Beloyal Privacy Policy

Effective Date: May 20, 2025

Last Updated: May 20, 2025

1. Introduction

Welcome to Beloyal! This Privacy Policy explains how S.C. Beloyal Tech S.R.L. ("Beloyal," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use our website, platform, and services (collectively, the "Services"). Beloyal is an AI-powered marketing platform designed to help e-commerce businesses automate and optimize their content creation.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

Our Contact Details (Data Controller):

S.C. Beloyal Tech S.R.L.
Registration Number (Registrul Comerțului): J20/1000/2021 [Please verify]
Unique Identification Code (CUI/CIF): RO44742184
Address: Strada Ungureni nr 9A, Valenii de Munte, 106400, Prahova, Romania
Contact Email: [email protected]
Data Protection Officer (DPO): George Olah, [email protected]

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

2. Data We Collect and How We Collect It

We collect personal data in various ways, depending on your interaction with our Services:

2.1. Information You Provide Directly to Us:

  • Account Creation and Subscription: When you create a Beloyal account or subscribe to our Services, we collect information such as your first name, last name, email address, company name, and payment information (processed by our third-party payment processor, Stripe – we do not store your full card details).
  • Communication with Us: When you contact us for support, provide feedback, or otherwise communicate with us, we may collect the information you provide in such communications.
  • Guiding AI Content Generation: When you use our AI features, you may provide specific inputs to guide content generation, such as email objectives, tone of voice preferences, target audience descriptions, article themes, or social media hooks.

2.2. Information Collected from Your Connected E-commerce Store (Shopify/WooCommerce):

When you connect your e-commerce store (e.g., Shopify, WooCommerce) to Beloyal, we synchronize and store data from your store, which may include:

  • Product Information: Product names, existing descriptions, images, prices, SKUs, categories, and product-related metadata.
  • Order Information: Order IDs, products ordered, order value, date, status, and associated metadata. This may include personal data of your end customers (e.g., name, shipping address, email address) if such data is part of the order information synced from your store.
  • (Future Functionality for Email Marketing): For upcoming email marketing automation features (e.g., abandoned cart recovery, post-purchase follow-ups), we may also sync and process end customer email addresses and details about their shopping carts or purchase history, as instructed by you.

2.3. Information Generated or Processed Through Our AI Features:

  • AI-Generated Content: We store the content generated by our AI for you, such as product descriptions, SEO articles, social media posts, and email drafts.
  • AI Vision Analysis: Product images you provide may be sent to third-party AI Vision services (e.g., OpenAI, Google Gemini, Anthropic Claude) for analysis to extract visual features. We take measures to anonymize or de-identify data where feasible before sending it for such analysis, and we do not send personal data about individuals or your store identity for this specific purpose. The results of this analysis are stored.
  • Customer Avatar Data: Information used to define customer avatars is derived from product data and visual analysis, and potentially from your inputs.
  • Improvement of Beloyal's AI Models: We may use the data you provide to guide AI content generation and the AI-generated content itself to train, improve, and refine Beloyal's proprietary AI models and algorithms. This is done to enhance the quality, accuracy, and relevance of our Services. We do not use your specific data to train third-party AI models (like those from OpenAI, Gemini, or Claude) beyond the direct interaction needed to provide you with the service.

2.4. Information Collected Automatically (Usage Data and Cookies):

  • Usage Information: We collect information about how you use our Services, such as the features you use, the pages you visit, the actions you take, IP addresses, browser type, device information, operating system, and error logs.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect information about your interaction with our Services, to remember your preferences, and to enhance your user experience. For more details, please see Section 6 (Cookies and Similar Technologies). We use third-party analytics tools like Google Analytics, Mixpanel, and PostHog, which may also use cookies.

3. How We Use Your Personal Data (Purposes and Legal Bases)

We use your personal data for the following purposes, based on the specified legal grounds:

Purpose of Processing Types of Data Involved Legal Basis (GDPR)
To Provide and Manage Our Services:
- To create and manage your account.
- To enable AI content generation.
- To sync data from your e-commerce store.
- To facilitate social media posting.
- To process payments for subscriptions. 		Account data, E-commerce store data, AI-generated content, AI guidance inputs, Usage data Art. 6(1)(b) GDPR: Performance of a contract (our Terms of Service with you).
To Communicate with You:
- To provide customer support.
- To send you service-related announcements, updates, and administrative messages. 		Account data (name, email), Communication data Art. 6(1)(b) GDPR: Performance of a contract (to provide support and service updates).
Art. 6(1)(f) GDPR: Legitimate interest (to respond to your inquiries).
To Improve and Develop Our Services:
- To analyze usage patterns and user behavior.
- To train and refine Beloyal's proprietary AI models. 		Usage data, AI guidance inputs, AI-generated content (potentially aggregated/anonymized), Feedback Art. 6(1)(f) GDPR: Legitimate interest (to enhance user experience, develop new features, and improve our AI models).
For Marketing and Promotional Purposes (Beloyal's own marketing):
- To send you marketing communications about Beloyal's new features, offers, or events (you can opt-out at any time). 		Account data (name, email), Usage data (with consent for certain cookies) Art. 6(1)(a) GDPR: Consent (for non-essential cookies and direct marketing emails where required).
Art. 6(1)(f) GDPR: Legitimate interest (to promote our Services).
To Comply with Legal Obligations: Account data, Transaction data, Communication data Art. 6(1)(c) GDPR: Compliance with a legal obligation (e.g., tax, accounting, responding to legal requests).
To Ensure Security and Prevent Fraud: Usage data (IP addresses, logs), Account data Art. 6(1)(f) GDPR: Legitimate interest (to protect our Services, users, and rights).

