Elin - Cogntive Antivirus: Privacy Policy

This is a simplified summary of our Privacy Policy, designed for your convenience as a user.

  1. Who We Are: We are Elin.ai, a company from the Czech Republic. We provide an app to protect users from harmful online content and biased information.

  2. Your Privacy: We respect your privacy and protect your personal information (like your name, email, and social media data). We follow strict data protection laws, like GDPR.

  3. How We Use Your Data: We use your data to provide our services, improve them, and for marketing. As an AI-powered app, we also use artificial intelligence, including third-party AI services, to process content and generate responses and recommendations as part of the app’s core functionality. We may share data with trusted partners who help us provide our services.

  4. Data Retention and Transfer: We keep your data only as long as needed for our services and legal requirements. Your data may be transferred to secure servers outside your location.

  5. Data Disclosure: We may share your data in certain situations, like business transactions or legal requirements.

  6. Cookies and Tracking: We use cookies to improve your experience. You can control cookie settings in your browser.

  7. Direct Marketing: We may send you marketing emails, but you can opt out anytime.

  8. Security: We take security seriously and use measures to protect your data.

  9. Your Rights: You have rights to access, correct, object, and more regarding your data. If you have concerns, contact us at hello@elin.ai.

  10. Surveys and Testimonials: We may request your input through surveys, but it’s voluntary. If we post your testimonials, we’ll get your consent.

  11. Final Notes: We’re not for users under 13. We may update this policy, and we’ll notify you of significant changes via email.

For the complete and detailed Privacy Policy, please continue to the full version below.

1. INITIAL PROVISIONS

1.1. This is the Privacy Policy of Elin.ai, s.r.o., a company established and existing under the laws of the Czech Republic, ID No.: 17921856, with its registered seat at Teslova 1120/1, Skvrňany, 301 00 Plzeň, Czech Republic, maintained by the Reginal Court in Plzeň, section C, insert 43250 (also “we”, “us” or “our”). We refer to all our products, services, websites, and apps, including in particular (but not limited to), our Elin.ai application designed to protect the emotional well-being of its users from manipulative, extreme or disturbing content, harmful social media dynamics and purposedly biased information, collectively as the “Services” in this Privacy Policy.

1.2. We respect the need for privacy and protection of personal information, including but not limited to any personal data. For the purposes of this Privacy Policy, personal data shall mean any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (the “Personal Data”).

1.3. We always process Personal Data in accordance with this Privacy Policy and applicable legislation, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).

1.4. Please read this Privacy Policy carefully to understand how we collect, process, and protect Personal Data if you use the Services, and what rights you have in this connection. By using the Services and/or providing any Personal Data to us, you consent to be bound by this Privacy Policy and warrant that all Personal Data provided by you is accurate and that you are authorized to provide such Personal Data to us.

1.5. For the purpose of this Privacy Policy and unless the context requires otherwise, we shall be considered as the data controller of Personal Data.

2. CATEGORIES OF PERSONAL DATA

2.1. We collect, process and protect, in particular, the following categories of Personal Data:

a) Personal Data

(i) identification data (e.g., first name, last name, sex, account user name);

(ii) contact information (e.g., e-mail address, telephone number);

(iii) social media data (e.g., your posts, comments, messages and other data on your social media accounts, which you specifically decide to share with us as a part of specific features of the Services);

(iv) location data (on a level of regions, not detailed GPS coordinates);

(v) IP address;

(vi) logs of requests made by the user to the Services, including content and metadata;

(vii) user feedback logs; and

(viii) information about the content of the web pages visited when the user uses them as part of a rating or protection function, for example, to generate a trust score for a page. In this case, we process the content of the web pages that the user actively views in his/her browser for the sole purpose of protecting the user and providing personalized recommendations.

(ix) payment data related to the purchase of our advanced services. We will also require you to link your Google Play account (or other available payment system) to our app if you wish to purchase any of our advanced features or subscriptions. This does not give us access to your credit card or bank details, but it is necessary for us to process your purchase/subscription correctly and grant you access to the relevant features in the app.

(x) other Personal Data you share with us.

