to inquiries and resolving issues
- Communicating with you about updates, security alerts, and administrative messages
- Analyzing and improving the performance of our Service
We process your data based on one or more of the following legal grounds:
- Your consent
- Performance of a contract
- Legitimate interests
- Compliance with legal obligations
If we need to use your information for any other purpose, we will obtain your consent before doing so, unless required by law.
AI Model Improvement
We may use anonymized or aggregated usage data (e.g., prompts and responses) to improve our AI models and system performance. No personally identifiable information is used for this purpose unless you provide explicit consent. You can opt out at any time by contacting us.
User Feedback and Communications
If you submit feedback, suggestions, or ideas to us, we may use and retain that information for improving our services, and you agree that such feedback is non-confidential and may be used without compensation or limitation.
4A. Details of Processing
For transparency, we explain how we process personal data:
– Account creation and authentication: We process your email, wallet address, and connected wallet provider ID to set up and manage your account. The legal basis is performance of a contract. Data is retained for as long as you maintain an account and up to 12 months after closure. Recipients include our authentication provider and hosting provider.
– Payments and billing: We process your name, email, transaction details, billing country, and partial payment information to complete purchases and meet accounting obligations. The legal bases are performance of a contract and compliance with legal obligations. Data is retained for 10 years under Czech accounting rules. Recipients include payment processors and accounting tools.
– Service delivery and integrations: When you connect third-party apps, we process identifiers, tokens, and task metadata necessary to perform the actions you request. The legal basis is performance of a contract. Data is retained while the integration is active and up to 30 days after disconnection unless you delete it earlier. Recipients include the integration partners you authorize.
– Security and fraud prevention: We process IP addresses, device details, and activity logs to protect accounts and prevent misuse. The legal basis is our legitimate interests. Data is kept for 12 months, or longer if an incident is under investigation. Recipients include our hosting and security vendors.
– Customer support and communications: We process your contact details and support messages to handle inquiries and issues. The legal bases are performance of a contract and our legitimate interests. Data is retained for 24 months after a ticket is closed. Recipients include our support and communication tools.
– Product analytics and improvement: We process usage events and device information to understand and improve the Service. Where analytics depend on cookies or similar technologies, the legal basis is your consent. For aggregated non-cookie analytics, the basis is our legitimate interests. Data is kept in identifiable form for up to 24 months and then anonymized or aggregated. Recipients include analytics vendors.
– Marketing communications: We process your email and subscription preferences to send updates and offers. The legal basis is your consent, or our legitimate interests where soft opt-in is allowed. Data is retained until you unsubscribe or after 24 months of inactivity. Recipients include our email provider.
– Legal compliance and enforcement: We may process identity data, transaction records, or correspondence where needed to comply with laws or enforce rights. The legal bases are compliance with legal obligations and our legitimate interests. Data is retained for as long as claims may be brought or for the period required by law. Recipients may include regulators, courts, or counsel.
– Some services you connect act as independent controllers for their own processing. Their use of your data is governed by their own privacy policies.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. However, we may share your information in the following circumstances:
(a) With Third-Party Service Providers
We share personal data with processors that help us run the Service, including authentication and identity, payments, hosting and storage, analytics, error monitoring, and customer communications. These providers act on our instructions and may not use your data for their own purposes.
Our current sub-processors are:
- Privy.io
- Google Analytics
- Mixpanel
We will give at least 7 days’ notice before adding or replacing a processor so you can object where applicable.
(b) Legal Compliance and Protection
We may disclose your personal information:
- To comply with legal requirements, law enforcement requests, or court orders
- To enforce our policies, including this Privacy Policy
- To protect the rights, privacy, safety, or property of our company, users, or the public
- In connection with a business transaction such as a merger, acquisition, or sale of assets
6. International Data Transfers
Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other legally permitted mechanisms.
You can contact us to request a copy of the relevant transfer safeguards.
For UK transfers we rely on the UK IDTA or UK Addendum to the SCCs, as applicable.
7. Retention of Your Information
We keep personal data only as long as needed for each purpose. See Section 4A for retention by category. When data is no longer needed, we delete it or anonymize it. We may keep backups for a limited time for security, disaster recovery, and audit.
8. Security of Your Information
We implement reasonable security measures to protect your personal information. While we implement commercially reasonable safeguards, no method of transmission over the internet or electronic storage is completely secure. We encourage you to take precautions when sharing personal information online. We use encryption in transit and at rest, access controls, and regular security logging.
9. Your Rights and Choices
You have the right to access, correct, delete, restrict processing, object, and obtain a copy of your data in a portable format. Where processing is based on consent, you may withdraw consent at any time. We respond within one month of verifying your identity, we may extend by two months for complex requests and will tell you why if we do. You can lodge a complaint with your local authority or the Czech Office for Personal Data Protection. You can opt out of marketing emails at any time using the unsubscribe link in those emails or by contacting us.
10. Third-Party Links and Services
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
11. Contact Us
If you have any questions or concerns about this Privacy Policy, you can contact us at:
ActlysAI
Email: hey [a] actlys.ai
12. Automated Decision Making and Profiling
We do not make decisions based solely on automated processing, including profiling, that produce legal effects for you or similarly significantly affect you within the meaning of Article 22 GDPR.
Our agents may automate tasks that you request, for example sending a message or updating a document, but a human initiates the task and can review or stop it at any time.
If this ever changes, we will notify you in advance and provide meaningful information about the logic involved, the significance and expected consequences, and your rights to obtain human review, to express your point of view, and to contest the decision.