Privacy Policy

1. Introduction

This Privacy Policy describes how Michał Składanowski ("we," "us," or "our") collects, uses, and protects your personal information when you use Comito.ai ("Service"). We are committed to protecting your privacy and ensuring the security of your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal information is:

3. Information We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

• Account Information: Name, email address, and authentication credentials when you create an account
• Profile Information: Optional profile details you choose to provide
• Travel Preferences: Destinations, travel dates, budget preferences, interests, and other trip planning information
• User Content: Trip itineraries, saved places, notes, and other content you create
• Communication Data: Messages and correspondence when you contact us
• Payment Information: Billing name, address, and email for premium features. We do not store or have access to your full payment card details. Payments are handled securely through third-party processors (e.g., Stripe), who act as independent data controllers for payment card information.

3.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Usage Data: Pages viewed, features used, time spent, click patterns, and interaction data
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers
• Location Data: General location information derived from IP address (with your consent for more precise location)
• Cookies and Similar Technologies: Data collected through cookies, web beacons, and similar tracking technologies
• Log Data: Server logs, error reports, and performance data

3.3 Information from Third Parties

• Authentication Providers: Information from OAuth providers (e.g., Google, Facebook) when you sign in through third-party services
• Google Maps API: Location and place data obtained through Google Maps integration
• Analytics Providers: Usage statistics and analytics from third-party services

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision

• Create and manage your account
• Generate personalized travel recommendations and itineraries using AI
• Provide trip planning features and functionality
• Save and sync your travel plans across devices
• Process payments and manage subscriptions

4.2 Service Improvement

• Analyze usage patterns to improve the Service
• Train and improve our AI models (personal data is anonymized or aggregated for this purpose)
• Develop new features and functionality
• Fix bugs and resolve technical issues
• Conduct research and analytics

Important clarification on AI processing: When we use third-party AI models (e.g., OpenAI) to generate travel recommendations, we ensure that personal data sent to these services is minimized and used solely to provide the requested output. Your travel preferences and itinerary requests are sent to these AI providers to generate personalized recommendations. According to our agreements with these providers, they do not use your data to train or improve their own models. Personal identifiers are not shared with AI providers unless necessary for the specific service you requested.

4.3 Communication

• Send service-related notifications and updates
• Respond to your inquiries and support requests
• Send marketing communications (with your consent)
• Provide personalized recommendations

4.4 Security and Legal Compliance

• Detect, prevent, and address fraud and security issues
• Enforce our Terms of Service
• Comply with legal obligations and regulations
• Protect our rights, property, and safety

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Consent: You have given explicit consent for specific processing activities
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the Service, security)
• Legal Obligation: Processing required to comply with legal requirements

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

Third-party vendors who assist in providing the Service:

• Cloud hosting providers (for data storage and processing)
• AI/ML service providers (e.g., OpenAI for AI-powered features)
• Payment processors (for handling transactions)
• Analytics providers (e.g., Google Analytics, Vercel Analytics)
• Customer support platforms
• Email service providers

6.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of our users or the public
• Prevent fraud or security issues

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account information is retained until you delete your account
• Trip itineraries and user content are retained while your account is active
• Usage data and logs are typically retained for 12-24 months
• Payment records are retained as required by tax and accounting regulations
• After account deletion, we may retain certain information for legal compliance, fraud prevention, or legitimate business purposes

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing of your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with a data protection authority

To exercise these rights, please contact us at michal.skladanowski@yahoo.pl. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data protection
• Secure data centers and infrastructure

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding corporate rules

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Authenticate users and maintain sessions
• Remember preferences and settings
• Analyze usage patterns and improve the Service
• Provide personalized content and features
• Measure the effectiveness of marketing campaigns

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service.

12. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

• Google Maps: Subject to Google's Privacy Policy
• OpenAI: Subject to OpenAI's Privacy Policy
• Authentication Providers: Subject to their respective privacy policies
• Payment Processors: Subject to their privacy policies

We recommend reviewing the privacy policies of these third-party services.

13. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that we have collected information from a child under 16, we will delete it promptly. If you believe we have collected information from a child, please contact us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

For data protection inquiries, you may also contact the Polish Data Protection Authority (UODO):

16. Data Protection Contact

For questions specifically related to data protection, you may contact our data protection contact: