^{Last Updated: 30 March 2025} Welcome to Saverflow.ai. This Privacy Policy explains how Saverflow.ai ("we," "us," or "our") collects, uses, shares, and protects the personal data of visitors and users ("you") of our website, www.saverflow.ai (the "Site"), and our related services, including AI automation, workshops, and online consultations (collectively, the "Services"). This policy applies to everyone who interacts with our Site and Services. We are committed to safeguarding your privacy and ensuring our data processing practices comply with applicable data privacy laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the United Kingdom (UK), the ePrivacy Directive, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents, relevant EU Anti-Money Laundering (AML) directives, and considerations for the upcoming EU AI Act (2025). The GDPR provides principles like lawfulness, fairness, and transparency, granting you rights over your data. The ePrivacy Directive regulates cookies and electronic communications, requiring informed consent. The CCPA grants California residents specific privacy rights. Our AML practices align with EU regulations to prevent financial crime. We are also preparing for the EU AI Act's framework for AI systems. This policy reflects our dedication to maintaining the confidentiality, security, and lawful processing of your personal information.

Information We Collect:

To provide and improve our services, we collect various types of information, including personal data that you provide directly to us and information that is collected automatically when you interact with our Site. Personal Data You Provide Directly:

• Email Addresses: Collected when you subscribe to newsletters, contact us, or register for workshops/consultations. Used for communication, service updates, and marketing (with consent where required). GDPR requires explicit opt-in for marketing emails for EEA/UK users; CCPA provides opt-out rights for California residents. All marketing emails include an unsubscribe link.
• Information Provided Through Calendly: Our Site integrates with Calendly, a third-party scheduling tool, to facilitate the booking of online consultations. When you use Calendly to schedule a call, you will be required to provide certain personal data, such as your name and email address, and potentially your phone number and details about the meeting you wish to book . Calendly acts as a data processor on our behalf, and the information you provide is processed by Calendly to manage the scheduling process. We encourage you to review Calendly's privacy policy and data processing addendum to understand their data handling practices . The processing of this data is necessary to provide you with the consultation services you have requested.  
• Other Voluntarily Submitted Information: You may also provide us with other personal data when you voluntarily submit it through forms on our Site, such as contact forms or workshop registration forms. This may include your name, company name, job title, or any other information you choose to share with us.
• Data for Online Consultations and Workshops: We collect specific information necessary to provide these services, such as details related to the consultation topic or workshop participation. The exact data collected will be clear at the point of collection.

Information Collected Automatically:

• Anonymized Website Tracking Data via Google Analytics: We use Google Analytics, a web analytics service provided by Google, to collect anonymized information about your use of our Site. This includes your browsing behavior, the pages you visit, the time spent on each page, and other website usage statistics . We have implemented IP address anonymization within Google Analytics, which masks your IP address to prevent it from being directly linked to you . The data collected through Google Analytics helps us to understand how users interact with our Site, identify areas for improvement, and optimize our services. The use of Google Analytics and the fact that IP anonymization is enabled are disclosed in this policy .  
• Log Data and Device Information: When you access our Site, our servers automatically record certain information, including your browser type, operating system, the pages you visit, the time and date of your visit, and your IP address (which is anonymized as described above). This information is used for system administration, security purposes, and to analyze trends in website usage.

How We Use Your Information:

The information we collect is used for various purposes to provide and improve our services, communicate with you, and ensure the security and legal compliance of our Site.

• We use your email address and other contact information to communicate with you regarding your inquiries, bookings for consultations or workshops, and to provide you with updates about our services.
• With your consent (where required by applicable law), we may use your email address to send you marketing communications about our AI automation services, upcoming workshops, and online consultations that we believe may be of interest to you . You have the right to withdraw your consent or opt-out of receiving these communications at any time.  
• We use the information you provide through Calendly to manage and facilitate your call bookings, including confirming your appointment and sending you reminders.
• The anonymized data collected through Google Analytics is used to analyze website usage patterns, track the effectiveness of our content, and make improvements to our Site and our services to enhance the user experience.
• We may use your information to personalize your experience on our Site, such as by remembering your preferences or suggesting content that may be relevant to you.
• Your information may be used for security purposes, such as to verify your identity and to detect and prevent fraudulent or unauthorized activities on our Site.
• We may also use your information to comply with our legal obligations, respond to legal requests, or enforce our terms and policies.

Legal Basis for Processing Personal Data:

Our processing of your personal data is based on several legal grounds, depending on the specific purpose of the processing.

• For marketing communications to users in the EEA and the UK, we rely on your explicit consent . You have the right to withdraw this consent at any time.  
• The processing of your data to manage and facilitate call bookings through Calendly is necessary for the performance of a contract with you to provide the services you have requested.
• Our use of anonymized data for website analytics and improvement is based on our legitimate interests in understanding how our Site is used and optimizing it for our users .  
• We may also process your data to comply with legal obligations to which we are subject.
• Under the CCPA, we process personal data for our legitimate business interests in providing and improving our services, which include analytics and marketing (subject to your right to opt-out) .  

Sharing Your Information:

We may share your personal data with certain third parties in the following circumstances:

• We share your name and email address with Calendly to facilitate the scheduling and management of your online consultations.
• We share anonymized website usage data with Google Analytics for the purpose of website analytics and improvement.
• We may engage other third-party service providers to assist us in delivering our services, such as email marketing platforms for sending newsletters and promotional emails. These providers are contractually obligated to process your data only on our instructions and in compliance with applicable data protection laws.
• We may disclose your personal data if required to do so by law, or in response to a valid legal request, such as a subpoena or court order.
• In the event of a merger, acquisition, or other business transfer, your personal data may be transferred to the acquiring entity as part of the assets being transferred.