While using the Services, we may ask you to provide us with the above-mentioned Personal Data which can be used to contact or identify you. We may use Personal Data also to contact you using newsletters, marketing, or promotional materials and provide you with other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or reaching out to us at hello@elin.ai.

b) Tracking & Cookies Data

We may use cookies and similar tracking technologies to track activity related to the Services. Please refer to Article 6 to learn more.

3. PURPOSES OF PERSONAL DATA PROCESSING

3.1. We process Personal Data for the following purposes:

a) fulfillment and compliance with our contractual and statutory obligations, such as the provision of the Services agreed upon between you and us;

b) marketing activities related to the Services;

c) provision of access to the Services;

d) monitoring of the usage of the Services;

e) detection, prevention, and addressing of technical issues;

f) improvement of the Services (including, but not limited to, improving the artificial intelligence individual model of the user’s personality, preferences and psychological traits, in order to provide most efficient and personalized Services to the user);

g) conducting market research; and

h) protection of our legitimate interests.

3.2. Legal basis for processing

The processing of personal data is carried out on the basis of the following legal titles according to Article 6 of the GDPR:

a) Performance of a contract (Article 6(1)(b) GDPR): the processing is necessary for the provision of our services and the performance of our obligations, e.g. account creation, technical functioning of the application, access to individual functions.

b) Legitimate interest (Article 6(1)(f) GDPR): We carry out the processing in the context of legitimate interest, e.g. to ensure the security of the Application, to monitor and improve the services, to prevent misuse and fraudulent behaviour.

c) Consent (Article 6(1)(a) GDPR): Where required, we will seek your explicit consent, e.g. for processing mental health data, personalised content, analytical purposes or direct marketing.

d) To comply with a legal obligation (Article 6(1)(c) GDPR): Where we are required to retain or disclose certain personal data due to legal requirements (e.g. accounting or tax obligations, cooperation with public authorities).

4. RETENTION AND TRANSFER OF PERSONAL DATA

4.1. We will retain and process Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy and only to the extent necessary to comply with our legal obligations, resolve disputes, exercise our rights, and protect our interests. In particular, we will process Personal Data for the following periods of time:

a) Personal Data according to Article 3.1 a) will be processed for the duration of our contractual and statutory obligations;

b) Personal Data according to Article 3.1 b) will be processed until you reject our use of Personal Data for marketing activities (such as rejecting our newsletters or other marketing communication);

c) Personal Data according to Article 3.1 c), d), and e) will be processed as long as you use the Services;

d) Personal Data according to Article 3.1 f) and g) will be processed as long as our legitimate interest lasts or until you refuse such Personal Data processing;

e) Personal Data according to Article 3.1 h) will be processed as long as our legitimate interest lasts.

4.2. Please note that we may retain usage data for internal analysis purposes. We retain usage data generally for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services, or if we have a legal duty to retain this data for longer time periods.

4.3. Please acknowledge that in this stage of our development, we are utilizing large language models of third parties for the provision of our Services. For this reason, we may send the Personal Data, securely encrypted via https (hypertext transfer protocol secure) to the APIs (application programming interfaces) of the following third parties: OpenAI, Anthropic, Microsoft, Google and Cohere. Your consent with this Privacy Policy followed by your submission of respective Personal Data represents your agreement to such transfer and that the servers of these third parties are located either in the European Union or the US. Please note that we have opted out from the possibility of using the data submitted by us to these third parties to train other artificial intelligence models which means that your Personal data will be only temporarily processed by these third parties but not stored or used for training.

4.4. Personal Data we process may be transferred to (and maintained on) a computer located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. We store all Personal Data to fulfill our legal obligation subject to Art. 6 of GDPR for the purposes of the legitimate interests pursued by the controller and for the performance of a contract for all our customers irrespective of their location. Your consent with this Privacy Policy followed by your submission of respective Personal Data represents your agreement to such transfer.

4.5. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that no Personal Data are transferred to any organization or a country unless there are adequate controls in place ensuring the security of Personal Data.

