Privacy Policy

Effective Date: June 1, 2025

Last Updated: September 17, 2025

1. Introduction

Welcome to Chatislav, an AI Agent platform operated by Meraxes Solutions & Services d.o.o. We are committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our Chatislav platform and services.

2. Data Controller and Contact Information

Primary Data Controller:

Meraxes Solutions & Services d.o.o.

Milutina Milankovića 9ž

11070 Novi Beograd, Serbia

PIB: 111139183

Registration Number: 21431524

Email: [email protected]

Payment Collection Entity:

ISKON AI OÜ

Narva mnt 5

Kesklinna district, Tallinn city, Harju county

10117 Estonia

Email: [email protected]

Payment Processor:

Stripe, Inc.

510 Townsend Street

San Francisco, CA 94103, USA

Privacy Policy: https://stripe.com/privacy

For any privacy-related inquiries, please contact us at: [email protected]

4. Personal Data We Collect

4.1 Data Collected Directly from You:

• Account Information: email address, password (encrypted)
• Profile Data: Optional information you choose to provide (First Name, Last Name)
• Communication Data: Messages, support requests, feedback
• AI Agent Data: Information about AI agents you create and their configurations

4.2 Data Collected Automatically:

• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, features used, session duration, interaction patterns
• Cookies and Tracking Data: As detailed in our Cookie Policy

4.3 Payment Data:

• Collected by ISKON AI OÜ: Billing information, invoice details, payment history
• Processed by Stripe: Payment method details, transaction data, fraud prevention data
• Note: We do not store complete payment card details; these are processed securely by Stripe in compliance with PCI DSS standards

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 Service Provision:

• Creating and managing your account
• Providing access to the Chatislav platform
• Operating AI agents and processing your requests
• Customer support and technical assistance

5.2 Payment Processing:

• Processing payments through our payment collection entity (ISKON AI OÜ) and payment processor (Stripe)
• Managing subscriptions and billing
• Preventing fraud and ensuring transaction security

5.3 Service Improvement:

• Analyzing usage patterns to improve functionality
• Developing new features and services
• Performance optimization and bug fixes

5.4 Communication:

• Sending service-related notifications
• Platform updates and security alerts
• Marketing communications (with your consent)

5.5 Security and Compliance:

• Fraud prevention and security monitoring
• Compliance with legal obligations
• Protecting our rights and interests

6. Sharing information with third parties

6.1 We share your data with the following categories of recipients:

Payment Processing Chain:

• ISKON AI OÜ: Acts as our payment collection entity, processes billing information and manages customer payment relationships
• Stripe, Inc.: Acts as our payment processor, handles payment transactions, fraud prevention, and payment security in compliance with PCI DSS

You can find a list of our third party sub processors here.

Third-party providers only utilize and access your personal data for cloud storage and data retrieval purposes. From time to time, we may use external partners to deliver communications to you regarding our products, services, and events.

6.2 Data Processing Agreements:

We have entered into Data Processing Agreements (DPAs) with:

• ISKON AI OÜ governing the processing of billing and customer data
• Stripe, Inc. governing payment processing (Stripe's DPA available at: https://stripe.com/dpa)
• All other processors handling personal data on our behalf

6.3 We do NOT:

• Sell your personal data to third parties
• Share data for marketing purposes without your explicit consent
• Use your data to train AI models

7. International Data Transfers

Your data may be transferred to and processed in:

7.1 Transfers to ISKON AI OÜ (Estonia):

Estonia is within the EEA, so transfers are considered domestic within the EEA framework.

7.2 Transfers to Stripe (USA):

Stripe, Inc. is located in the United States. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
• Stripe's Privacy Shield Certification (where applicable)
• Stripe's comprehensive data protection measures as outlined in their Privacy Policy and DPA

7.3 Other International Transfers:

For other service providers outside the EEA, we ensure adequate protection through:

• Adequacy Decisions: Countries recognized by the European Commission
• Standard Contractual Clauses: EU-approved contractual safeguards
• Binding Corporate Rules: Where applicable

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

8.1 Meraxes (Data Controller):

• Account Data: Until account deletion or 90 days after deactivation
• Usage Data: Up to 2 years for analytics purposes
• Communication Records: Up to 3 years for customer service purposes

8.2 ISKON AI OÜ (Payment Collector):

• Billing Information: 7 years for tax and accounting purposes
• Invoice Data: As required by Estonian and EU tax regulations