Data Security:

We take the security of your personal data seriously and have implemented reasonable technical and organizational measures designed to protect it from unauthorized access, use, disclosure, alteration, or destruction . These measures include encryption of data in transit using secure protocols such as HTTPS , access controls to restrict who can access your data, and firewalls to protect our systems from unauthorized intrusion. While we strive to use commercially acceptable means to protect your personal data, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.  

Your Rights Regarding Your Personal Data:

You have certain rights regarding your personal data, which vary depending on your location and applicable data protection laws. Under GDPR: If you are located in the EEA or the UK, you have the right to:

• Access your personal data and receive a copy of it.
• Rectify any inaccurate or incomplete personal data.
• Erase your personal data under certain circumstances (the "right to be forgotten").
• Restrict processing of your personal data in specific situations.
• Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller (the right to data portability).
• Object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, although this period may be extended in certain complex cases.

Under CCPA: If you are a California resident, you have the right to:

• Know what personal information we collect about you, including the categories and specific pieces of data, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Delete personal information that we have collected from you, subject to certain exceptions.
• Opt-out of the "sale" or "sharing" of your personal information to third parties. Please note that while we do not directly sell your personal information for monetary consideration, the definition of "sale" under the CCPA is broad and may include sharing data with third parties for analytics or advertising purposes. You can exercise your right to opt-out by clicking on the "Do Not Sell or Share My Personal Information" link on our website (if applicable).
• Correct inaccurate personal information that we maintain about you.
• Limit the use and disclosure of sensitive personal information for purposes other than those for which it was collected or as authorized by law.
• Not be discriminated against for exercising any of your CCPA rights. To exercise your rights under the CCPA, please submit a verifiable consumer request to us via the contact information provided below. We will respond to your request within 45 days .  

Data Retention:

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Providing requested Services.
• Maintaining our relationship with you.
• Complying with legal and regulatory obligations (including specific retention periods for AML-related data, see Section 8).
• Resolving disputes and enforcing agreements.

Anti-Money Laundering (AML) Notice for EU Users

Saverflow.ai is committed to preventing money laundering and terrorist financing in compliance with applicable European Union (EU) AML - Directives and the related legal framework. This section informs our EU users about our AML practices.

• Commitment: We adhere to all relevant EU AML laws and regulations.

• Customer Due Diligence (CDD) / Know Your Customer (KYC): To comply with regulations, we may need to verify the identity of our EU users. This may involve collecting identification information and documentation. For certain transactions or relationships deemed higher risk, we may also need to inquire about the source of funds or wealth.

• Monitoring: We monitor user activity and transactions for unusual or suspicious patterns that might indicate illicit activity.

• Reporting: If we identify suspicious activity, we are legally obligated to report it to the relevant Financial Intelligence Units (FIUs) in accordance with EU regulations. These reports are confidential, and we are prohibited from "tipping off" individuals involved.

• Record Keeping: We maintain records related to CDD measures and transactions as required by AML regulations, while respecting GDPR data protection principles regarding storage limitation and security.

• Contact: If you have questions about our AML practices, please use the contact information below.

Compliance with the EU AI Act (2025)

The EU AI Act establishes a risk-based regulatory framework for Artificial Intelligence systems. Saverflow.ai is committed to complying with this Act as its provisions come into force (some from February 2025, full application August 2026).

• Our Approach: We are assessing our AI-driven services (including aspects of automation, workshops, and consultations) under the AI Act's risk categories (minimal, limited, high, unacceptable).

• Transparency: Where required (e.g., for limited-risk AI like certain chatbots used in interactions), we will ensure users are aware they are interacting with an AI system.

• High-Risk AI Systems: If any of our services are classified as high-risk under the Act, we will implement required measures such as ensuring appropriate human oversight, robust data governance, technical documentation, record-keeping, accuracy, and security.

• AI Literacy: We are taking steps to ensure relevant staff involved with AI systems understand their capabilities, limitations, and the legal requirements under the AI Act.

• Right to Explanation: For high-risk AI systems making decisions affecting users, we will provide information about the logic involved, where required by the Act.

• Contact: For inquiries regarding our approach to the EU AI Act, please use the contact information below.

Contact Us:

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Saverflow AI Sp. z o.o.

• Mail: contact@saverflow.ai
• Address: Zlota 7 / 28, 00-019, Warsaw, Poland
• REGON: 541287511
• NIP: 5253040860
• VAT-EU: 5253040860
• SĄD REJONOWY DLA M.ST. WARSZAWY W WARSZAWIE, XII WYDZIAŁ GOSPODARCZY KRAJOWEGO REJESTRU SĄDOWEGO

International Data Transfers:

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States, where some of our service providers, such as Calendly and Google Analytics, are located . We will take appropriate safeguards to ensure that your personal data remains protected in accordance with applicable data protection laws when it is transferred internationally. This may include relying on data transfer mechanisms such as the Data Privacy Framework or Standard Contractual Clauses .  

Updates to This Privacy Policy:

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. We will post any updated version of the policy on our Site and will indicate the date of the latest revision. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data. If we make material changes to this policy, we may also notify you by other means, such as by sending an email to the email address you have provided to us. The "Last Updated" date at the top of this policy indicates when it was last revised.