BEHAVIORAL AI RADAR™
Back

Privacy Policy

Last updated: May 27, 2026

1. Data Controller

The data controller for this website is Fundacja Promocji Badań nad Węchem i AI (Foundation for the Promotion of Research on Olfaction and AI), KRS: 0001201057, NIP: 8361891220, REGON: 543082380. The website is operated on behalf of the Foundation by ULhub sp. z o.o., KRS: 0001191282, NIP: 7831935926, REGON: 542561523, ul. Pamiątkowa 2, 61-512 Poznań, Poland. Contact: [email protected]

2. What Data We Collect

We collect the following categories of data: • Contact form data: name, email address, company name (optional), subject (optional), message content. • Assessment data: responses to the HRAIS™ assessment questionnaire, company name, name and email (when provided for receiving results). • Analysis data: text submitted for Semantic Influence Analysis or Context Rot™ Analysis. These texts are processed by AI models and are not stored permanently unless linked to a monitoring profile. • Monitoring profile data: email address, company name, access code, API key (if generated), alert preferences. • Newsletter data: email address and language preference. • Technical data: IP address (for rate limiting and security), browser type, access timestamps. We do not use tracking cookies or third-party analytics.

3. Purpose and Legal Basis

We process your data for the following purposes: • Providing the service (Art. 6(1)(b) GDPR): Processing assessments, analyses, and monitoring requests you submit. • Communication (Art. 6(1)(b) GDPR): Responding to contact form inquiries and sending assessment results. • Security (Art. 6(1)(f) GDPR — legitimate interest): Rate limiting, honeypot spam protection, input validation, and prompt injection prevention to protect the platform and its users. • Newsletter (Art. 6(1)(a) GDPR — consent): Sending informational updates, only with your explicit consent. • Legal compliance (Art. 6(1)(c) GDPR): Retaining data as required by law.

4. AI Processing

Texts submitted for Semantic Influence Analysis and Context Rot™ Analysis are processed by large language models (LLMs) to generate risk assessments. These texts are: • Sent to the AI processing provider solely for the purpose of generating the analysis. • Not used for model training or improvement. • Not stored permanently by the AI provider beyond the processing session. • Subject to input length limits and prompt injection protections to prevent misuse. The AI analysis results are informational and do not constitute legal, psychological, or compliance advice.

5. Data Retention

Contact submissions: Retained for 2 years, then deleted. • Assessments: Retained for 2 years or until monitoring profile deletion. • Analysis logs (monitoring): Retained for 1 year or until profile deletion. • Newsletter subscriptions: Until unsubscription. • Technical logs: IP-based rate limit data is stored in memory only and cleared automatically.

6. Data Sharing

We do not sell, rent, or trade your personal data. Data may be shared with: • AI processing providers: For the sole purpose of generating analyses (data processing agreement in place). • Email delivery services: For sending assessment results and contact form notifications. • Payment processors (if applicable in future): Stripe, Inc., for payment processing under their own privacy policy. All processors are bound by data processing agreements compliant with GDPR.

7. Your Rights (GDPR)

Under GDPR, you have the right to: • Access your personal data (Art. 15) • Rectify inaccurate data (Art. 16) • Erase your data (Art. 17 — "right to be forgotten") • Restrict processing (Art. 18) • Data portability (Art. 20) • Object to processing based on legitimate interest (Art. 21) • Withdraw consent at any time (Art. 7(3)) To exercise these rights, contact: [email protected] You also have the right to lodge a complaint with the Polish data protection authority (UODO — Urząd Ochrony Danych Osobowych).

8. Security Measures

We implement appropriate technical and organizational measures to protect your data, including: • Rate limiting on all API endpoints • Input validation and sanitization • Prompt injection detection and prevention • Honeypot-based bot protection • HTTPS encryption in transit • Security headers (HSTS, Content-Type-Options, Referrer-Policy, Permissions-Policy) • Access code and API key authentication for monitoring profiles

9. Cookies

This website uses only essential technical cookies required for the application to function (e.g., locale preference). We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required for essential cookies under ePrivacy Directive.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.