Last updated: October 22, 2025
Windify Digital Services Patryk Wichrowski ("we", "us", "our") operates Allegro AI, a SaaS platform that provides AI-powered customer support automation for Allegro marketplace sellers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Data Controller:
We collect several types of information from and about users of our Service:
We use the collected information for the following purposes:
Important Information About AI Processing:
Our Service uses OpenAI's GPT-4 and GPT-5 models to generate customer support responses. When you use AI features, we transmit your data to OpenAI for processing.
The following data may be sent to OpenAI:
OpenAI processes this data according to their Business Terms and does not use data submitted via their API to train their models. Data is retained by OpenAI for a maximum of 30 days for abuse monitoring, then deleted. For more information, see OpenAI's Privacy Policy at https://openai.com/policies/privacy-policy
To provide our services, we share your data with trusted partners (data sub-processors under Art. 28 GDPR). Below is the complete list:
Purpose: AI response generation using GPT models
Data Shared: Message content, customer names and addresses, delivery addresses, order details, product information
Location: USA (United States)
Safeguards: Standard Contractual Clauses (SCC), TLS 1.3 encryption, data not used for model training, deletion after 30 days
⚠️ Data transfer outside EEA - requires your informed consent
Purpose: Payment processing for subscriptions
Data Shared: Email, company name, payment card data (tokenized)
Location: USA / Ireland (EU)
Safeguards: PCI DSS Level 1, SCC, end-to-end encryption
Purpose: Database hosting and authentication
Data Shared: All user account data, synchronized messages, usage metrics
Location: USA (AWS infrastructure)
Safeguards: SOC 2 Type II, AES-256 encryption, backups
Purpose: Application hosting and CDN infrastructure
Data Shared: HTTP request logs, user sessions, temporary files
Location: USA / Global CDN (including EU)
Safeguards: SOC 2, TLS 1.3 encryption, data isolation
Purpose: Marketplace platform integration
Data Shared: OAuth tokens, customer messages, orders, disputes
Location: 🇵🇱 Poland (EU)
Safeguards: GDPR, OAuth 2.0, API rate limiting
These services only transfer data when you choose to connect them:
Purpose: Google Drive integration - document and attachment storage
Data Shared: Files uploaded by you, OAuth tokens
Location: Ireland (EU) / USA
Safeguards: SCC, EU-US adequacy decision, encryption in transit and at rest
Purpose: Task management - creating reminders and follow-ups
Data Shared: Task titles, due dates, customer names (if included in tasks)
Location: USA
Safeguards: SCC, AES-256 encryption, two-factor authentication
Purpose: Shipment tracking - checking delivery status
Data Shared: Tracking numbers (queries only, no storage)
Location: 🇵🇱 Poland (EU)
Safeguards: GDPR, HTTPS encryption, temporary API queries
Purpose: Website analytics and usage metrics
Data Shared: Anonymized usage statistics, page views, user interactions (IP anonymized)
Location: USA
Safeguards: IP anonymization, SCC, opt-out via cookie banner
Purpose: Product analytics, user behavior tracking, and feature usage metrics
Data Shared: User interactions, feature usage, session recordings (opt-in only), event data
Location: USA (EU hosting available)
Safeguards: GDPR compliance, opt-out via cookie banner, data anonymization options
Purpose: Website analytics, conversion tracking, and advertising optimization
Data Shared: Page views, user interactions, device information, IP address (anonymized), browser information
Location: Ireland (EU) / USA
Safeguards: IP anonymization, SCC, opt-out via cookie banner, Facebook Data Processing Terms
Standard Contractual Clauses (SCC)
For all data transfers outside the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission in accordance with Art. 46 GDPR.
Detailed information about each sub-processor, including their obligations and security measures, can be found in our Data Processing Agreement (DPA).
As a user in the European Union, you have the following rights:
To exercise any of these rights, please contact us at windify.digital.services@gmail.com
We implement appropriate technical and organizational measures to protect your personal data:
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:
We use essential cookies for authentication and functional cookies for user preferences (language, theme). We also use analytics cookies (Google Analytics) to understand how visitors use our website. Analytics cookies are only loaded after you provide consent through our cookie banner. IP addresses are anonymized. For more information, see our Cookie Policy.
privacyPolicy.sections.cookies.googleAnalytics.content
privacyPolicy.sections.cookies.posthog.content
privacyPolicy.sections.cookies.facebookPixel.content
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (OpenAI, Google Analytics, Vercel). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
Our Service is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Contact Information: