GDPR &
Privacy Policy

1. Data Controller

Humans.ai ("we," "us," or "our") is the data controller responsible for your personal data. We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Contact: sabin@humans.ai

2. Data We Collect

We may collect and process the following categories of personal data:

• Identity data: name, username, or similar identifier
• Contact data: email address, professional contact details
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage data: information about how you use our platforms and services
• Communication data: your preferences in receiving communications from us

3. How We Use Your Data

We process your personal data on the following legal bases:

• Performance of a contract: to deliver our AI Human services and platforms
• Legitimate interests: to improve our services, prevent fraud, and ensure network security
• Consent: for marketing communications (which you may withdraw at any time)
• Legal obligation: to comply with applicable laws and regulations

4. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Account data is retained for the duration of your relationship with us plus a period of 3 years. Technical and usage logs are retained for up to 12 months. You may request deletion at any time (see Section 7).

5. Data Sharing

We do not sell your personal data. We may share your data with:

• Service providers: trusted third parties who process data on our behalf under strict data processing agreements (e.g., cloud infrastructure, analytics)
• AI model providers: anonymised or pseudonymised data may be processed by AI API providers (e.g., Anthropic) to deliver AI Human functionality
• Legal authorities: where required by law or to protect our legal rights

All third-party processors are bound by GDPR-compliant data processing agreements.

6. International Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: request that we limit how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: withdraw any consent given at any time

To exercise any of these rights, please contact us at sabin@humans.ai. We will respond within 30 days.

8. Cookies

Our platforms may use cookies and similar tracking technologies to enhance your experience. Strictly necessary cookies are required for the operation of our services. All other cookies (analytics, preference) are used only with your consent.

You can manage cookie preferences through your browser settings at any time.

9. AI-Processed Data

Our AI Humans process data to perform assigned tasks. Inputs submitted to AI Humans may be processed by underlying language model APIs. We do not use your submitted data to train third-party AI models without your explicit consent. All AI processing is logged for accountability purposes in line with our data retention policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

11. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Romania, the relevant authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or via prominent notice on our platforms. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact

For any privacy-related questions, requests, or concerns, please contact our Data Protection contact at sabin@humans.ai.