8.3 Stripe (Payment Processor):

• Payment Data: As outlined in Stripe's Privacy Policy
• Fraud Prevention Data: As necessary for security and compliance purposes

8.4 Legal Compliance:

Some data may be retained longer as required by applicable laws, typically:

• Financial records: 7 years
• Tax-related information: As required by local tax authorities

You can request deletion of your data at any time by contacting [email protected]. However, some data may need to be retained for legal, tax, or security reasons.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request information about personal data we process about you

9.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data across all our processors

9.3 Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements

9.4 Right to Restrict Processing (Article 18)

Request limitation of data processing in certain circumstances

9.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing

9.7 Right to Withdraw Consent (Article 7)

Withdraw consent at any time (where processing is based on consent)

9.8 Right to Lodge a Complaint (Article 77)

File a complaint with your local data protection authority

To exercise these rights, contact us at: [email protected]

We will coordinate with ISKON AI OÜ and Stripe as necessary to fulfill your requests. We will respond within 30 days (may be extended by 2 months for complex requests).

10. Data Security Measures

We implement robust technical and organizational measures to protect your data:

10.1 Meraxes Security Measures:

• Encryption: Data encrypted at rest and in transit using industry-standard algorithms
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, secure protocols
• Regular Security Assessments: Vulnerability testing and security audits

10.2 ISKON AI OÜ Security Measures:

• Compliance with EU data protection standards
• Secure data processing and storage within the EEA
• Regular security assessments and updates

10.3 Stripe Security Measures:

• PCI DSS Level 1 Compliance: Highest level of payment card security
• SOC 2 Type II Certified: Rigorous security and availability standards
• Advanced Fraud Detection: Machine learning-based fraud prevention
• Encryption and Tokenization: Payment data is encrypted and tokenized

10.4 Organizational Measures:

• Staff Training: Regular data protection and security training
• Data Processing Agreements: With all service providers and processors
• Incident Response: Procedures for handling data breaches
• Privacy by Design: Privacy considerations integrated into system development

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Ensure essential platform functionality
• Remember your preferences and settings
• Analyze usage and improve our services
• Provide personalized content (with your consent)

Cookie Types:

• Strictly Necessary: Essential for platform operation
• Functional: Enhance user experience and remember preferences
• Analytics: Help us understand usage patterns (anonymized)
• Marketing: Deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality.

For detailed information about cookies we use, please refer to our separate Cookie Policy.

12. Children's Privacy

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected], and we will delete such data promptly in coordination with our processors.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

13.1 Our Obligations:

• We will notify the relevant supervisory authority within 72 hours
• We will inform affected individuals without undue delay if the risk is high
• We will coordinate with ISKON AI OÜ and Stripe for any breaches involving their systems
• We will document all breaches and remedial actions taken

13.2 Processor Obligations:

• ISKON AI OÜ and Stripe are contractually obligated to notify us immediately of any data breaches
• All processors must assist in breach investigation and remediation
• Incident response procedures are defined in our Data Processing Agreements

15. Payment Security and PCI Compliance

15.1 Payment Card Security:

• Stripe maintains PCI DSS Level 1 compliance (highest security standard)
• We do not store, process, or transmit payment card data directly
• All payment information is handled securely by Stripe's certified infrastructure

15.2 Additional Payment Security:

• Strong Customer Authentication (SCA) compliance for EU transactions
• 3D Secure implementation for enhanced security
• Real-time fraud monitoring and prevention
• Secure tokenization of sensitive payment data

16. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

• Post the updated policy on our website with the effective date
• Seek your consent for significant changes that affect your rights
• Coordinate updates with ISKON AI OÜ and ensure consistency with processor agreements

17. Contact Information

Primary Contact (Data Protection):

Meraxes Solutions & Services d.o.o.

Email: [email protected]

Address: Milutina Milankovića 9ž, 11070 Novi Beograd, Serbia

General Business Inquiries:

Email: [email protected]

Payment Collection Inquiries:

ISKON AI OÜ Email: [email protected]

Payment Processing Inquiries:

Stripe Support: https://support.stripe.com

Stripe Privacy: [email protected]

Supervisory Authorities:

• For EU/EEA residents: Contact your local data protection authority (list available at: https://edpb.europa.eu/about-edpb/board/members_en)

• For Serbian residents: Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia

This policy is designed to comply with GDPR, Serbian data protection laws, and applicable international regulations. By using our platform, you acknowledge that you have read, understood, and agree to this Privacy Policy and understand how your data flows through our payment processing chain:Meraxes → ISKON AI OÜ → Stripe.