Privacy Policy

Depending on how you interact with Addin, we may process the following categories of personal data: a) Account and identification data full name; business email address; login credentials or authentication identifiers; company / organization name; job title or role; country and language preferences. b) Subscription and billing data subscription plan; number of seats / users; invoicing details; payment-related metadata; transaction history; VAT / tax details where applicable. Note: If payments are processed by a third-party payment provider, we typically do not store full payment card details ourselves, but we may receive limited transaction confirmations and billing metadata. c) Document and content data When you use the Addin Word add-in or related services, we may process: document content submitted for review or analysis; text fragments, clauses, comments, prompts and questions entered into the AI chat or analysis fields; generated outputs such as summaries, clause suggestions, risk flags, answers, recommendations or reports; metadata relating to uploaded, opened or processed files. This content may contain personal data included by you or by your organization in the relevant documents. d) Technical and usage data IP address; browser type and version; device or system information; operating system; Word add-in or application version; crash logs and diagnostics; usage events, feature interaction data and product telemetry; timestamps and session data. e) Communications data messages sent to us by email or contact forms; support requests; feedback; call notes or meeting notes where applicable. f) Organization and team administration data For team, professional or enterprise accounts, we may also process: organization identifiers; workspace information; seat allocation information; administrator actions; user role and permissions; audit or activity logs necessary for account governance and security.

We collect personal data: directly from you, when you create an account, contact us, request a demo, start a free trial, subscribe, or use our services; from your organization or account administrator, where your employer or team provides access to Addin; automatically, through cookies, logs, analytics tools, product telemetry and security systems; from integrated service providers, such as authentication, billing, support, hosting or analytics partners; from documents and prompts submitted through the Word add-in or related interfaces.

We process personal data only where we have a valid legal basis under the GDPR and applicable law. a) Performance of a contract We process personal data as necessary to: create and manage user accounts; provide the Addin website, Word add-in and related services; enable contract analysis, summaries, clause suggestions and AI chat functionality; administer subscriptions, seat allocation, free trials and enterprise services; provide customer support and respond to service requests. b) Compliance with legal obligations We may process personal data to: issue invoices and maintain accounting records; comply with tax, corporate, consumer protection or regulatory obligations; respond to lawful requests from authorities; maintain records required by law. c) Legitimate interests Where appropriate, we process personal data for our legitimate interests, including: securing our systems, services and users; preventing fraud, abuse and unauthorized access; monitoring service performance and diagnosing technical issues; improving product functionality, user experience and support quality; maintaining internal reporting and business operations; managing enterprise relationships and service governance. When we rely on legitimate interests, we assess that our interests are not overridden by your fundamental rights and freedoms. d) Consent Where required by law, we rely on your consent for: non-essential cookies or similar technologies; marketing communications; other processing activities for which consent is legally required. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Addin is designed to analyze contracts and other legal or business documents. As a result, data entered into the product may include personal data belonging to users, counterparties, employees, clients, suppliers or other individuals mentioned in the document. When users submit document content for analysis, we process that content strictly for the purpose of providing the requested service, improving security and maintaining the functionality of the platform, subject to the applicable contract terms and technical configuration. Where a customer uses Addin within an organization, the customer or employer may act as controller for the document content it uploads, and we may act as processor on its behalf. In enterprise environments, the exact allocation of GDPR roles should be defined in the applicable contract and, where necessary, a Data Processing Agreement. Customers must ensure they have an appropriate legal basis for submitting documents and personal data to the service.

Addin uses artificial intelligence and automated systems to review documents, generate summaries, highlight risks, suggest clauses and answer user questions. These outputs are intended to support professional review and decision-making. Unless expressly agreed otherwise, Addin does not make legally binding decisions on your behalf. Users remain responsible for reviewing outputs and exercising professional judgment before relying on them. If any processing qualifies as automated decision-making under Article 22 GDPR, we will implement the safeguards required by applicable law.

We may disclose personal data to: hosting and cloud infrastructure providers; authentication and identity providers; payment processors; email and communications providers; customer support and CRM providers; analytics, monitoring and security providers; professional advisers, auditors and legal counsel; public authorities, regulators or courts, where required by law; affiliated companies within our group, where necessary for internal administration and service delivery. All such disclosures are limited to what is necessary for the purposes described in this Policy and, where required, are governed by appropriate contractual safeguards.

We may process or allow access to personal data in countries outside the European Economic Area, for example where certain service providers or infrastructure partners operate internationally. Where personal data is transferred outside the EEA, we will ensure appropriate safeguards are implemented in accordance with the GDPR, such as: adequacy decisions; Standard Contractual Clauses approved by the European Commission; supplementary technical and organizational measures where necessary. You may request additional information about the relevant safeguards by contacting us.

We retain personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, tax, contractual and security obligations. Retention periods may vary depending on the data category, including: account data: for the duration of the account and a reasonable period thereafter; billing and invoicing data: for the period required by applicable accounting and tax law; support communications: for as long as necessary to resolve the matter and maintain an auditable support history; usage logs and security logs: for a limited period necessary for security, diagnostics and fraud prevention; document content: according to the product configuration, customer contract, enterprise environment, and technical retention settings in force at the time of processing. If you need precise retention information for a particular deployment model, please contact us.

Our website may use cookies and similar technologies for: essential website functionality; authentication and security; analytics and performance measurement; remembering preferences; improving user experience. Where required by law, we will ask for your consent before placing non-essential cookies. More information should be made available in a separate Cookie Policy or cookie notice.

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. Such measures may include, where appropriate: access controls and role-based permissions; encryption in transit and, where applicable, at rest; logging and monitoring; environment segregation; vulnerability management; contractual confidentiality obligations; staff awareness and access limitation on a need-to-know basis. No system can be guaranteed to be completely secure, but we take reasonable steps appropriate to the risks involved.

Subject to applicable law, you have the following rights: the right of access; the right to rectification; the right to erasure; the right to restriction of processing; the right to data portability; the right to object to certain processing; the right not to be subject to a decision based solely on automated processing, where applicable; the right to withdraw consent at any time, where processing is based on consent; the right to lodge a complaint with the competent supervisory authority. To exercise your rights, please contact us at contact@addin.ro or at the postal address listed above. We may request reasonable information to verify your identity before responding to your request.

If you use Addin through your employer, law firm, company, or another organization: your organization may act as the primary controller for certain personal data processed through the service; your account administrator may have access to workspace information, usage administration data and certain account-level records; separate contractual terms, enterprise privacy terms or a Data Processing Agreement may apply. If you are unsure whether your organization or Addin is the relevant contact for your request, you may contact either your administrator or us and we will direct your request appropriately.

Addin is intended for professional and business use and is not directed to children. We do not knowingly collect personal data from children through our services.

We may update this Privacy Policy from time to time to reflect changes in the law, our services, our technical infrastructure or our data processing practices. If we make material changes, we will publish the updated version on our website and, where appropriate, notify users through the website, email, or the product interface.

For questions about this Privacy Policy or our data processing practices, please contact: Protecht Web S.R.L. / Prothecht / Addin Email: contact@addin.ro Address: Drumul Padurea Pustnicu 143H, sector 1, Bucuresti, Romania You also have the right to file a complaint with the competent data protection authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).