Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website and the embedded website chatbot (the “Chatbot”). It also describes your privacy rights and how the law protects you.

Short version: we process the information you provide to operate our services (including the Chatbot), respond to your requests, maintain security, comply with the law, and improve our products. Please do not share sensitive information in the Chatbot unless we specifically request it and you consent.

1. Data Controller

The data controller is TR Automatyka sp. z. o. o., registered office: 02-156 Warsaw, Poland, Lechicka 14, NIP: 522-27-58-993. Contact: hello@luzarn.com.

2. Scope and Applicability

This Policy applies to: (a) our public website pages; (b) the Chatbot embedded on those pages; and (c) related support channels. If additional terms apply to specific features or integrations, we will present them where relevant.

3. Key Definitions

• Personal data means any information relating to an identified or identifiable natural person.
• Chatbot means the conversational interface embedded on our website that can answer questions, assist with tasks, and route you to human support.
• Special categories of data include data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, and similar categories under applicable law.

4. Categories of Data We Collect

• Account and contact data: name, email address, phone number, organization, property address, meter identifiers or numbers (where relevant to services).
• Chatbot conversation data: messages you type or dictate, prompts, system messages, conversation context, timestamps, and metadata (e.g., language, session ID).
• Attachments and uploads: files, images, screenshots, or documents you share with the Chatbot (e.g., photos of meters). We may scan uploads for malware or abuse.
• Audio/voice (if enabled): audio snippets, transcripts, and derived text when you use microphone features.
• Technical and usage data: IP address, device and browser type, operating system, pages viewed, referring URLs, clickstream, error logs, performance metrics, cookie IDs or similar identifiers.
• Support and communications: content of emails or tickets, call notes, and associated metadata.
• Billing (if applicable): payment method, invoices, transaction records processed via our payment partners.
• Safety and moderation signals: automated or manual flags about potentially harmful or abusive content.

Important: please do not submit special categories of data or confidential information (e.g., national ID numbers, precise health data) via the Chatbot unless we explicitly request it for a lawful purpose and you consent.

5. Sources of Personal Data

• Directly from you (website forms, Chatbot messages, emails, calls).
• Automatically from your device and browser through cookies and similar technologies.
• From service providers and business partners (e.g., hosting, analytics, customer support tools).
• From publicly available sources, where permitted by law.

6. Purposes and Legal Bases

We process personal data for the following purposes and under these legal bases (GDPR):

• To provide our services and the Chatbot (Art. 6(1)(b) – contract; Art. 6(1)(f) – legitimate interests): delivering answers, routing requests, processing uploads, and maintaining functionality.
• Customer support and communications (Art. 6(1)(b) and/or 6(1)(f)): responding to inquiries, troubleshooting issues, and improving quality of support.
• Safety, security, and abuse prevention (Art. 6(1)(c) – legal obligation; Art. 6(1)(f) – legitimate interests): fraud detection, spam, malware scanning, incident response, and enforcing terms.
• Analytics and product improvement (Art. 6(1)(f)): understanding usage patterns to improve performance, accuracy, and usability of the Chatbot and website.
• Optional personalization and marketing (Art. 6(1)(a) – consent; Art. 6(1)(f) – legitimate interests): only where permitted and subject to your choices and local requirements.
• Legal compliance (Art. 6(1)(c)): fulfilling regulatory and tax obligations, responding to lawful requests.

7. Chatbot-Specific Processing

• Automated processing: the Chatbot processes your inputs to generate responses. We may also use automated moderation to filter unsafe content.
• Human-in-the-loop: for quality assurance, support, or safety review, authorized staff may review a sample of de-identified or pseudonymized conversations. We limit access and log reviews.
• Model providers and processors: we may use third-party AI infrastructure or model providers acting as our processors. They process your data on our instructions and under data protection agreements. [We can provide a current list upon request.]
• Training and evaluation: by default, we [do not] use your identifiable Chatbot transcripts to train foundation models. We may use aggregated or de-identified data to improve prompts, tooling, and safety systems. Where we wish to use data beyond this, we will ask for your consent and offer an opt-out: [link to settings/opt-out].
• Uploads and voice: uploads may be scanned for malware; voice inputs may be transcribed to text. You can disable microphone access at any time in your browser.
• Sensitive data: please refrain from sharing sensitive personal data unless specifically requested for a lawful purpose and you consent.

8. Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to:

• Strictly necessary: enable core features (e.g., session management, security).
• Functional: remember preferences (e.g., Chatbot visibility, language).
• Analytics: measure usage and performance to improve the Chatbot and website.
• Advertising (if applicable): personalize content or measure campaign effectiveness.

Where required, we request your consent via a banner. You can change your cookie preferences at any time: [manage cookies].

9. Sharing and Disclosures

• Service providers: hosting, cloud infrastructure, AI/model providers, analytics, email and communications, security, and customer support tools—bound by contracts and confidentiality.
• Legal and compliance: to competent authorities or third parties where required by law or to protect rights, safety, and property.
• Business transfers: during mergers, acquisitions, financing, or sale of assets, your data may be transferred to a successor entity subject to this Policy.
• Aggregated or de-identified data: we may share insights that do not identify individuals.

10. International Transfers

If we transfer personal data outside your jurisdiction (e.g., from the EU/EEA to countries without an adequacy decision), we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses, and conduct transfer impact assessments as needed. You can request a copy of relevant safeguards by contacting us.

11. Data Retention

• Account and billing: kept for the duration of your relationship with us and then for up to [6 years] for tax, accounting, or legal purposes.
• Chatbot transcripts: retained for up to [24 months] to provide history, support investigations, and improve service. You can request deletion earlier, subject to legal holds and backups.
• Technical logs: stored for [12 months] unless a longer period is required for security or investigations.
• Cookies: according to their respective lifetimes described in our cookie settings.

We may retain limited information in secure backups for a short period after deletion. Backups are rotated and then permanently deleted.

12. Security

We apply appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, least-privilege practices, monitoring and logging, segregation of environments, and vendor due diligence. However, no method of transmission or storage is 100% secure.

13. Your Rights

Subject to applicable law (e.g., GDPR), you may have the right to:

• Access your personal data and obtain a copy.
• Request rectification of inaccurate or incomplete data.
• Request erasure (“right to be forgotten”).
• Request restriction of processing.
• Object to processing based on legitimate interests, and object to direct marketing.
• Receive your data in a portable format and transmit it to another controller.
• Withdraw consent at any time where processing relies on consent.
• Lodge a complaint with a supervisory authority. In Poland: the President of the Personal Data Protection Office (UODO).

To exercise your rights, contact us at hello@luzarn.com. We may need to verify your identity before responding.

14. Children’s Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child provided us data, please contact us to delete it.

15. Automated Decision-Making

The Chatbot uses automated processing to generate responses and route queries. We do not make decisions producing legal or similarly significant effects solely based on automated processing without meaningful human involvement, unless required or permitted by law and with appropriate safeguards.

16. Third-Party Links

Our website and Chatbot may link to third-party sites or services. Their privacy practices are governed by their own policies, which we encourage you to review.

17. Changes to This Policy

We may update this Policy from time to time. Material changes will be highlighted on this page or communicated by email where appropriate. The “Effective Date” below indicates the latest revision.

18. Contact

Questions about this Policy or our data practices?

• Email: hello@luzarn.com
• Address: 02-156 Warsaw, Poland, Lechicka 14

Effective Date: 05.10.2025 • Version: 2.1