5. DISCLOSURE OF PERSONAL DATA

5.1. We ****may disclose Personal Data to a third party in particular in connection with:

a) Business Transactions

We may disclose Personal Data to any third party that acquires all or substantially all of our business, stocks, or assets, or with whom we merge or undergo any other form of corporate restructuring. If we do, we will inform such a third party of the requirement to process Personal Data in accordance with this Privacy Policy.

b) Disclosure for Law Enforcement

We may, under certain circumstances, be required to disclose Personal Data by law or in response to requests made by public authorities (e.g., a court or a government agency).

c) Legal Requirements

We may disclose Personal Data if we believe in good faith that such disclosure is necessary in order to: (i) comply with a legal obligation, (ii) protect and/or defend our rights or property, (iii) prevent or investigate possible wrongdoing in connection with the Services, (iv) protect the safety of users of the Services or the public, (v) protect against legal liability.

5.2. By (i) clicking the “Register” button during the registration as our client, (ii) by clicking the “I read the terms and conditions, understand them and agree with them” button before using the Services, (iii) or simply by using the Services, you consent to our sharing of Personal Data with third parties such as:

a) our affiliates;

b) hosting providers;

c) advertising partners; or

d) partners providing services for the purpose of fulfilling the obligations arising from the provision of Services, such as delivery and payment providers who will then act as the processors of Personal Data.

6. TRACKING, AI SERVICES, COOKIES, AND IP ADDRESSES

6.1. Cookies are computer files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also use beacons, tags, and scripts to collect and track information and to improve and analyze the Services. Cookies allow us to recognize whether you re-entered our website from the same device, to record some of your stored parameters, and to verify whether you belong to a particular category of users to which certain communication should be targeted. We may use for example the following categories of cookies:

a) session cookies to operate the Services;

b) preference cookies to remember your preferences and various settings; or

c) security cookies for security purposes.

6.2. You can instruct your browser to refuse cookies except for technical cookies or similar or to indicate when a cookie is being sent.

6.3. When you visit our website for the first time, we ask you whether you accept cookies.

6.4. With your consent we may also use Google Analytics and similar services that collect third-party cookies. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. As part of Elin.ai extensions (e.g. third-party plugins), we use Google Analytics to track feature usage - for example, how many times a user starts a plugin, how many chats they start, which elements they click on, etc. This data helps optimize functionality and user experience and is processed in aggregated or pseudonymized form.

6.5. Aside from Google Analytics, Google uses Google Tag Manager which is a tag management system created by Google to manage JavaScript and HTML tags used for tracking and analytics on websites. The information about your use of the Services (including your IP address) generated by the cookies will be transmitted to and stored by Google on servers in the USA and other countries. Google will use this information for the purpose of evaluating your use of the Services, compiling reports on the Services activity for the Services operators, and providing other services relating to the Services activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. By using our Services, you consent to the processing of your data by Google in the manner and for the purposes set out above as further detailed in Google privacy policy available at: https://policies.google.com/privacy.

6.6. For debugging and testing large language models, we use the Langsmith tool, operated by LangChain Inc. In case data generated by user interaction (e.g. anonymized queries or responses) is sent to this system, it is processed in accordance with the GDPR rules for the EU region. More information can be found here: https://docs.smith.langchain.com/reference/regions_faq. We always strive to minimize and pseudonymize the data sent as much as possible.

6.7. The Services and the communications generated by the use of the Services, such as promotional e-mails, may also contain electronic images known as “web beacons”. Web beacons generally work in conjunction with cookies, and we may use them in the same way we use cookies (see above).

6.8. In addition to the above technologies, we may also use third party tools such as Smartlook, Firebase Analytics and Firebase Crashlytics:

(a) Smartlook is used to analyse user behaviour on our website and app. It collects anonymized information about user interactions (e.g., clicks, mouse movements, page transitions) to help us optimize the user experience.

b) Firebase Analytics provides statistics about application usage, demographics and user behavior. This data helps us better understand how our app is used and improve its functionality.

c) Firebase Crashlytics is used to detect and diagnose errors in the application, and allows us to troubleshoot problems and improve stability more efficiently. All data is processed in accordance with the privacy policy of these providers.

6.8. In addition to the technologies listed above, we may also use third-party tools such as Smartlook, Firebase Analytics and Firebase Crashlytics, Customer.io and RevenueCat:

a) Smartlook is used to analyse user behaviour on our websites and within the application. It collects anonymised information about user interactions (such as clicks, mouse movements and page transitions) to help us optimise the user experience.

b) Firebase Analytics provides statistics on application usage, user demographics and behaviour. These data help us better understand how the application is used and improve its functionality.

c) Firebase Crashlytics is used to detect and diagnose errors within the application and allows us to resolve issues more efficiently and improve stability. All data are processed in accordance with the privacy policies of these providers.

d) Customer.io is used to deliver and personalise communication with users (such as notifications, emails and in-app messages) based on their behaviour and settings. Processed data may include technical identifiers, contact details provided by the user and information about interactions with the application. The data are processed for the purpose of improving the user experience and delivering relevant information. Customer.io acts as a data processor.

e) RevenueCat is used to manage subscriptions and in-app purchases, including verification of subscription status and access to premium features. Processed data include technical and transactional information (such as subscription type and status, anonymised identifiers). Payment details are processed directly by payment service providers (such as Apple App Store and Google Play). RevenueCat acts as a data processor.

6.9 Use of third-party ****AI services; As part of providing the features of the Elin.ai application, we also use third-party artificial intelligence services, specifically Azure AI Foundry (Microsoft) and AWS Bedrock (Amazon Web Services).

These services are used exclusively for the purpose of processing content and providing responses, recommendations and support within the application. The following data may be transmitted to these services:

the content of the user’s chat communication with Elin,

the user’s answers to predefined questions outside of the chat (such as onboarding questions, questionnaires and tests),

content viewed by the user on social media platforms (such as Instagram and Facebook), if the user accesses them via the Elin.ai application interface.

These data are transmitted solely for the purpose of ensuring the functionality of the application and are not used for independent training of third-party models.

The transmission of personal data to third-party AI services takes place only on the basis of the user’s informed consent, which is obtained before the use of these features. Without such consent, no data are transmitted to these services.

The providers of these AI services act as data processors and commit to protecting personal data at a level equal to or higher than that required by applicable data protection laws.

7. DIRECT MARKETING

7.1. By clicking the “Register” button during registration as a user of the Services or simply by using the Services, or by clicking the [“I agree”] button when subscribing to our newsletters or other marketing communications, surveys, etc., you agree that we may use your electronic contact details, which may be derived from your current or past usage of the Services, or permit selected third parties to use this data, to contact you via electronic means (such as e-mail) with marketing information about the Services.

7.2. You may opt out of marketing communications by disabling this function via the unsubscribe link provided in each e-mail or other communication you receive, or by sending an e-mail request to hello@elin.ai specifying that you wish to opt out from marketing communications.

8. SECURITY

8.1. We are committed to storing all Personal Data securely. Therefore, we have implemented adequate physical, technical, and organizational measures and plans for protecting and securing Personal Data (which do not, however, deprive you of your responsibility for taking adequate steps to secure your data, particularly for the transmission of data). Our aim is to eliminate any unauthorized or unlawful processing of Personal Data as well as any accidental, unauthorized, or unlawful accessing, use, transferring, processing, copying, transmitting, alteration, loss, or damage of Personal Data.

8.2. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Services, you are responsible for keeping this password strong and confidential. We ask you not to share the password with unauthorized persons.

8.3. Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect Personal Data, we cannot guarantee the security of Personal Data transmitted by you. Any such transmission is at your own risk. Once we have received Personal Data, we will use strict procedures and security measures to protect Personal Data and prevent unauthorized access.

8.4. To maintain the highest standard of Personal Data protection, all information you provide to us is stored on secure servers behind firewalls. We restrict access to Personal Data to employees, contractors and agents who need to know such Personal Data in order to operate, develop or improve the Services.

8.5. Certain parts of the Services that collect personal data also use Secure Sockets Layer (SSL) encryption or other types of encryption. We back up all Customer data in the data center located in the European Union, which enables an expedited recovery in case of a disaster or other event of similar nature, and whenever possible, we will ensure the pseudonymization or anonymization of all personal or related data (except for names and e-mail addresses).

