Features

Pilot Program

Pricing

Templates

Blogs

Try Free

Log In

Privacy Policy

Privacy Policy

Effective Date: [January 2025]


This Privacy Policy describes how DigitalFirst.AI Sp. z o.o. ("Digital First AI," "We," "Us," "Our"), located at Al. Piłsudskiego 17/4, 35-074 Rzeszów, Poland, collects, uses, processes, and shares Your personal data when You use Our website (https://digitalfirst.ai) and Our SaaS marketing strategy platform (collectively, the "Service").

We are committed to protecting Your privacy and handling Your personal data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR/RODO) and other applicable data protection laws.

1. Data Controller

DigitalFirst.AI Sp. z o.o. is the data controller responsible for Your personal data. Address: Al. Piłsudskiego 17/4, 35-074 Rzeszów, Poland Email: hello@digitalfirst.ai 


2. What Personal Data We Collect and Why


We collect various types of personal data for different purposes to provide and improve Our Service to You.

  • a) Account and Profile Data:

    • Data Collected: Name, email address, password (hashed), company name (optional), role (optional), avatar (optional).

    • Purpose: To create and manage Your user account, provide You with access to the Service, identify You as a user, communicate with You about Your account and service updates.

    • Legal Basis (GDPR):

      • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract (our Terms and Conditions) with You.

      • Art. 6(1)(f) GDPR: Legitimate interest in managing user accounts and providing a personalized experience (e.g., avatar).

  • b) Billing and Transaction Data:

    • Data Collected: Billing address, payment card details (processed by a third-party payment processor, We typically only receive a token or partial card number), transaction history.

    • Purpose: To process payments for Your Subscription, manage Your Subscription, prevent fraud, and comply with financial regulations.

    • Legal Basis (GDPR):

      • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract.

      • Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation (e.g., tax laws).

  • c) User Content (including Data Room files, AI Prompts, and AI Workflows):

    • Data Collected: Any data You upload, input, or create within the Service, such as marketing plans, briefs, documents, images, videos, prompts for AI generation, AI Workflows, and files in Your Data Room.

    • Purpose: To enable You to use the functionalities of the Service, such as storing Your data, generating AI-driven strategies and content, creating and using AI Workflows, and collaborating.

    • Legal Basis (GDPR):

      • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract (to provide You with the core features of the Service).

    • Important Note: Your private User Content is not used to train Our core AI models or any third-party AI models. It is processed solely to provide the Service to You. Data in Your Data Room is isolated. AI Workflows created by You remain private unless You explicitly choose to share them publicly.

  • d) AI-Generated Material:

    • Data Collected: Content generated by the AI based on Your inputs.

    • Purpose: To provide You with the output of the Service's AI functionalities.

    • Legal Basis (GDPR):

      • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract.

  • e) Usage Data and Analytics:

    • Data Collected: IP address, browser type, operating system, device information, pages visited, features used, time spent on the Service, error logs, clickstream data.

    • Purpose: To monitor and analyze the use of Our Service, improve its functionality and user experience, ensure security, identify trends, and for troubleshooting.

    • Legal Basis (GDPR):

      • Art. 6(1)(f) GDPR: Legitimate interest in improving and securing Our Service. For non-essential cookies or similar tracking technologies, We rely on Art. 6(1)(a) GDPR (Consent).

  • f) Communication Data:

    • Data Collected: Content of Your communications with Us (e.g., support requests, feedback, emails).

    • Purpose: To respond to Your inquiries, provide customer support, and improve Our Service.

    • Legal Basis (GDPR):

      • Art. 6(1)(b) GDPR: If related to performance of contract (e.g. support for a paid feature).

      • Art. 6(1)(f) GDPR: Legitimate interest in providing quality customer service and improving Our offerings.

  • g) Publicly Shared AI Workflow Data:

    • Data Collected: First name, last name, avatar (if You consent to share Your AI Workflows publicly and have these details displayed).

    • Purpose: To attribute public contributions of AI Workflows, to allow users to identify authors of helpful workflows, and to foster a knowledge-sharing community.

    • Legal Basis (GDPR):

      • Art. 6(1)(a) GDPR: Your explicit consent.

3. How We Use Your Personal Data


We use Your personal data to:

  • Provide, operate, maintain, and improve Our Service.

  • Process Your transactions and manage Your Subscription.

  • Personalize Your experience on Our Service.

  • Communicate with You, including responding to Your requests and sending You service-related information.

  • Monitor and analyze usage and trends to improve Our Service and develop new features.

  • Ensure the security of Our Service, prevent fraud, and enforce Our Terms.

  • Comply with legal obligations.

  • With Your consent, for specific purposes such as displaying Your details for publicly shared AI Workflows.


4. Legal Basis for Processing (Summary)

We primarily rely on the following legal bases under GDPR:

  • Performance of a Contract (Art. 6(1)(b) GDPR): When processing is necessary to provide You with the Service as per Our Terms.

  • Legitimate Interests (Art. 6(1)(f) GDPR): When We have a legitimate interest (e.g., service improvement, security, analytics) that is not overridden by Your data protection interests or fundamental rights and freedoms.

  • Legal Obligation (Art. 6(1)(c) GDPR): When processing is necessary to comply with the law (e.g., financial record-keeping).

