Privacy Policy

The data controller for your personal data is Fusioni (hereinafter “the Company”). For data protection matters, you can contact us through the contact form on our website or at the email listed on our contact page.

If the Company appoints a Data Protection Officer (DPO) pursuant to Article 37 GDPR, the contact details will be published on our website and notified to the competent data protection authority.

Registration and account data: Full name, email, organization details, role, password (encrypted). Collected when you create an account or contact us.

Usage data: Information about your interaction with the Services, such as pages visited, features used, access dates/times, device and browser type, IP address (anonymised or pseudonymised where feasible).

Customer Data: Content, prompts, files, and data you submit to the Services during platform use. Fusioni processes this data solely to provide the Services in accordance with your instructions.

Communication data: Information you provide through contact forms, email, or live chat (name, email, message content).

Payment data: Billing details, transaction history. Fusioni does not store credit/debit card numbers — payment processing is handled by certified payment providers (PCI DSS compliant).

Performance of contract (Article 6(1)(b) GDPR): Providing, operating, and improving the Services, account management, technical support, and fulfilling contractual obligations.

Consent (Article 6(1)(a) GDPR): Sending newsletters, analytics and marketing cookies, optional data collection beyond what is necessary. You may withdraw your consent at any time.

Legitimate interest (Article 6(1)(f) GDPR): Service security, fraud prevention, performance improvement, internal analytics and statistics. We ensure our interests do not override your rights through a balancing test.

Legal obligation (Article 6(1)(c) GDPR): Compliance with tax legislation, telecommunications regulations, court orders, and other legal obligations.

We may share data with: (a) cloud infrastructure providers (hosting, storage), (b) payment providers, (c) analytics and support providers, (d) third-party AI models integrated into the Services. Each provider is bound by a Data Processing Agreement (DPA) under Article 28 GDPR.

In the event of data transfers outside the EEA, Fusioni ensures appropriate safeguards through: adequacy decisions of the European Commission (Article 45 GDPR), Standard Contractual Clauses (SCCs) (Article 46(2)(c) GDPR), or other appropriate measures. You may request a copy of the safeguards by contacting us.

We do not sell, rent, or trade your data to third parties for their own commercial purposes.

Your data is retained only for as long as necessary for the purposes for which it was collected, in accordance with the storage limitation principle (Article 5(1)(e) GDPR):

Account data: Retained for the duration of your account and for a reasonable period after deletion (up to 6 months) for technical purposes or legal obligations.

Customer Data: Retained for the duration of the contract. After termination, deleted within 30 days unless you request an export or a legal retention obligation applies.

Billing data: Retained for ten (10) years in accordance with applicable tax legislation.

Analytics data: Anonymised or pseudonymised, retained for up to thirteen (13) months.

Under the GDPR and applicable national data protection legislation, you have the following rights:

Access (Article 15): Obtain confirmation that your data is being processed and receive a copy.

Rectification (Article 16): Request the correction of inaccurate or completion of incomplete data.

Erasure (Article 17 — “right to be forgotten”): Request the deletion of your data when it is no longer necessary or you withdraw your consent.

Restriction (Article 18): Request the restriction of processing under certain conditions.

Portability (Article 20): Receive your data in a structured, commonly used, and machine-readable format.

Objection (Article 21): Object to processing based on legitimate interest or direct marketing.

Automated decision-making (Article 22): Not to be subject to a decision based solely on automated processing, including profiling.

Withdrawal of consent: You may withdraw your consent at any time, without affecting the lawfulness of prior processing.

You may exercise any of your rights by contacting us via email or contact form. We will respond within one (1) month of receiving the request, with a possible extension of two (2) months for complex cases, informing you within the first month.

The exercise of rights is free of charge. In the case of manifestly unfounded or excessive requests, Fusioni may charge a reasonable fee or refuse, in accordance with Article 12(5) GDPR.

If you believe your rights have been violated, you have the right to lodge a complaint with the competent data protection authority in your jurisdiction.

Fusioni implements appropriate technical and organisational measures in accordance with Article 32 GDPR, taking into account the nature, scope, context, and purposes of processing, as well as the risks involved. Indicative measures include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256). Role-based access control (RBAC) and multi-factor authentication (MFA). Regular security audits, monitoring, and automated backups.

In the event of a data breach, Fusioni will notify the competent data protection authority within 72 hours pursuant to Article 33 GDPR and, where the breach is likely to result in a high risk to your rights, will notify you without undue delay (Article 34 GDPR).

Our Services incorporate artificial intelligence systems. In accordance with Regulation (EU) 2024/1689 (EU AI Act) and Article 22 GDPR:

We do not make decisions based solely on automated processing that produce legal effects or significantly affect you without human intervention.

Data you submit to AI systems (prompts, queries) is not used to train third-party models without your explicit consent, unless otherwise specified in a separate agreement.

You are clearly informed that you are interacting with an AI system when using artificial intelligence features, in accordance with Article 50 of the EU AI Act.

The use of cookies and similar technologies is described in detail in our Cookie Policy. We encourage you to read it for full information about the types of cookies, legal basis, preference management, and your rights.

Strictly necessary cookies do not require consent under applicable e-privacy legislation. For all other categories of cookies, we request your explicit consent.

Our Services are not directed at individuals under sixteen (16) years of age, in accordance with Article 8 GDPR and applicable national implementing legislation. We do not knowingly collect data from minors.

If we become aware that we have collected data from a minor without parental consent, we will delete it without undue delay. If you believe a minor has provided data, please contact us.

Fusioni may update this Policy from time to time. We will post the revised version and update the “Last updated” date.

For material changes, we will provide at least thirty (30) days’ notice via email or in-product notification. Where the change is based on consent, fresh consent will be requested.