8.6. In case, depside our best efforts, a Personal Data breach occurs which is not unlikely to result in a risk to the rights and freedoms of our clients or users, we will undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the supervisory authority and, if your Personal Data has been a part of the breach and none of the exceptions in Article 34(3) of the GDPR apply, you as well. We will describe to you the nature of the breach in clear and plain language, what measures we implemented and will yet to implement and what consequences the breach is likely to have.

9.  YOUR RIGHTS

9.1. Subject to the rules and conditions set forth in the GDPR, you are or may be eligible to the following rights in relation to your Personal Data. You can contact us at hello@elin.ai if you wish to exercise any of the following rights.

a) Right of Access

You are eligible to request from us confirmation, as to whether or not Personal Data concerning you are being processed and, if this is the case, you may access further information about such processing.

Your right of access can be exercised in accordance with the applicable laws. However, where requests from you are manifestly unfounded, excessive, or repetitive, we may either:

(i) charge a reasonable fee, considering the administrative costs of taking the actions requested; or

(ii) refuse to act on the request.

b) Right to Erasure (Right to be Forgotten)

You are eligible to request from us the erasure of Personal Data concerning you without undue delay and we shall have the obligation to erase such data without undue delay if all respective conditions are met under the GDPR. Please note that the erasure of your Personal Data may result in our inability to provide you with our services.

c) Right of Rectification

You are eligible to request from us without undue delay the rectification of inaccurate or incomplete Personal Data concerning you.

d) Right to Object

You are eligible to object, on grounds relating to your particular situation at any time, to the processing of Personal Data.

e) Right of Restriction of Processing

You are eligible to request from us the restriction of processing of Personal Data.

f) Right to Data Portability

You are eligible to receive Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us to which Personal Data have been provided.

g) Right to Withdraw Consent

You are eligible, where the processing is based on consent, to withdraw your consent at any time. Such withdrawal shall not affect the lawfulness of processing based on your consent before its withdrawal.

9.2. If you feel that your Personal Data have been processed unlawfully, please contact us at hello@elin.ai and we will resolve the problem. You have the right to lodge a complaint with the competent supervisory authority. A list of competent supervisory authorities in the European Union is available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. In the Czech Republic, the competent supervisory authority is the Office for Personal Data Protection. You can learn more at www.uoou.cz/en/.

9.3. Please keep in mind that we respond to all inquiries within thirty (30) days. Any requested change, once we have verified your identity and the request’s legitimacy, may take up to five (5) business days to take effect.

10. SURVEYS AND TESTIMONIALS

10.1. From time to time, we may request information via surveys. Participation in these surveys is voluntary and you may choose whether or not to participate and disclose the requested information. Information requested may include contact information (such as name and e-mail address), and organization information (organization name, job position). Contact information will be used to share the results if the participant selects to receive them. Survey information will be used for purposes of research, monitoring, or improving the user experience and satisfaction with the Services.

10.2. From time to time, we may also post various texts such as testimonials, quotes, case studies, white papers, etc. on our websites that may contain personal information. We shall obtain your consent to post your name along with such a text. If you wish to update or delete any text containing your personal information, please contact us at hello@elin.ai.

11. FINAL PROVISIONS

11.1. The Services may, from time to time, contain links to and from websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

11.2. The Services are not addressed to anyone under the age of 13. We do not, to our best knowledge, collect Personal Data from anyone under the age of 13. If you are a parent or a guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.

11.3. We reserve the right to amend, modify, supplement, or otherwise change this Privacy Policy at any time and for any reason. Any new version of this Privacy Policy supersedes its previous version as of the date of effectivity of the new version. If you are our registered user and we have your e-mail information, we will inform you about any substantial amendments to this Privacy Policy by e-mail.

11.4. As part of some features of our Services, the User may be able to take the BIG5 personality test. We use this test under the MIT Open License, specifically the version available here: https://github.com/rubynor/bigfive-web/blob/master/LICENSE. This test is provided “as is”, without any guarantees, and is merely an additional feature of the application designed to support the user’s self-reflection. The test results are not intended to diagnose mental health nor are they a substitute for a professional psychological or medical assessment. Use of the test is voluntary.

11.5. If you have any questions about this Privacy Policy or our privacy practices, please contact us by e-mail at hello@elin.ai.

This Privacy Policy was last updated on February 9th, 2026.