Articlero
Try for free

Privacy Policy

1. Introduction

This Privacy Policy explains how Octoro Technologies s.r.o., Company ID: 23420464, VAT ID: CZ23420464, registered office at Korunní 2569/108, Prague 10, 101 00, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague, file reference C 426198 (hereinafter "Controller"), processes personal data when using the Articlero service available at https://articlero.com (hereinafter "Service").

The Controller processes personal data in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
  • Act No. 110/2019 Coll., on the Processing of Personal Data, as amended,
  • Act No. 127/2005 Coll., on Electronic Communications, as amended,
  • and other related legislation of the Czech Republic and the European Union.

This Policy applies to the processing of personal data of users, customers, website visitors, prospective customers, and other persons whose data the Controller processes in connection with the operation of the Service.

2. Who is the Data Controller

The data controller is:

  • Octoro Technologies s.r.o.
  • registered office: Korunní 2569/108, Prague 10, 101 00, Czech Republic
  • Company ID: 23420464
  • VAT ID: CZ23420464
  • contact details are available in the dedicated Contact section of the website.

3. What Personal Data We Process

The Controller may process in particular the following categories of personal data:

3.1 Data You Provide Directly

  • identification and contact details, such as first name, last name, e-mail address, phone number, company name,
  • registration details and User Account information,
  • billing and payment details, such as billing address, company ID, VAT ID, order information, and details of paid services,
  • data provided in communications with the Controller, such as enquiries, requests, complaints, suggestions, or feedback,
  • information submitted into the Service, such as project content, instructions, keywords, brand assets, website content, integration credentials, and other user-provided inputs.

3.2 Data Collected Automatically When Using the Service

  • technical device and connection data, such as IP address, device type, operating system, browser, language settings,
  • operational and log data, such as date and time of access, pages visited, error messages, system activity,
  • Service usage data, such as features used, session duration, account activity, content created or modified,
  • data collected via cookies and similar technologies as described below.

3.3 Content and Files

As part of providing the Service, we may also process content you upload, enter, or connect to the Service, such as:

  • texts, briefs, topics, and keywords,
  • content from your website or other connected platforms,
  • images, brand assets, and other files,
  • outputs generated by the Service and associated metadata.

If you submit personal data of third parties into the Service, you are responsible for being authorized to do so and for complying with the requirements of applicable legislation.

4. Purposes and Legal Bases for Processing

The Controller processes personal data only to the extent necessary for a specific purpose.

4.1 Performance of Contract and Provision of the Service

For the purpose of concluding and performing the contract, we process personal data in particular for:

  • creating and managing User Accounts,
  • providing the features of the Service,
  • generating content and related outputs,
  • operating integrations and connections with third-party services,
  • customer support,
  • handling payments, orders, complaints, and refund requests.

The legal basis is the performance of a contract pursuant to Article 6(1)(b) GDPR.

4.2 Compliance with Legal Obligations

We also process personal data in order to fulfil obligations imposed by law, in particular in the areas of:

  • accounting and tax records,
  • handling data subject rights requests,
  • cooperation with public authorities,
  • maintaining mandatory records and fulfilling statutory archiving obligations.

The legal basis is compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.

4.3 Legitimate Interests of the Controller

On the basis of legitimate interests, the Controller may process personal data for example for:

  • protecting legal claims and enforcing receivables,
  • ensuring security, preventing fraud and abuse of the Service,
  • internal records, audit, and control,
  • improving, developing, and testing the Service,
  • basic analytics of Service usage,
  • sending commercial communications to existing customers to the extent permitted by law.

The legal basis is legitimate interests pursuant to Article 6(1)(f) GDPR.

4.4 Consent

Where required by law, we process personal data on the basis of your consent, for example for:

  • sending marketing communications to persons who are not existing customers,
  • using optional cookies and similar technologies,
  • other purposes for which your consent will be expressly requested.

You may withdraw your consent at any time by contacting the Controller; the contact e-mail address is available in the Contact section of the website. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5. Recipients of Personal Data

The Controller does not sell personal data. However, personal data may be disclosed to the following recipients to the extent necessary:

5.1 Processors and Suppliers

The current processors used by the Service include in particular:

  • OpenRouter (OpenRouter, Inc.) — interface for accessing AI models; through OpenRouter, data may be transmitted to AI model providers, in particular Anthropic (Claude models), OpenAI (GPT models), and Google (Gemini models),
  • Stripe (Stripe, Inc.) and where applicable Polar (Polar Software, Inc.) — payment services; where payments are processed through Polar, Polar may also act as Merchant of Record to the extent set out in its terms,
  • Google — analytics and advertising tools (Google Analytics),
  • DataFast — website analytics,
  • Meta Platforms Ireland Limited — Meta Pixel and related advertising tools.

Where payment is made through Polar, data necessary for processing the transaction, issuing documents, and fulfilling legal obligations related to the payment may be processed by Polar Software, Inc. in accordance with its terms (polar.sh/legal) as an independent controller or in another capacity under its setup; the Controller (Octoro) continues to process data necessary for the provision of the Service and the application account.

5.2 Connected Third-Party Services

Where a user connects the Service to third-party services, such as publishing platforms or other tools, the relevant data may be transmitted to those third parties in accordance with the user's instructions and to the extent necessary for the integration to function.

