Back to home
Legal

Privacy Policy

Last updated · July 7, 2026

Your household data is sensitive. This policy explains, in plain language, what we collect, why, and how you stay in control.

This document is maintained by 4Afol sp. z o.o., Okrzei 10, 41-300 Dąbrowa Górnicza, Poland — phone +48 32 639 98 21, email [email protected]. It is provided for information only and does not constitute legal advice.
01

Who we are

4Afol (“we”, “us”, “our”) provides an AI financial co-pilot for households. This Privacy Policy explains what personal data we collect when you use our website, dashboard, and AI services, why we collect it, and the rights you have over it.

The data controller is 4Afol sp. z o.o., Okrzei 10, 41-300 Dąbrowa Górnicza, Poland. Phone: +48 32 639 98 21. For data-protection questions contact [email protected].

02

Data we collect

  • Account data — first and last name, email, hashed password, preferred currency.
  • Purchase data — credit orders, applied promo codes, selected payment method, invoice details. Card numbers are handled by our payment processors and never stored on our servers.
  • Product data you submit — questions, prompts, uploaded documents, and financial context you send to our AI services.
  • Technical data — IP address, browser type, device type, pages visited, timestamps, error logs.
  • Cookie and analytics data — see our Cookie Policy.
04

How our AI processes your inputs

Prompts and documents you submit to AI features are sent to third-party model providers strictly to generate a response for you. We do not use your inputs to train foundation models. Model providers may retain inputs for a short abuse-monitoring window as described in their own policies; we contract for zero-retention where the provider offers it.

Do not paste highly sensitive information (government IDs, medical records, full bank account credentials) into AI prompts.

05

Who we share data with

We share personal data only with the categories of processors below:

  • Cloud hosting and database providers (EU/US, standard contractual clauses).
  • Payment processors for card, bank transfer, PayPal, and Stripe checkout.
  • AI model providers strictly to fulfill your requests.
  • Email delivery, analytics, and error-monitoring vendors.
  • Professional advisers (accounting, legal) and public authorities where required by law.

A current list of subprocessors is available on request at [email protected].

06

How long we keep it

  • Account data — while your account is active, then up to 24 months.
  • Purchase and invoice records — 5–10 years as required by tax law.
  • AI prompt history — up to 12 months, or until you delete it.
  • Server logs — up to 90 days.
07

Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA and similar), you have rights to access, correct, delete, restrict, port, and object to the processing of your personal data, and to withdraw consent. You also have the right to lodge a complaint with a supervisory authority.

To exercise any right, email [email protected] from the address on your account. We respond within 30 days.

08

Security

We use TLS in transit, encryption at rest for databases and backups, least-privilege access controls, and audit logging. No online service is perfectly secure — please use a strong unique password and enable two factor authentication when available.

09

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or an in-product notice at least 14 days before they take effect.