Privacy Policy

01Who we are

Depaza provides an AI chat assistant, a developer API and a coding CLI. For the personal data described here, Depaza is the data controller. You can reach us any time at [email protected].

02What we collect

We collect only what we need to run the service and bill it correctly:

• Account data: your email address and, if you set one, a password. Authentication can be passwordless via a magic link.
• Content you submit: the messages, files and prompts you send so the assistant can respond and so you can revisit your conversations.
• Usage and technical data: model usage and token counts for quotas and billing, plus standard request logs (IP, timestamp, user agent) needed for security and abuse prevention.
• Billing data: handled by our payment processor; we store plan, status and the minimum needed to issue receipts — we never see or store full card numbers.

03How we use your data

We process your data to provide the service you asked for, to authenticate you, to meter usage and bill you, to keep the service secure, and to comply with legal obligations. The legal bases are performance of our contract with you, our legitimate interest in running a secure service, and, where required, your consent.

04Training stays in the EU

We may use the content of your chats, files and API requests to improve Depaza's own EU-hosted models. That training happens exclusively on EU infrastructure — your content is never sent to US providers and is never sold. Enterprise plans are contractually excluded from training, and if you want your account excluded too, email us and we will opt you out. Your content is otherwise processed to generate responses for you and retained so you can access your own history.

05Where your data lives

Everything that runs the assistant — application servers and the AI models — is hosted within the European Union. We do not transfer your content to third countries for processing. Where a strictly necessary supporting service (for example, payment processing or transactional email) involves a provider outside the EU, we use providers that offer EU data residency and appropriate safeguards such as Standard Contractual Clauses. The current list of sub-processors is published at depaza.com/subprocessors.

06Retention

We keep account and conversation data for as long as your account is active so the service works as you expect. You can delete conversations at any time, and you can ask us to delete your account and associated personal data. We retain the minimum billing records required by law.

07Cookies

We use a small number of strictly necessary cookies: a session cookie to keep you logged in and a cookie that remembers your language choice. We do not use advertising or cross-site tracking cookies.

08Your rights

Under the GDPR you have the right to access, correct, export, restrict and delete your personal data, and to object to certain processing. To exercise any of these, email us and we will respond within the statutory timeframe. You also have the right to lodge a complaint with your local data protection authority (in Denmark, Datatilsynet).

09Changes to this policy

If we make material changes we will update this page and the “last updated” date above. Continued use of Depaza after a change means you accept the updated policy.