Privacy Policy

Last updated: 15 April 2026

This Privacy Policy explains how Everlong s.r.o. (“Innociti”, “we”, “us”) collects, uses, and safeguards personal data when you use innociti.eu and related services. We process personal data in accordance with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and Slovak Act No. 18/2018 on the Protection of Personal Data.

1. Data Controller

Everlong s.r.o., Zámocká 8, Bratislava, Slovak Republic, is the data controller responsible for your personal data. You can contact us at privacy@innociti.eu.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: email address, name, organisation, role, provided when you create an account or subscribe.
  • Usage data: pages viewed, queries submitted, features used. Collected through first-party cookies and server logs.
  • Matchmaking input: problem descriptions, city context, and other information you voluntarily submit to generate innovation briefs.
  • Billing data: for paid plans, payment information processed by Stripe. We do not store card numbers.
  • Technical data: IP address, browser type, device information, referrer.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) for account creation, matchmaking, and subscription services.
  • Legitimate interests (Art. 6(1)(f) GDPR) for service improvement, security monitoring, and direct communication about the service.
  • Consent (Art. 6(1)(a) GDPR) for non-essential cookies, marketing emails, and optional features.
  • Legal obligations (Art. 6(1)(c) GDPR) for tax records and accounting.

4. How We Use Your Data

  • To provide the matchmaking service, generate innovation briefs, and deliver city introductions.
  • To authenticate you and maintain session security.
  • To process payments and issue invoices.
  • To send transactional notifications (account, billing, brief delivery).
  • To respond to support requests and GDPR requests.
  • To analyse usage patterns for service improvement.

5. AI Processing

Problem descriptions and other content you submit for matchmaking are sent to third-party AI providers (Anthropic, OpenAI) to generate structured queries, embeddings, and briefs. These providers act as data processors and do not use your content to train their models under our contractual terms. Do not submit confidential, personal, or sensitive data in matchmaking queries.

6. Data Sharing and Sub-Processors

We share personal data with the following sub-processors strictly to provide the service:

  • Vercel Inc. (USA) — hosting and content delivery.
  • Supabase Inc. (EU, eu-west-1) — database and authentication.
  • Anthropic PBC (USA) — AI matchmaking and brief generation.
  • OpenAI Ireland Ltd. (Ireland) — semantic search embeddings.
  • Stripe Payments Europe Ltd. (Ireland) — payment processing.
  • Resend, Inc. (USA) — transactional email.
  • Google LLC (USA) — optional sign-in via Google OAuth.

Transfers to the USA are covered by Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. A full list of sub-processors is available in the Data Processing Agreement.

7. Retention

  • Account data: for the lifetime of your account plus 30 days after deletion.
  • Matchmaking queries and briefs: 24 months, then deleted.
  • Billing records: 10 years, as required by Slovak accounting law.
  • Server logs: 90 days.

8. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Request correction of inaccurate data (Art. 16).
  • Request deletion (Art. 17).
  • Restrict or object to processing (Art. 18, 21).
  • Data portability (Art. 20).
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with the Slovak Office for Personal Data Protection (dataprotection.gov.sk).

To exercise any right, email privacy@innociti.eu. We will respond within 30 days.

9. Cookies

We use first-party cookies that are strictly necessary for authentication and security. We do not set advertising or cross-site tracking cookies. Optional analytics cookies are loaded only with your consent via the cookie banner.

10. Security

We apply technical and organisational measures appropriate to the risk, including TLS encryption in transit, encryption at rest, role-based access control, and regular security reviews.

11. Changes

We may update this Privacy Policy. Material changes will be notified by email to account holders at least 14 days before taking effect. The “Last updated” date at the top reflects the latest version.

12. Contact

Everlong s.r.o., Zámocká 8, Bratislava, Slovak Republic. Email: privacy@innociti.eu.