Privacy Policy

Last updated: February 12, 2026

FERO VERO s.r.o. ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR") and Czech Act No. 110/2019 Coll. on Personal Data Processing.

1. Information We Collect

1.1 Personal Data You Provide

We collect the following personal data when you use our services:

• Account Information: Name, email address, password (encrypted), company name, job title
• Profile Information: Profile picture, bio, social media links, preferences
• Tool Listings: AI tool descriptions, features, pricing, contact details
• Payment Information: Billing address, payment method details (processed by third-party payment processors)
• Communications: Messages, reviews, comments, support tickets
• Marketing Preferences: Newsletter subscription, communication preferences

1.2 Automatically Collected Data

We automatically collect certain technical data when you visit our website:

• Device Information: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, time spent on pages, click-through rates, search queries
• Location Data: General geographic location based on IP address
• Cookies and Tracking: See Section 8 for details on cookies

1.3 Data from Third Parties

• Authentication Services: Data from Google, LinkedIn, or other OAuth providers if you use social login
• Analytics Providers: Aggregated usage data from analytics services
• Payment Processors: Transaction confirmations and payment status

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services, manage your account, and fulfill our obligations
• Consent (Art. 6(1)(a)): Marketing communications, cookies (where required), optional data sharing
• Legitimate Interests (Art. 6(1)(f)): Fraud prevention, security, analytics, service improvement, direct marketing to existing customers
• Legal Obligation (Art. 6(1)(c)): Compliance with accounting, tax, and legal requirements

3. How We Use Your Data

We use your personal data for the following purposes:

3.1 Service Provision

• Creating and managing your account
• Processing and displaying tool listings
• Facilitating communication between users and tool providers
• Processing payments and managing subscriptions
• Providing customer support

3.2 Service Improvement

• Analyzing usage patterns and trends
• Conducting research and development
• Testing new features and improvements
• Personalizing user experience

3.3 Communications

• Sending transactional emails (confirmations, receipts, account updates)
• Providing customer support and responding to inquiries
• Sending marketing communications (with your consent)
• Notifying you of service changes or important updates

3.4 Security and Legal

• Preventing fraud and abuse
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting our rights and property
• Responding to legal requests and court orders

4. Data Sharing and Disclosure

We may share your personal data with:

4.1 Service Providers

• Hosting and Infrastructure: Cloud hosting providers (data stored in EU/EEA)
• Payment Processing: Stripe, PayPal, or other payment gateways
• Email Services: Email delivery and marketing platforms
• Analytics: Google Analytics, mixpanel (with anonymization where possible)
• Customer Support: Help desk and support ticket systems

All service providers are bound by data processing agreements and GDPR requirements.

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

4.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or illegal activities
• Protect the safety of users or the public

4.4 With Your Consent

We may share your data with third parties when you explicitly consent to such sharing.

5. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:

• European Commission approved Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework (where applicable)
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Until account deletion, plus 30 days for recovery
• Transaction Records: 10 years (Czech accounting law requirement)
• Marketing Data: Until consent withdrawal, plus 3 years for legal claims
• Support Tickets: 5 years for quality assurance and legal purposes
• Usage Data: 24 months in identifiable form, then anonymized
• Backups: Automatically deleted within 90 days

After retention periods expire, we securely delete or anonymize your data.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Right of Access (Art. 15)

You can request a copy of your personal data we hold and information about how we process it.

7.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal data when:

• Data is no longer necessary for the purposes collected
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• Data was unlawfully processed
• Deletion is required by legal obligation

7.4 Right to Restriction of Processing (Art. 18)

You can request limitation of processing in certain circumstances, such as when you contest data accuracy.

7.5 Right to Data Portability (Art. 20)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

7.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

7.8 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently engage in such automated decision-making.

7.9 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@aitoolsdirectory.com
• Mail: FERO VERO s.r.o., Kurzova 2222/16, 155 00 Praha, Czech Republic
• Account Settings: Manage preferences and download data

We will respond to your request within 30 days. If we need more time, we will inform you and explain the reason for delay.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our services.

8.2 Types of Cookies We Use

• Essential Cookies: Required for website functionality (login, security). No consent needed.
• Functional Cookies: Remember your preferences and settings. Consent-based.
• Analytics Cookies: Help us understand how users interact with our site. Consent-based.
• Marketing Cookies: Track advertising effectiveness and deliver relevant ads. Consent-based.

8.3 Cookie Management

You can control cookies through:

• Our cookie consent banner (first visit)
• Cookie settings in your browser
• Third-party opt-out tools (e.g., Google Analytics opt-out)

Note: Disabling certain cookies may affect website functionality.

8.4 Third-Party Cookies

We use the following third-party services that may set cookies:

• Google Analytics (analytics and tracking)
• Google Ads (advertising)
• Facebook Pixel (advertising)
• LinkedIn Insights (advertising)

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

9.1 Technical Measures

• TLS/SSL encryption for data transmission
• Encrypted data storage
• Secure password hashing (bcrypt)
• Regular security updates and patches
• Firewall protection and intrusion detection
• Regular security audits and vulnerability assessments

9.2 Organizational Measures

• Access controls and authentication
• Employee training on data protection
• Data processing agreements with service providers
• Incident response procedures
• Regular backup and disaster recovery procedures

9.3 Data Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify:

• The Czech Data Protection Authority (ÚOOÚ) within 72 hours of becoming aware
• Affected individuals without undue delay if there is a high risk

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately. If we discover that we have collected data from a child under 16, we will delete it promptly.

11. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending email notification to registered users (for significant changes)
• Requesting renewed consent where required by law

13. Your Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully or violated your privacy rights, you have the right to lodge a complaint with the supervisory authority:

You also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work if you are located in another EU member state.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: