Privacy Policy

This Privacy Policy explains how X-szállás Kft., with its registered seat at 1088 Budapest, József krt. 2., Hungary ("we", "us", "Company"), collects, uses, and protects personal data when you use the CalWorkLaw service (the "Service"). We are the data controller for the personal data processed via the Service.

• Account data: email address, hashed password, sign-in provider (e.g. Google), display name.
• Content you submit: the questions, prompts, and conversations you send to the AI assistant.
• Usage data: log data, IP address, browser type, device identifiers, pages viewed, timestamps, feature usage.
• Support communications: messages you send us by email.
• Billing data: processed by our payment provider Paddle (see Section 4). We do not store your full payment card details.

• Providing the Service — performance of contract.
• Billing & fraud prevention — performance of contract and legal obligation.
• Security, abuse detection, and rate limiting — legitimate interests.
• Product improvement & analytics — legitimate interests; aggregated and de-identified where possible.
• Customer support — performance of contract and legitimate interests.
• Legal compliance — legal obligation (accounting, tax, lawful requests).

Your questions are sent to third-party AI model providers (currently OpenAI and/or Perplexity AI) to generate responses. These providers process the content as our sub-processors under data processing agreements and do not train their public models on API content. We do not sell your inputs. Do not submit information you do not want processed in this way; in particular, avoid submitting sensitive personal data of third parties.

• Hosting & backend: Lovable / Supabase (EU/US).
• AI models: OpenAI, Perplexity AI (US).
• Merchant of Record & payments: Paddle.com. See Paddle's Privacy Notice.
• Email delivery provider for transactional/auth emails.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities where required by law.

Some recipients are located outside the European Economic Area, including in the United States. Where this occurs, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses or, where applicable, adequacy decisions (e.g. EU-US Data Privacy Framework).

We retain account and chat data for as long as your account is active and for up to 12 months after deletion for backup, dispute resolution, and legal purposes. Billing records are retained for the period required by applicable accounting and tax law (typically 8 years in Hungary). Aggregated, non-identifying analytics may be kept indefinitely.

If you are in the EU/EEA or UK, you have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent (where processing is based on consent); and lodge a complaint with a supervisory authority (in Hungary: NAIH — naih.hu). We respond to verified requests within one month.

To exercise your rights, email calilaw@icloud.com.

We use appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest, access controls, secure password hashing, and least-privilege server roles. No system is perfectly secure.

We use essential cookies for authentication and limited analytics. See our Cookie Policy.

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. Material changes will be announced through the Service or by email.

X-szállás Kft. · 1088 Budapest, József krt. 2., Hungary · calilaw@icloud.com.