Skip to content
M·01
Legal · Privacy policy

Privacy policy. Plain English.

Last updated 2026-04-01 · version 2.0. GDPR-native. EU data residency.

ControllerPoint FM Services s.r.o.
DPOfounder@misano.ai (acting)
EU residencySupabase · Frankfurt
Other legal pages:TermsDPASub-processors
M·02
01

What we collect

Account data: email, name, billing details processed by Stripe.

Product data: companies you add, files you upload, scoring runs, theses you generate, KB entries you create.

Usage data: which features you used, when, from which IP. We don’t track you across the web.

02

Why we collect it

To provide the product (contractual basis under GDPR Art. 6(1)(b)).

To bill you (same).

To maintain security and prevent abuse (legitimate interest, Art. 6(1)(f)).

To improve the product (legitimate interest, with no model training on customer data).

03

Where it lives

Production data: Supabase, EU region (Frankfurt). Your data does not leave the EU.

AI processing: Anthropic (Claude) and OpenAI. Neither vendor uses API data to train models. Inference may run on EU or US infrastructure; non-EU transfers are covered by EU Standard Contractual Clauses.

Email: Resend (US), processing the recipient address and message content of transactional mail.

Payments: Stripe (EU · Ireland).

Analytics: none. We do not run third-party analytics, advertising pixels, or cross-site trackers.

04

Your rights (GDPR)

You can access, correct, export, or delete your data. Most rights are self-serve in the app; the rest are one email to founder@misano.ai.

You can lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ) at any time.

05

How long we keep it

Active accounts: as long as you’re a customer.

Cancelled accounts: 90 days in case you re-subscribe, then deleted from production. Backups age out within 30 days.

Invoices and tax records: kept per Czech accounting law (10 years).

06

Cookies

We use a single first-party cookie to keep you logged in. We don’t use marketing cookies, advertising pixels, or third-party trackers.

07

Children

Misano is a B2B product, not directed at children. We don’t knowingly collect data from anyone under 18.

08

Changes

If we change this policy materially, we’ll email you 30 days in advance. Older versions are kept on the changelog.

09

Contact

Data questions: founder@misano.ai. We answer within 3 working days.