Privacy Policy
How we handle your data
Transparency is at the core of how we operate. This policy explains what we collect, why, and the rights you have over your data.
Last updated: 6 March 2026
1. Who We Are
Ramiro AI ApS is the data controller responsible for your personal data. We are registered in Denmark.
For any questions about this policy or your data, contact us at privacy@ramiro.ai.
2. What We Collect
We collect the following categories of personal data:
- Account information — name, email address, and profile photo.
- Project data — titles, descriptions, genres, target audiences, and distribution strategies you provide.
- Conversation content — messages exchanged with the AI assistant, and memory summaries generated for continuity.
- Generated content — social media posts, images, pitch decks, and analysis reports created by the AI on your behalf.
- Uploaded files — trailer videos, brand assets, and reference images you upload to the platform.
- Usage data — feature usage and AI token consumption. We do not track browsing behaviour across websites.
- Billing data — managed by our payment processor. We store your plan type and subscription status, not your card details.
3. How We Use Your Data
We process your data for the following purposes, each with a lawful basis under the GDPR:
| Purpose | Legal Basis |
|---|---|
| Provide the AI assistant service | Contract performance |
| Process conversations through AI models | Contract performance |
| Store conversation memory for continuity | Contract performance |
| Generate content and analysis | Contract performance |
| Send transactional emails | Contract performance |
| Process payments | Contract performance |
| Monitor for abuse and errors | Legitimate interest |
| Improve service reliability | Legitimate interest |
| Aggregate anonymous usage statistics | Legitimate interest |
| Analyse website traffic and usage patterns | Consent |
4. AI Processing
To provide the service, your conversation content and project data are processed by external AI model providers. These providers process your data solely to generate responses and do not use your data to train their models.
We use the following categories of AI providers:
- AI model providers — for text generation, reasoning, and conversation (processes conversation content and project context).
- AI image generation providers — for creating visual assets (processes text prompts and reference images).
- AI video analysis providers — for trailer analysis (processes uploaded video files).
- AI embedding providers — for contextual memory and search (processes text for vector representations).
We select providers that offer contractual commitments against training on customer data. Providers may retain data temporarily (7–55 days) for abuse monitoring, after which it is deleted.
Some providers process data outside the EU — see International Transfers below.
5. Categories of Recipients
Your data may be shared with the following categories of recipients, solely to provide and maintain the service:
- AI model providers — conversation content and project context for generating responses.
- AI image generation providers — text prompts and reference images for creating visual assets.
- Payment processor — billing data for subscription management.
- Email delivery provider — email address and message content for transactional emails.
- Cloud storage provider — uploaded and generated files for storage.
- Analytics provider — anonymised website usage and traffic data.
- Error monitoring provider — application errors for debugging. No conversation content is sent.
- Hosting provider — all data, as it resides on their EU-based infrastructure.
6. International Transfers
Your data is stored on EU-based servers (Germany).
Certain service providers process data outside the EU. Where this occurs, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards under GDPR Article 46.
Our analytics provider may process anonymised usage data in the United States under Standard Contractual Clauses.
File storage uses EU-jurisdiction endpoints.
7. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Conversations and memories | Duration of account + 30 days after deletion |
| Generated content and assets | Duration of account + 30 days after deletion |
| AI usage logs | Anonymised after account deletion (aggregated statistics retained) |
| Billing records | 10 years (Danish tax law — Bogføringsloven) |
| Error logs | 90 days |
8. Your Rights
Under the GDPR, you have the following rights over your personal data:
- Access (Art. 15) — request a copy of the personal data we hold about you.
- Rectification (Art. 16) — correct inaccurate or incomplete personal data.
- Erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
- Restriction (Art. 18) — restrict processing of your data in specific circumstances.
- Portability (Art. 20) — receive your data in a structured, machine-readable format.
- Objection (Art. 21) — object to processing based on legitimate interest.
To exercise any of these rights, email privacy@ramiro.ai. We will respond within 30 days.
You also have the right to lodge a complaint with the Datatilsynet (Danish Data Protection Agency) if you believe your data protection rights have been violated.
10. Children
Ramiro AI is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at privacy@ramiro.ai and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be notified via email or in-app notice. Continued use of the service after notification constitutes acceptance of the updated policy.
12. Contact
Ramiro AI ApS
Denmark
Privacy inquiries: privacy@ramiro.ai