Privacy Policy

Rowvia.ai Privacy Policy

This policy explains what data Rowvia.ai processes, why it is processed, and how to contact us about privacy questions.

1. Provider, legal identity, and controller

Rowvia.ai is a product and trading brand operated by RNDr. Jiří Hroza, a sole proprietor registered in the Czech Republic, European Union. Company ID / IČO: 04055659. VAT ID / DIČ: CZ7907273748. Registered address: Sladkovského 1341/7, Blansko, 67801, Jihomoravský kraj, Czech Republic. Contact: rowvia@rowvia.ai.

For the purposes of applicable data protection laws, RNDr. Jiří Hroza is the data controller for personal data processed through Rowvia.ai, unless stated otherwise.

2. Categories of personal data

Rowvia.ai may process account email and name, authentication provider identifiers, billing and payment metadata, uploaded spreadsheets and files, prompts and tasks entered by users, generated outputs, workspace data, usage logs, technical logs, IP address, user agent, cookies, and session identifiers.

3. Purposes of processing

Data is processed to provide the service, authenticate users, operate workspaces, process uploads and AI jobs, manage billing and accounting, prevent abuse, secure the service, debug issues, provide support, and comply with legal obligations.

4. Legal bases for processing

Legal bases for processing may include performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, and consent where required, such as for optional cookies or optional communications.

5. AI processing

To provide AI processing features, Rowvia.ai may send relevant user-provided content, prompts, files, extracted text, metadata, and generated outputs to selected AI model providers. These providers may process such data as processors, subprocessors, or independent providers according to their applicable terms and data processing agreements.

6. Uploaded files and retention

Uploaded files may be stored, cached, scanned, extracted, and processed to run user-requested jobs. Outputs and job data may be stored in the user workspace. File and job retention may depend on workspace settings, operational needs, legal obligations, and cleanup policies. Temporary operational records may be cleaned periodically, while workspace data is generally retained while the account or workspace remains active unless deletion is requested or required by law.

7. Cookies and sessions

Rowvia.ai uses authentication and session cookies or similar identifiers to keep users signed in and secure the service. Analytics cookies are used only if enabled in the deployed service configuration.

8. Processors

Rowvia.ai may use hosting providers, database and storage providers, AI model providers, Lemon Squeezy for card payments as Merchant of Record, iDoklad for Czech accounting documents, and email delivery providers. These providers process data as needed to provide their services to Rowvia.ai.

Lemon Squeezy may process payment, tax, invoice, fraud-prevention, subscription, refund, dispute, and buyer-support data as Merchant of Record under its own applicable buyer terms and privacy notices. iDoklad processes data needed for Czech accounting documents for bank/QR payment orders.

9. Technical data and infrastructure location

The current cloud deployment uses Render API/backend, upload/processing worker execution, and Render Postgres in Frankfurt, Germany. Uploaded files are stored in Cloudflare R2 with EU jurisdiction for staging and the target production setup; during the production migration they may temporarily remain on Render persistent storage in Frankfurt. The public and app frontend are served through Vercel's global CDN; any Vercel serverless functions are configured for the fra1 region if used.

This overview describes the primary technical hosting and storage location for Rowvia.ai. It is not an absolute guarantee that every support log, security event, support interaction, AI model provider, payment provider, email provider, or other processor will process data only in one country. International transfers are described below.

10. International transfers

Some providers may process data outside the Czech Republic or the European Economic Area. Where required, Rowvia.ai relies on appropriate safeguards under applicable data protection law.

11. GDPR rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or objection to processing of personal data. We will respond to privacy requests without undue delay and generally within one month, unless applicable law allows or requires a different period.

You may also lodge a complaint with a supervisory authority, including the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů), where applicable.