Privacy Policy

1. Who We Are

• Company name: COOL BITS S.R.L.
• Registered office: Jud. Iași, mun. Iași, str. Columnei, nr. 14, bl. K4, et. 4, ap. 19, Romania
• Registration number: J22/676/2020
• Tax ID (CUI): 42331573
• Email (privacy): privacy@coolbits.ai

We act as the data controller for personal data processed through CoolBits.ai.

2. Data We Collect

We collect and process the following categories of data:

2.1. Account and Identity Data

When you sign in using Google Sign-In (OAuth), we receive your Google account email address and basic profile information (such as name and profile picture, depending on the permissions you grant). We use this information to create and manage your CoolBits account.

2.2. Usage and Log Data

When you use the Service, we may collect:

• prompts and messages you send to the AI assistant;
• responses generated by the assistant;
• usage metrics, such as token consumption, number of requests, and plan status;
• technical logs (IP address, browser type, timestamps, error logs) for security and debugging.

We use this data to operate, secure, and improve the Service.

2.3. Billing and Payment Data

For paid plans, payments are processed by Stripe. We may receive your name, email, country, partial billing details, subscription status, plan type, and payment metadata. We do not store or process your full payment card details. Stripe handles card information and payment security.

2.4. Cookies and Similar Technologies

We may use cookies or similar technologies to keep you signed in, remember basic preferences, and measure aggregated usage and performance. Where required by law, we will inform you and provide choices regarding non-essential cookies.

3. How We Use Personal Data

We use personal data for the following purposes:

• Account management and authentication – to create and maintain your account, and to allow you to sign in using Google.
• Service delivery – to process your prompts, generate AI responses, track token usage, and manage plan limits.
• Billing and subscriptions – to manage your subscription, process payments through Stripe, and maintain billing records.
• Security and abuse prevention – to monitor logs, detect fraud or misuse, and protect the Service and users.
• Analytics and improvement – to understand how the Service is used and to improve features and performance.
• Legal compliance – to comply with accounting, tax, and other legal obligations.

4. Legal Bases for Processing (EU/EEA Users)

Where GDPR applies, we rely on the following legal bases:

• Performance of a contract – processing necessary to provide the Service (account setup, authentication, usage tracking, billing).
• Legitimate interests – improving the Service, ensuring security, preventing abuse, and maintaining logs in a proportionate way.
• Legal obligations – compliance with accounting, tax, and other legal requirements.
• Consent – where required for certain cookies or optional analytics.

5. How We Share Personal Data

We do not sell your personal data.

We may share personal data with:

• Service providers / processors, such as hosting and infrastructure providers, payment processors (Stripe), and logging or monitoring services. These entities are required to protect personal data and use it only for the services they provide to us.
• Authorities, where required by law or in response to valid legal requests.

6. International Data Transfers

We may store and process data on servers located in the European Union and/or other countries. When data is transferred outside the European Economic Area (EEA), we take appropriate measures to ensure an adequate level of protection, such as relying on standard contractual clauses or equivalent safeguards where required.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including:

• account data – for as long as your account is active and for a reasonable period thereafter;
• billing data – for the period required by tax and accounting laws;
• logs and usage data – for a period consistent with security, troubleshooting, and analytics needs.

When data is no longer needed, we will delete or anonymize it, unless we are legally required to keep it longer.

8. Your Rights (EU/EEA)

If you are in the European Union or another region with similar laws, you may have the following rights:

• Access – to obtain a copy of your personal data.
• Rectification – to correct inaccurate or incomplete data.
• Deletion – to request deletion of your data in certain circumstances.
• Restriction – to request restriction of processing in certain cases.
• Portability – to receive your data in a structured, commonly used format and have it transferred to another controller.
• Objection – to object to processing based on legitimate interests.
• Withdraw consent – where processing is based on consent (for example, some cookies), you may withdraw that consent at any time.

To exercise these rights, contact us at privacy@coolbits.ai. We may need to verify your identity before responding.

9. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, or misuse, including:

• encrypted connections (HTTPS);
• access controls on servers and internal systems;
• logging and monitoring of critical operations.

No system is completely secure, and we cannot guarantee absolute security, but we work continuously to improve our protections.

10. Children’s Privacy

The Service is not intended for children under 16, and we do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the Service or by email, where appropriate. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

12. Contact

For questions or requests related to this Privacy Policy or your personal data, please contact:

Email: privacy@coolbits.ai
COOL BITS S.R.L., Jud. Iași, mun. Iași, str. Columnei, nr. 14, bl. K4, et. 4, ap. 19, Romania