Book a demo

Privacy Policy

1 Controller

Mendelio SRL
Str. Horia nr.8
700126 Iasi
Romania
E-Mail: contact@emata.ai
Website: www.emata.ai
Legal representative: Christopher Bartl

2 Scope

This privacy policy applies to the use of the Emata.ai platform and related services. It applies to users acting in a B2B context.

3 Purposes and Legal Bases

We process personal data for:
  • Registration and platform access (Art. 6(1)(b) GDPR) 
  • Email communication (Art. 6(1)(f) GDPR)  
  • Contract fulfillment and support (Art. 6(1)(b) GDPR) 
  • Legal compliance (Art. 6(1)(c) GDPR) 
  • Analytics and platform improvement (Art. 6(1)(a) GDPR)

4 Categories of Data Processed

  • Contact details (name, email address, company) 
  • Login and usage data 
  • Customer-uploaded documents and content 
  • Payment data (if Stripe is used) 

5 Recipients / Third Parties

a) Without activated process:

  • Hosting: Google Cloud Platform (EU) 
  • Email delivery: Mailgun (transactional emails) 

b) Upon process activation:
Additional providers (e.g. AI services, document parsing) are only used after the customer explicitly activates a process and consents to the use. 

6 Payment Processing

Payments are processed via Stripe or invoice (sent from billing@mendelio.io). Stripe’s privacy policy applies when used.

7 Cookies und Tracking

Cookies are used only with your consent via our consent tool (Complianz). Services used:

  • Google Analytics 
  • Google Tag Manager 
  • Hotjar 

Legal basis: Art. 6(1)(a) GDPR. Consent can be withdrawn at any time via the cookie banner.

8 Data Processing Agreements

All service providers are bound by GDPR-compliant processing agreements under Art. 28. A separate Data Processing Agreement (DPA) is concluded with each client.

9 International Data Transfers

If subcontractors outside the EU (e.g. US) are involved, data is only transferred under appropriate safeguards (e.g. Standard Contractual Clauses, DPF certification).

10 Retention Period

Data is stored during the contractual relationship. After termination, data is deleted within 30 days unless legal retention obligations apply.

11 Your Rights

You may request access, rectification, erasure, restriction of processing and data portability at any time. Contact: contact@emata.ai

12 Right to Lodge a Complaint

You may contact the Romanian Data Protection Authority or any other EU authority to file a complaint.

13 Changes to this Privacy Policy

We may update this policy from time to time. The current version is available at www.emata.ai.