5.3 Public Authorities and Other Recipients

Personal data may also be disclosed to public authorities or other authorized persons where required by law, an enforceable decision, or the protection of the rights and legitimate interests of the Controller.

6. International Data Transfers

Personal data may be processed within the European Union as well as outside it, where the Controller or its processors use services with servers or support located outside the EU / EEA.

Where personal data is transferred outside the EU / EEA, the Controller will ensure that such transfer complies with the GDPR and that an adequate level of protection is ensured, in particular through:

  • an adequacy decision of the European Commission,
  • standard contractual clauses,
  • or another lawful mechanism for the transfer of personal data.

7. Cookies and Similar Technologies

The Service may use cookies and similar technologies for the following purposes:

  • necessary cookies, which are required for the website and Service to function,
  • preference cookies, which remember your settings,
  • analytics cookies, which help understand how the website and Service are used,
  • marketing cookies, where used.

Necessary cookies may be used without consent where permitted by law. All other cookies are used only on the basis of your consent where such consent is required.

Meta Pixel. If you enable marketing cookies in the cookie settings, the Meta Pixel may transmit to Meta information about your behavior on the website and, where automatic advanced matching is enabled, also identifiers derived from data you enter into web forms (typically in hashed form), for the purposes of measuring advertising effectiveness, remarketing, and related marketing activities to the extent of your consent. A detailed description is provided in the Cookie Policy.

Further information about the use of cookies may also be set out in a separate cookie banner or cookie settings on the website.

8. Data Retention

We retain personal data only for as long as is necessary for the given processing purpose.

The following general principles apply:

  • User Account data and contractual data are retained for the duration of the account and for a reasonable period after its cancellation,
  • contractual, billing, and accounting data are retained for the period required by law,
  • communication data are retained for the period necessary to handle the request and protect legal claims,
  • data processed on the basis of consent are retained until consent is withdrawn or the purpose ceases to exist,
  • logs and technical data are retained for the period necessary for the security, operation, and protection of the Service.

Anonymized or aggregated statistical data from which no individual can be identified may be retained indefinitely for the purposes of internal analytics and improving the Service.

Upon expiry of the processing purpose, personal data will be deleted, anonymized, or retained further only where required by law or the legitimate interests of the Controller.

9. Your Rights

As a data subject, you have the following rights under the GDPR and other applicable legislation:

  • the right to access your personal data,
  • the right to rectification of inaccurate or incomplete data,
  • the right to erasure of personal data where the statutory conditions are met,
  • the right to restriction of processing,
  • the right to data portability in a structured, commonly used, and machine-readable format,
  • the right to object to processing based on legitimate interests,
  • the right to withdraw consent where processing is based on consent,
  • the right not to be subject to a decision based solely on automated processing where such a decision would have legal or similarly significant effects, where such processing is used,
  • the right to lodge a complaint with a supervisory authority.

The supervisory authority in the Czech Republic is the Office for Personal Data Protection, https://www.uoou.gov.cz.

10. How to Exercise Your Rights

You may exercise your rights using the contact details available in the dedicated Contact section of the website or through another contact channel listed in this Policy.

The Controller may request reasonable verification of the identity of the applicant for the purposes of protecting personal data and preventing abuse.

We respond to requests without undue delay, within the time limits set by the GDPR.

11. Security of Personal Data

The Controller has implemented appropriate technical and organisational measures to protect personal data, including in particular:

  • encryption of data in transit using HTTPS,
  • restricting access to personal data to authorised persons only,
  • ongoing updates to systems and security measures,
  • recording and handling of security incidents,
  • measures against unauthorised access, alteration, loss, or destruction of data.

Nevertheless, no system can guarantee absolute security. The Controller therefore cannot guarantee one hundred percent security of data transmission and storage, but takes all reasonably required steps to protect it.

12. Persons Under 18

The Service is not intended for persons under the age of 18. If we discover that we have processed personal data of a person under 18 without an appropriate legal basis, we will take reasonable steps to delete it.

If you believe that a person under 18 has provided us with personal data, please contact us using the contact details available in the dedicated Contact section of the website.

13. AI and Personal Data Processing

The Service uses artificial intelligence technology to generate content through external AI providers (see Section 5.1). Inputs submitted into the Service may be transmitted to the processors listed in Section 5.1 for this purpose. The Controller does not knowingly provide customer data to AI providers for the purpose of training their models and does not require or authorize such processing. However, the Controller does not have full control over the internal practices of those providers and cannot guarantee how they handle received data in accordance with their own terms.

14. Changes to This Policy

The Controller may reasonably amend or supplement this Privacy Policy.

Users will be notified of material changes by e-mail, via the web interface, or in another appropriate manner at least 14 days before the change takes effect, unless the nature of the change requires earlier effect for legal or security reasons.

The current version is always published on the Controller's website.

15. Contact

For questions, requests, or the exercise of rights in the area of personal data protection, you may contact the Controller:

  • Octoro Technologies s.r.o.
  • address: Korunní 2569/108, Prague 10, 101 00, Czech Republic
  • contact details are available in the dedicated Contact section of the website.

This Privacy Policy enters into force on 18 April 2026.