Privacy Policy
AI100.io — Brand Visibility Benchmark
Last updated: May 12, 2026
ECONDATA TECHSCRIBE LTD, a private limited company registered in the Republic of Cyprus, registration number HE 455945, registered address Peiraios 30, Floor 1, Flat/Office 1, Strovolos 2023, Nicosia ("Company", "we", "us", or "our") is the data controller responsible for the processing of your personal data when you use the AI100.io website and services ("Service").
We are committed to protecting your privacy and processing your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and Cyprus Law 125(I)/2018 on the Protection of Natural Persons with regard to the Processing of Personal Data.
1. Data Controller
ECONDATA TECHSCRIBE LTD Registration number: HE 455945 VAT: CY60046398P Registered address: Peiraios 30, Floor 1, Flat/Office 1, Strovolos 2023, Nicosia, Cyprus Email: [email protected] Director: Vitalis Makris
If you have any questions about this Privacy Policy or our data processing practices, please contact us at the email address above.
2. Personal Data We Collect
2.1. Data you provide directly
| Data category | Examples | Purpose |
|---|---|---|
| Brand and website data | Brand name, website URL, region, language, category | Executing Research Runs |
| Access Key | Your personal key credential | Authentication and access management |
| Communication data | Email address, message content (if you contact us) | Responding to inquiries and providing support |
| Payment confirmation | Transaction reference, payment status (received from payment processor) | Verifying payment and activating Access Keys |
2.2. Data collected automatically
| Data category | Examples | Purpose |
|---|---|---|
| Language preference | Cookie value: ai100_lang (en/ru/de/fr/es) |
Maintaining interface language |
| Session data | Encrypted session identifier cookie | Maintaining authenticated session |
| Cookie consent state | Cookie value: ai100_cookies_consent (accepted / declined) |
Storing your choice so the banner is not shown repeatedly |
| Server logs | IP address, browser type (User-Agent), referring page, timestamp, pages visited | Security monitoring, debugging, abuse prevention |
| Analytics data (with consent) | Aggregate page-view events via Google Analytics 4 | Measuring traffic patterns. See Section 5.5 for details. |
2.3. Data we do not collect
- We do not collect personal names, physical addresses, phone numbers, or government-issued identifiers through the Service itself.
- We do not receive or store credit card numbers, bank account details, or cryptocurrency wallet addresses. All payment data is processed exclusively by our third-party payment providers (see Section 5).
- We do not use retargeting pixels, advertising trackers, or browser fingerprinting technologies.
- We do not collect or process personal data of your customers or visitors to your website.
- Beyond the analytics cookies described in Section 5.5 (which load only with your consent), we do not embed third-party tracking.
3. Legal Bases for Processing
Under Article 6(1) of the GDPR, we process your personal data based on the following legal grounds:
| Legal basis | Data processed | Purpose |
|---|---|---|
| Performance of contract (Art. 6(1)(b)) | Brand data, Access Key, session data, payment confirmation | Delivering the Service: executing Research Runs, generating Reports, maintaining your access |
| Legitimate interest (Art. 6(1)(f)) | Server logs, IP addresses | Security monitoring, fraud prevention, debugging, Service stability. Our legitimate interest is maintaining Service security and integrity. We have assessed that this processing does not override your rights and freedoms. |
| Consent (Art. 6(1)(a)) | Language preference cookie | Storing your language choice for a better experience. You may withdraw consent at any time by clearing your browser cookies. |
| Legal obligation (Art. 6(1)(c)) | Transaction records, invoicing data | Compliance with Cyprus accounting and tax regulations |
4. How We Use Your Data
We use your personal data strictly for the purposes described below. We do not use your data for profiling, automated decision-making, or direct marketing.
- Delivering the Service: Processing brand/website data through AI models, calculating scores, and generating Reports.
- Access management: Authenticating sessions, tracking run usage against key balance, and verifying payment status.
- Service operations: Server monitoring, security incident detection, debugging, and infrastructure maintenance.
- Methodology improvement: We may analyze aggregated, non-identifiable research patterns to improve our scoring methodology. Individual brand data is never used for this purpose in identifiable form.
- Legal compliance: Maintaining financial records as required by Cyprus law.
- Communication: Responding to your inquiries if you contact us.
5. Third-Party Data Processors
We share personal data with the following categories of third-party processors, solely for the purposes described. We have ensured that all processors provide adequate safeguards for your data.
5.1. AI model providers
To execute research scenarios, we send queries to third-party AI model APIs. As of the latest update, our active providers are:
| Provider | Region | Privacy policy |
|---|---|---|
| OpenAI, LLC | USA | https://openai.com/privacy |
| Google LLC (Gemini API) | USA | https://policies.google.com/privacy |
| xAI Corp. | USA | https://x.ai/legal/privacy-policy |
| DeepSeek AI | China | https://deepseek.com/privacy |
These queries contain category descriptions and research scenarios derived from brand data. We do not transmit Access Keys, session data, email addresses, or any personal identifiers to AI model providers.
Transfer mechanism: Standard Contractual Clauses (SCCs) for non-EU/EEA providers; EU-US Data Privacy Framework where applicable.
We may add or replace AI model providers over time as the methodology evolves. The list above reflects current production providers and is updated when changes occur.
5.2. Payment processors
| Provider | Data they process | Privacy policy |
|---|---|---|
| NOWPayments | Cryptocurrency transaction data (payment amount, currency, transaction reference). We do not receive or store wallet addresses. | https://nowpayments.io/privacy-policy |
We receive only payment confirmation and transaction references from this provider. We do not receive, store, or process your payment instrument details (wallet addresses, transaction signatures).
5.3. Hosting provider
The Service is hosted on dedicated servers provided by Hetzner Online GmbH, located in Germany (EU). All personal data is stored within the European Economic Area.
Hetzner privacy policy: https://www.hetzner.com/legal/privacy-policy
5.4. CDN and security
We use Cloudflare, Inc. (USA) for DDoS protection and content delivery. Cloudflare may process IP addresses and request metadata in transit. Cloudflare is certified under the EU-US Data Privacy Framework.
Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/
5.5. Analytics provider
We use Google Analytics 4, provided by Google LLC (USA) and, for EEA visitors, Google Ireland Limited (Ireland), to measure aggregate traffic patterns across our service. Google Analytics sets cookies (_ga, _ga_<property-id>) on your device to recognize returning visitors and to count unique sessions.
What we collect: anonymized page-view events, session duration, referring page, browser type, approximate geographic region. IP addresses are truncated by Google before processing.
What we do NOT collect through analytics: your name, email address, Access Key, brand data submitted for Research Runs, or any personally identifying information.
Legal basis: consent (Art. 6(1)(a) GDPR + ePrivacy Directive Art. 5(3)). Google Analytics loads only after you accept cookies through the consent banner. If you decline, no analytics cookies are set and no data is sent to Google.
Transfer mechanism: EU-US Data Privacy Framework certification (Google) and Standard Contractual Clauses.
Google's privacy policy: https://policies.google.com/privacy
You can withdraw consent at any time by clearing your browser cookies for ai100.io. See our Cookie Policy at /cookies for details.
6. International Data Transfers
Your personal data is primarily stored and processed on servers located in Germany (EU). Some personal data may be transferred outside the EEA in connection with the following services:
| Recipient | Country | Safeguard |
|---|---|---|
| OpenAI, LLC | USA | Standard Contractual Clauses (SCCs) |
| Google LLC (Gemini API, Analytics) | USA | EU-US Data Privacy Framework + SCCs |
| xAI Corp. | USA | Standard Contractual Clauses (SCCs) |
| DeepSeek AI | China | Standard Contractual Clauses (SCCs) |
| Cloudflare, Inc. | USA | EU-US Data Privacy Framework + SCCs |
We only transfer data outside the EEA where adequate safeguards are in place, in accordance with Chapter V of the GDPR.