  • Consent (Art. 6(1)(a) GDPR): For specific situations, such as non-essential cookies or displaying Your details for publicly shared AI Workflows. You can withdraw Your consent at any time.

5. Data Retention

We retain Your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Account Data: Retained for the duration Your account is active and for a reasonable period thereafter as necessary for Our legitimate business purposes (e.g., to resolve disputes, enforce agreements) or as required by law.

  • User Content: Retained while Your account is active. You can delete Your User Content. Upon account deletion, User Content will be deleted according to Our data deletion protocols, subject to legal retention obligations. Publicly shared AI Workflows may persist in an anonymized or system-attributed form if the license granted allows for this.

  • Billing Data: Retained for the period required by tax and accounting laws (typically 5-7 years).

  • Data for which consent was the basis will be deleted upon withdrawal of consent, unless another legal basis applies.

6. Data Sharing and Third Parties

We do not sell Your personal data. We may share Your personal data with third parties only in the following circumstances:

  • Service Providers (Data Processors): We engage third-party companies and individuals to perform services on Our behalf (e.g., payment processing, data hosting (like AWS), analytics providers, AI model providers via API, customer support tools, email delivery services). These service providers have access to Your personal data only to perform these tasks on Our behalf and are obligated by Data Processing Agreements (DPAs) not to disclose or use it for any other purpose.

  • AI Model Providers: When You use AI features, Your prompts and necessary context (which may be User Content) are sent to third-party AI model providers (e.g., OpenAI, Anthropic) via API to generate the AI-Generated Material. These providers process Your data to provide the AI response. We select providers who commit to not using Your data to train their general models.

  • Legal Requirements: We may disclose Your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

  • Business Transfers: If We are involved in a merger, acquisition, or asset sale, Your personal data may be transferred. We will provide notice before Your personal data is transferred and becomes subject to a different privacy policy.

  • Protection of Rights: We may disclose Your personal data if We believe it's necessary to protect Our rights, property, or safety, or that of Our users or the public.

  • With Your Consent: We may share Your personal data for other purposes with Your explicit consent (e.g., when You choose to publicly share an AI Workflow with Your attribution).

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction. If You are located in the European Economic Area (EEA), Your data may be transferred outside the EEA. When We transfer Your personal data outside the EEA, We ensure an adequate level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transfers to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

  • Use of specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses - SCCs).

  • For transfers to the US, reliance on the EU-U.S. Data Privacy Framework where applicable for certified recipients.

8. Your Rights Under GDPR

If You are a resident of the European Economic Area (EEA), You have certain data protection rights. We aim to take reasonable steps to allow You to correct, amend, delete, or limit the use of Your personal data.

  • Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning You is being processed, and, where that is the case, access to the personal data and other information.

  • Right to Rectification (Art. 16 GDPR): You have the right to have inaccurate personal data about You rectified, or completed if it is incomplete.

  • Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You have the right to request the deletion of Your personal data under certain conditions.

  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing of Your personal data under certain conditions.

  • Right to Data Portability (Art. 20 GDPR): You have the right to receive Your personal data, which You have provided to Us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller where technically feasible.

  • Right to Object (Art. 21 GDPR): You have the right to object to processing of Your personal data that is based on Our legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent (Art. 7(3) GDPR): If processing is based on Your consent, You have the right to withdraw Your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of Your habitual residence, place of work, or place of the alleged infringement if You consider that the processing of personal data relating to You infringes the GDPR. In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych - UODO).

To exercise any of these rights, please contact Us at hello@digitalfirst.ai. We may need to verify Your identity before responding to such requests.

9. Data Security

We take the security of Your data very seriously. We use appropriate technical and organizational measures to protect Your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures are detailed in Section 8 ("Data Privacy and Security") of Our Terms and Conditions and include:

  • Authentication and Authorization: OAuth 2.0, MFA, RBAC, auditing.

  • Data Encryption: SSL/TLS for data in transit.

  • Architectural Security: Zero-Trust principles.

  • Infrastructure Security: Secure data centers (e.g., AWS), automated patching (e.g., AWS Fargate).

  • GenAI Data Protection: API-based model access, no training of third-party models with customer data.

  • Data Room Isolation: Segregation of files and indexes.

  • Data Lifecycle Management: Secure data removal capabilities.

  • Internal Audits and Secure Development (SDLC).

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while We strive to use commercially acceptable means to protect Your personal data, We cannot guarantee its absolute security.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on Our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. For detailed information on the cookies We use, their purposes, and how You can manage them, please see Our Cookie Policy. You can instruct Your browser to refuse all cookies or to indicate when a cookie is being sent. However, if You do not accept cookies, You may not be able to use some portions of Our Service.

11. Children's Privacy

Our Service is not intended for use by children under the age of 16 (or a higher age if stipulated by local law for consent to process personal data). We do not knowingly collect personally identifiable information from children under this age. If You are a parent or guardian and You are aware that Your child has provided Us with personal data, please contact Us. If We become aware that We have collected personal data from children without verification of parental consent, We take steps to remove that information from Our servers.

12. Changes to This Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We will provide a more prominent notice (such as an email notification) for material changes. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If You have any questions about this Privacy Policy or Our data protection practices, please contact Us: DigitalFirst.AI Sp. z o.o.Al. Piłsudskiego 17/4, 35-074 Rzeszów, Poland Email: hello@digitalfirst.ai