VeritasAsk
Start verified search
GDPR

Privacy Policy

This Privacy Policy explains how MAŃSKI AI s.r.o. processes your personal data when you use Veritas Ask, in accordance with Regulation (EU) 2016/679 (GDPR).

Document version: v1.0_2026-04-30

1. Controller

MAŃSKI AI s.r.o., Nové sady 988/2, Staré Brno, 602 00 Brno, Czech Republic · IČO: 17571987 · DIČ:

Contact for data protection matters:

2. Categories of data we process

Depending on how you use Veritas Ask, we may process:

  • Account data: e-mail address, name, password hash, language preference.
  • Usage data: queries you submit, generated answers, sources retrieved, timestamps, plan and quota usage.
  • Billing data: name, billing address, VAT ID, payment identifiers (handled by Stripe; we do not store full card numbers).
  • Technical data: IP address (stored only as a daily-salted hash for audit), user agent, basic device info, cookies.
  • Communications: messages you send via the contact form or support.

3. Purposes and legal basis

We process your data for the following purposes:

  • Providing the service and managing your account — performance of the contract (Art. 6(1)(b) GDPR).
  • Billing, invoicing, accounting — legal obligation (Art. 6(1)(c) GDPR).
  • Security, fraud prevention, abuse detection, audit logs — legitimate interest (Art. 6(1)(f) GDPR).
  • Optional analytics and marketing cookies — only with your consent (Art. 6(1)(a) GDPR).

4. Retention

Account data: kept while your account exists and for up to 12 months after deletion. Billing records: 10 years (statutory tax obligation, CZ). Usage and audit logs: up to 24 months. Cookie consent records: up to 24 months. After these periods data is deleted or fully anonymised.

5. Recipients and processors

We share data only with carefully selected processors bound by data processing agreements:

  • Lovable Cloudhosting, database, authentication, edge functions (EU/US regions, EU SCCs in place).
  • OpenAIAI model inference for generating answers (US, EU SCCs in place; we do not send your queries for training).
  • Stripepayment processing (EU/US, EU SCCs in place).

6. International transfers

Where data is transferred outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses and supplementary technical safeguards.

7. Your rights

Under the GDPR you have the right to:

  • access your personal data,
  • rectify inaccurate data,
  • erasure (the right to be forgotten),
  • restriction of processing,
  • data portability,
  • object to processing based on legitimate interest,
  • withdraw consent at any time and lodge a complaint with the supervisory authority (in CZ: Úřad pro ochranu osobních údajů, www.uoou.cz).

To exercise your rights, contact:

8. Automated decision-making

Veritas Ask does not perform automated decision-making with legal or similarly significant effects on you within the meaning of Art. 22 GDPR.

9. Security

We use TLS in transit, encryption at rest, role-based access control, audit logging, hashed passwords, and database row-level security to protect your data.

10. Changes

We may update this Policy. The current version with its effective date is always available on this page.

Terms of ServicePrivacy PolicyCookiesfooter.legal.imprint