Privacy Policy
Last updated: February 2026
1. Introduction
Welcome to easyrag.com (the "Website"). This Privacy Policy explains how Black Device SRL ("we," "us," or "our"), a company registered in Romania, collects, uses, and protects your personal data when you use our AI-powered SaaS platform.
We are committed to protecting your privacy in compliance with Regulation (EU) 2016/679 (GDPR) and relevant Romanian legislation (Law no. 190/2018).
Data Controller Details:
- Company Name: Black Device SRL
- Fiscal Code (CUI): 48319277
- Registered Office: Str. Nuferilor 50-58 Ap. B55, Bucharest, Romania
- Email: contact@easyrag.com
2. Data We Collect
We collect personal data that you provide to us directly or that is generated automatically when you use our services.
A. Data you provide to us
- Account Information: Name, email address, password (encrypted), and billing details.
- User Content: Text, documents, or data you upload to the platform for processing ("RAG" - Retrieval-Augmented Generation).
- Communication: Content of emails or support tickets you send us.
B. Data collected automatically
- Technical Data: IP address, browser type, device information, operating system.
- Usage Data: Pages visited, duration of visit, and interaction with AI features.
- Cookies: We use cookies to manage sessions and settings.
3. How We Use Your Data
We process your data for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Service Provision: To create accounts, process payments, and provide AI responses. | Contractual Necessity (Art. 6(1)(b)) |
| Improvement: To analyze usage trends and improve our AI algorithms. | Legitimate Interest (Art. 6(1)(f)) |
| Billing & Legal: To issue invoices and comply with tax laws (ANAF). | Legal Obligation (Art. 6(1)(c)) |
| Marketing: To send newsletters (only if you opted in). | Consent (Art. 6(1)(a)) |
4. AI and Data Processing
- Input Data: Data you upload for RAG (Retrieval-Augmented Generation) purposes is processed to provide you with relevant answers.
- Training: We do not use your private, proprietary uploaded documents to train our public AI models unless you explicitly grant us permission. Your data remains isolated to your workspace.
5. Data Sharing and Third Parties
We do not sell your data. We may share data with trusted third-party service providers (Data Processors) strictly for operational needs:
- Hosting/Cloud: (e.g., AWS, Google Cloud, Azure)
- Payment Processors: (e.g., Stripe, Netopia)
- AI Model Providers: (e.g., OpenAI, Anthropic) – Note: Data sent to LLM providers is done via API with strict privacy retention policies.
6. International Transfers
If we transfer data outside the European Economic Area (EEA), we ensure it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission or ensuring the destination country has an "Adequacy Decision."
7. Your Rights
Under GDPR, you have the right to:
- Access: Request a copy of the data we hold about you.
- Rectification: Correct inaccurate data.
- Erasure ("Right to be forgotten"): Request deletion of your data.
- Restriction: Limit how we use your data.
- Portability: Receive your data in a structured format.
- Object: Object to processing based on legitimate interest.
To exercise these rights, please contact us at contact@easyrag.com.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law (e.g., invoices must be kept for 10 years under Romanian fiscal law).
9. Contact Authority
If you believe your rights have been violated, you may file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP):
- Website: www.dataprotection.ro