4. Beloyal as a Data Processor

When you connect your e-commerce store to Beloyal, and we process personal data of your end customers (e.g., from order information or for email marketing functionalities), you are the Data Controller for this data, and Beloyal acts as your Data Processor.

Our processing of your end customers' personal data is governed by:

  • This Privacy Policy.
  • Our Terms of Service.
  • A Data Processing Addendum (DPA) that forms part of our Terms of Service.

As the Data Controller, you are responsible for ensuring that you have a lawful basis for collecting and instructing us to process your end customers' personal data, including obtaining any necessary consents for marketing communications if you use Beloyal's email content generation features for such purposes. Beloyal will only process this data based on your instructions as documented in the DPA and our Terms of Service.

5. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our Services. Cookies are small text files stored on your device.

Types of Cookies We Use:

  • Essential Cookies: Necessary for the Services to function (e.g., authentication, security).
  • Performance Cookies: Help us understand how you use our Services, so we can improve them (e.g., analytics).
  • Functionality Cookies: Remember your choices and preferences to provide a more personalized experience.
  • Marketing Cookies (with your consent): Used to deliver relevant advertisements about Beloyal's services.

Your Choices:

You can manage your cookie preferences through your browser settings and, where applicable, through a cookie consent banner on our website. Disabling certain cookies may affect the functionality of our Services.

Third-Party Analytics:

We use services like Google Analytics, Mixpanel, and PostHog, which use cookies to collect and analyze usage data. You can learn more about their privacy practices by visiting their respective websites.

6. Sharing and Disclosure of Personal Data

We do not sell your personal data. We may share your personal data with the following categories of third parties, under specific circumstances:

  • Service Providers (Data Processors): We engage third-party companies and individuals to perform services on our behalf, such as:
    • Cloud hosting and infrastructure (e.g., Laravel Vapor, AWS).
    • AI service providers (e.g., OpenAI, Google for Gemini, Anthropic for Claude) for specific AI functionalities (e.g., AI Vision, initial model support).
    • Payment processing (e.g., Stripe).
    • Email delivery services (for our own communications, e.g., Brevo, Mailerlite).
    • Analytics providers (e.g., Google Analytics, Mixpanel, PostHog).
    • Customer support tools (e.g., Tawk.to).
    These service providers are contractually bound to protect your data and only use it for the purposes we specify.
  • Connected Social Media Platforms: If you choose to connect your social media accounts (e.g., Facebook, Instagram, LinkedIn) to Beloyal for publishing content, we will share content and necessary identifiers (e.g., access tokens, page IDs) with these platforms as per your instructions. Your interactions with these platforms are governed by their respective privacy policies.
  • Legal Requirements: We may disclose your personal data if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) prevent or investigate possible wrongdoing in connection with the Services, or (iv) protect the personal safety of users of the Services or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any new privacy policy.

International Data Transfers:

Your personal data may be transferred to, and processed in, countries other than your country of residence, including the United States, where our service providers may be located. These countries may have data protection laws that are different from those in your country (and, in some cases, may not be as protective).

We take appropriate safeguards to ensure that your personal data remains protected when transferred internationally. For transfers of personal data from the European Economic Area (EEA), UK, or Switzerland to countries outside these regions, we rely on:

  • Adequacy Decisions issued by the European Commission (e.g., the EU-U.S. Data Privacy Framework for transfers to U.S. companies certified under the DPF).
  • Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented with additional safeguards where necessary.
  • Other lawful transfer mechanisms as permitted by applicable data protection laws.

7. Your Data Protection Rights (GDPR)

If you are a resident of the EEA, you have the following data protection rights:

  • Right to Access: You can request copies of your personal data.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, under certain conditions.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data, under certain conditions.
  • Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
  • Right to Object to Processing: You can object to our processing of your personal data, under certain conditions (e.g., where we are relying on legitimate interests or for direct marketing).
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you can withdraw your consent at any time.
  • Right to Not Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Beloyal does not currently engage in such automated decision-making that produces legal effects without human intervention).

To exercise any of these rights, please contact us at [email protected] or our DPO at [email protected]. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Data encryption (at rest and in transit where appropriate).
  • Access controls and authentication mechanisms.
  • Regular data backups.
  • Security policies and staff training on data protection.
  • Secure development practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Beloyal User Account Data (name, email, company data, billing history): Retained for the duration of your active account and for 5 years after account termination to comply with legal and fiscal obligations.
  • Data Synced from Your E-commerce Store & End Customer Data (processed by Beloyal as a Data Processor): Retained while your Beloyal account is active and your store is connected, and as necessary to provide the contracted Services. Upon termination of your Beloyal account or at your explicit request (as Data Controller), this data will be deleted or returned to you (as per the DPA) within 90 days, unless EU or national law requires further storage.
  • AI-Generated Content and User Inputs for AI Guidance: Retained while your Beloyal account is active and you do not delete it. Upon account termination, it may be deleted within 90 days. Data used for training Beloyal's proprietary AI models may be retained longer in an aggregated and/or anonymized/pseudonymized form where technically feasible.
  • Usage Logs (detailed system logs): Retained for up to 12 months for security, diagnostics, and troubleshooting.
  • Analytics Data (e.g., Google Analytics, Mixpanel, PostHog): Retained according to the policies of these platforms, typically for 26-38 months, often in a pseudonymized or aggregated form.

You can request the deletion of your account and associated data by contacting us, subject to our legal obligations.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18 (or the age of legal majority in their jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes constitutes your acceptance of the new Privacy Policy.

12. Contact Us & Supervisory Authority

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us or our DPO:

S.C. Beloyal Tech S.R.L.
Email: [email protected]
DPO Email: [email protected]

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) can be contacted at:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, cod poștal 010336, București, Romania
Website: www.dataprotection.ro
Email: [email protected]