Privacy Policy

On data we collect and how we use them

Last updated: May 18, 2026.

SYMAR is committed to protecting personal data and handling it transparently. This Privacy Policy explains what personal data we collect, how we use it, how we share it, how we protect it, and what rights you may have when you use our website, application, platform, research tools, and related services (collectively, the “Services”).

SYMAR is operated by OpinioAI International s.r.o., a company registered in Brno, Czech Republic with identification number IČO 19983328, doing business as SYMAR (“SYMAR,” “we,” “us,” or “our”). For the processing described in this Privacy Policy, SYMAR acts as a data controller unless a separate agreement states otherwise.

The Services are intended primarily for business and professional users. The United States is one of SYMAR’s market focuses, and we also design our privacy practices with the EU General Data Protection Regulation (GDPR) in mind.

1. Personal Data We Collect

We collect personal data that is necessary to provide, secure, support, and operate the Services.

Information You Provide Directly

Account and profile information. When you register for an account or use the Services, we may collect your name, business email address, organization name, role, login credentials, and account settings.

Billing and payment information. When you subscribe to a paid plan or purchase credits, our payment processor, Stripe, collects and processes payment details. SYMAR does not receive or store your full payment card details.

Communications. When you contact us for support, sales, legal, privacy, or product questions, we may collect your contact details and the contents of your messages.

Platform content. When you use the Services, you may provide prompts, research queries, persona definitions, uploaded data, segments, business profiles, reports, presentations, transcripts, fine-tuning data, or other materials (“Input”). The Services may generate responses, reports, chats, text, data points, personas, or other materials (“Output”).

Feedback. You may choose to provide product feedback, support comments, product-interview responses, feature requests, or similar feedback. We use this direct client feedback to maintain and improve the Services.

Information We Collect Automatically

Usage and device information. When you use the Services or visit our website, we may collect IP address, browser type, device type, operating system, pages visited, referring pages, timestamps, feature usage, logs, and similar diagnostic information.

Cookies and similar technologies. We use cookies and similar technologies to operate the website and Services, remember preferences, understand usage, and support analytics and marketing where permitted.

2. Sensitive Data

The Services are not designed to process sensitive personal data unless SYMAR has expressly agreed to that use in writing. You should not include unnecessary personal data or sensitive personal data in Input, including health information, political opinions, religious beliefs, biometric data, children’s data, protected financial data, or other regulated information.

SYMAR may not be able to detect whether sensitive personal data has been submitted. You are responsible for ensuring that your use of the Services is lawful and appropriate for the data you provide.

3. How We Use Personal Data

We use personal data for the following purposes:

SYMAR will not use your Input or Output to train third-party large language models. SYMAR will not use your Input or Output to improve the Services. We improve the Services through direct client feedback, support interactions, product interviews, and operational learnings that do not require using customer Input or Output as improvement data.

4. AI Providers and Platform Processing

To provide the Services, SYMAR may send Input and related context to third-party AI model providers through secure APIs. These providers process the data to return the requested Output. Our arrangements with AI providers are intended to restrict them from using customer data to train their models.

Because the Services are powered by AI systems, Output may be inaccurate, incomplete, biased, outdated, or unsuitable for a specific purpose. You are responsible for reviewing and validating Output before relying on it.

5. How We Share Personal Data

We do not sell personal data. We share personal data only where necessary for the purposes described in this Privacy Policy.

Service providers and subprocessors. We use trusted providers for hosting, infrastructure, authentication, database management, AI model processing, payments, communications, analytics, support, and security.

Professional advisers. We may share information with lawyers, accountants, auditors, insurers, and other advisers where necessary.

Legal and safety reasons. We may disclose information where required by law, legal process, or public authorities, or where we believe disclosure is necessary to protect rights, safety, security, or the integrity of the Services.

Business transactions. If SYMAR is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be disclosed or transferred as part of that transaction, subject to appropriate safeguards.

6. Key Subprocessors

Our current source documents identify the following key subprocessors and providers:

• Google Cloud (Firebase): Infrastructure & Database. Cloud Data Processing Addendum  |  Google Cloud Documentation.

• Digital Ocean, LLC: Application Hosting. Legal – Data Processing Agreement.

• OpenAI, L.L.C.: AI Models.  Data processing addendum | OpenAI.

• Google LLC (Gemini): AI Models.  Gemini API Additional Terms of Service  |  Google AI for Developers.

• Anthropic, PBC: AI Models. Data Processing Addendum \ Anthropic.

• Brevo: Email Communications. Brevo Terms of Service. DPA in the annex.

• Stripe, Inc.: Payment Processing. Data Processing Agreement between Stripe and Stripe User.

• Smartsupp, Live Chat Support. Data Processing Terms.

This list may change as the Services evolve. Where required, we will maintain appropriate contractual protections with subprocessors.

7. Data Security

We use technical and organizational measures designed to protect personal data from unauthorized access, loss, misuse, alteration, or destruction. These measures include:

• encryption in transit using TLS 1.2 or higher;
• encryption at rest where supported by our infrastructure providers, including AES-256 protections identified in our source documentation;
• role-based access controls and least-privilege access;
• two-factor authentication for critical systems;
• separation between the public website and application infrastructure; and
• incident-response procedures for suspected security events.

No system can be guaranteed to be completely secure. You are responsible for protecting your account credentials and using the Services appropriately.

8. Data Retention and Deletion

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.

In general:

• account information is retained while your account is active;
• billing and transaction records are retained as required for tax, accounting, and legal purposes;
• support and communication records are retained as needed to manage our relationship with you;
• platform content is retained as needed to provide the Services and according to product settings, deletion requests, or applicable agreements; and
• logs and security records are retained for operational, security, and legal purposes.

When you delete data through the platform or request deletion, we will delete or de-identify the relevant data from active systems where required and technically feasible. Some information may remain in backups, logs, or records for a limited period where necessary for security, continuity, legal compliance, or dispute resolution.

9. International Data Transfers

SYMAR is based in the Czech Republic and primarily uses EU-based infrastructure for application hosting and database services where described in our source documentation. Some subprocessors may process personal data outside the European Economic Area, including in the United States.

Where personal data is transferred internationally, we use legally recognized safeguards where required, such as European Commission Standard Contractual Clauses or other appropriate transfer mechanisms.

10. Your GDPR Rights

Depending on your location and the nature of the processing, you may have rights under GDPR or other applicable privacy laws, including:

• the right to access personal data we hold about you;
• the right to correct inaccurate or incomplete personal data;
• the right to request deletion of personal data;
• the right to restrict processing;
• the right to object to processing based on legitimate interests;
• the right to data portability;
• the right to withdraw consent where processing is based on consent; and
• the right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us at support@symar.ai. We may need to verify your identity before responding. We will respond in accordance with applicable law.

11. United States Privacy Rights

The United States is one of SYMAR’s market focuses. Depending on your state of residence and how you interact with the Services, you may have additional privacy rights under applicable U.S. state privacy laws.

We do not sell personal data. If you have questions about U.S. privacy rights or wish to make a privacy request, contact us at support@symar.ai.

12. Cookies

Cookies are small text files placed on your device. We use cookies and similar technologies for the following purposes:

Strictly necessary cookies. These are required for the website or Services to function, including login, security, and session management.

Analytics cookies. These help us understand how visitors and users interact with the website and Services so we can improve usability and performance.

Advertising and marketing cookies. These may help us and our partners measure campaigns or show relevant information about SYMAR where permitted.

Affiliate or referral cookies. These may be used to attribute referrals or partner campaigns if such programs are active.

You can manage cookies through your browser settings and, where available, through our cookie preference tools. Disabling certain cookies may affect the functionality of the website or Services.

13. Children’s Privacy

The Services are intended primarily for business and professional users and are not directed to children or individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at support@symar.ai.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we may provide additional notice, such as email or in-app notice.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise privacy rights, contact us at:

OpinioAI International s.r.o., doing business as SYMAR Nové sady 988/2 602 00 Brno, Czech Republic Email: support@symar.ai

16. Supervisory Authority

If you have unresolved concerns, you have the right to lodge a complaint with your local data protection authority. SYMAR’s lead supervisory authority is the Czech Republic’s Office for Personal Data Protection (posta@uoou.cz).