7. Data Retention
| Data category | Retention period | Rationale |
|---|---|---|
| Research data and Reports | Duration of active Access Key + 12 months | Allowing continued access to past results |
| Server logs | 90 days | Security monitoring and debugging |
| Payment and transaction records | 7 years | Cyprus tax and accounting law |
| Communication records | 2 years from last communication | Support continuity |
| Session cookies | Expire within days of inactivity | Technical necessity |
| Language preference cookie | Until cleared by user | User convenience |
After the retention period expires, data is deleted or irreversibly anonymized. Aggregated, non-identifiable statistical data may be retained indefinitely.
8. Cookies
We use a small set of cookies. The strictly necessary cookies are set automatically; analytics cookies are set only after you grant consent through the cookie banner.
| Cookie | Type | Purpose | Duration | Legal basis |
|---|---|---|---|---|
ai100_lang |
Preference | Language selection (en/ru/de/fr/es) | Persistent | Consent |
ai100_cookies_consent |
Strictly necessary | Stores your cookie banner choice (accepted / declined) |
Persistent | Contract performance / legitimate interest |
| Access session cookie | Strictly necessary | Maintains authenticated session | Session / several days | Contract performance |
_ga, _ga_<property-id> |
Analytics | Google Analytics 4 — distinguishes returning visitors, counts unique sessions | Up to 2 years | Consent |
When you first visit the site, we display a cookie consent banner. Analytics cookies (_ga, _ga_<property-id>) load only after you click Accept. If you decline, no analytics cookies are set and Google Analytics is not loaded.
You can withdraw consent at any time by clearing your browser cookies for ai100.io. See our Cookie Policy at /cookies for a complete list and instructions.
9. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you. |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete data. |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. |
| Restriction (Art. 18) | Request that we restrict the processing of your data in certain circumstances. |
| Data portability (Art. 20) | Receive your data in a structured, machine-readable format. Reports are already available in HTML, XLSX, and CSV. |
| Object (Art. 21) | Object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds. |
| Withdraw consent (Art. 7(3)) | Withdraw consent for preference cookie at any time by clearing your browser cookies. Withdrawal does not affect the lawfulness of prior processing. |
How to exercise your rights
Contact us at [email protected] with your request. We will verify your identity (e.g., by confirming your Access Key or other identifying information) and respond within 30 days. If your request is complex or we receive a high volume of requests, we may extend this period by up to two additional months, and we will inform you of any such extension.
Exercising your rights is free of charge. In cases of manifestly unfounded or excessive requests, we may charge a reasonable fee or refuse to act, as permitted by Article 12(5) of the GDPR.
Right to lodge a complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:
Office of the Commissioner for Personal Data Protection (Cyprus) 1 Iasonos Street, 1082 Nicosia, Cyprus Email: [email protected] Website: https://www.dataprotection.gov.cy
You may also lodge a complaint with the supervisory authority in your EU member state of residence or place of work.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- HTTPS/TLS encryption for all data in transit (via Cloudflare and nginx)
- Access Keys stored as cryptographic hashes (not in plaintext)
- Server access restricted to authorized personnel with key-based SSH authentication
- Regular security updates to server software and dependencies
- File-based storage with appropriate filesystem permissions
- No public-facing database interfaces
No system is completely secure. While we take commercially reasonable precautions, we cannot guarantee absolute security of your data. In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and the Office of the Commissioner for Personal Data Protection (Cyprus) in accordance with Articles 33 and 34 of the GDPR.
11. Children
The Service is designed for business professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
12. Automated Decision-Making
The Service does not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, within the meaning of Article 22 of the GDPR. The AI models used in Research Runs evaluate brands, not individuals.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. For changes that materially affect how we process your personal data, we will use reasonable efforts to provide advance notice.
Your continued use of the Service after the effective date of the updated policy constitutes acknowledgment of the changes. If you do not agree with the updated policy, you should stop using the Service and may request erasure of your data.
14. Language
This Privacy Policy is available in English and Russian. In case of any inconsistency between versions, the English version shall prevail.
15. Contact
For questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, contact us at:
ECONDATA TECHSCRIBE LTD Registration number: HE 455945 Registered address: Peiraios 30, Floor 1, Flat/Office 1, Strovolos 2023, Nicosia, Cyprus Email: [email protected] Director: Vitalis Makris
This Privacy Policy is effective as of May 12, 2026.