for the software and web browser extension provided by Newt, s.r.o.

Effective: 3 April 2026

1. Who processes your data?

1.1. The controller of personal data is Newt, s.r.o., Company ID No.: 23532947, with its registered office at Křejpského 1529/3, Chodov, 149 00 Prague, registered in the Commercial Register (hereinafter the "Controller", "Newt" or "we").

1.2. If you have any questions, you can contact us by e-mail at info@debiasify.cz.

2. How the Service handles content (processing modes)

2.1. The way in which the Service obtains content for analysis depends on the platform used: in web browsers, it may require permission to read content (e.g. activeTab); in mobile applications, it receives content through the system share function (Share); in the web interface, the user may insert content directly; and in the case of automated access, content may be received programmatically through an application programming interface (API) or other system integrations (e.g. the MCP protocol). The way in which such data is subsequently handled depends on the selected plan, the specific feature and the technical mode of the Service.

2.2. Direct BYOK mode: In some modes, selected text, page content or another input submitted by you is transmitted directly from your browser to the provider of the AI model whose API key you have configured. In such a case, Newt generally does not receive the full content of the analyzed page, unless this is necessary for a specific support or security feature expressly described in the Service interface or in this Policy.

2.3. Newt-mediated mode: In some plans or features, selected text, the entire page content or a substantial part thereof may first be sent to Newt's infrastructure and only then to the AI provider, or evaluated by another technical procedure used by Newt. In such a case, Newt may temporarily process this content for the purpose of providing the requested Service feature, technical routing and delivery of the request, security, prevention of misuse and incident handling, caching, deduplication of requests and display or delivery of the analysis result.

2.4. Full-page analysis: In some features, the entire textual content of the displayed page or a substantial part thereof, not only the expressly selected excerpt, may be sent for analysis. Such content may contain personal data, confidential information, internal documents or other protected content. The Service is not intended for processing special categories of personal data, data subject to banking secrecy, access credentials, payment card details or other highly sensitive information.

2.5. Pre-cached results: To increase speed and reduce the number of repeated requests, the Service may use both local and server-side cache. This means that, during a subsequent analysis, a previously created result stored on your device or on Newt's server may be displayed, including a result matched by URL, content hash, fingerprint or another technical identifier.

2.6. Risk of outdatedness and mismatch: Pre-cached results may be outdated, incomplete or may not correspond to the current content of the website in real time. The fact that the Service displays an analysis result does not mean that the result relates to the currently displayed version of the page.

2.7. Local storage: The Service may use your web browser's local storage in particular to store the API key, user settings, whitelist, local result cache and other technical preferences. The scope of locally stored data may vary depending on the plan and feature.

2.8. User responsibility for content selection: You are responsible for selecting the pages and content submitted for analysis. Do not use the Service to submit sensitive, confidential, financial or otherwise protected data unless you have the appropriate legal basis and unless the relevant mode of the Service expressly anticipates this.

3. Compliance with distribution platform rules and scope of data use

3.1. The use of information obtained by the Service complies with the policies of the platforms through which it is distributed, including the rules of the Chrome Web Store, Apple App Store and Google Play.

3.2. We do not sell your personal data or web browsing data to third parties.

3.3. We do not use or disclose your data for personalized advertising purposes or for the purposes of determining creditworthiness or providing credit.

3.4. We use page content and analysis results only to the extent necessary for providing, securing, technically operating and caching the Service, in accordance with this Policy and applicable legal regulations. Unless expressly stated otherwise, we do not use page content or analysis results to train our own artificial intelligence models.

4. What personal data do we process and why?

4.1. The scope of processed data depends on the plan and features you use.

4.1.1. Please note that if the Service offers a custom instructions (prompts) feature, such texts (prompts) are processed as part of your operational data and history. We recommend that you do not include any personal data or confidential information in prompts.

4.2. Account and subscription data: We process in particular your e-mail address, license information, subscription information and related account identifiers. We need this data to create an account, communicate with you, verify your authorization to use the Service and manage the subscription. The legal basis is performance of the contract.

4.3. Billing and payment data: We process data necessary to match the payment, issue a tax document and comply with legal obligations. The legal basis is compliance with a legal obligation and performance of the contract.

4.4. Operational and technical data on use of the Service: We may process technical and operational data, such as information about the plan, feature used, request type, date and time of the request, technical identifiers, error logs, security events, URL or domain, content hash or fingerprint, information about the model used and related metadata. We process this data for the purpose of operation, security, prevention of misuse, troubleshooting, short-term caching and ensuring the functionality of the Service. The legal basis is performance of the contract and our legitimate interest in the secure and reliable operation of the Service.

4.5. Analysis history and web interface: If the Service allows the saving of check history for later access (e.g. from the web interface), we process the content of submitted requests and analysis results and associate them with your user account. The legal basis for this storage is performance of the contract (provision of the synchronization and history feature requested by you).

4.6. Content submitted for analysis: In plans or features where processing is mediated through Newt, we may also temporarily process selected text, the entire page content or a substantial part thereof, if this is necessary to provide the Service, route the request, ensure security, provide short-term caching, deduplicate requests or display the result. The legal basis is performance of the contract and our legitimate interest in the secure and efficient technical operation of the Service.

4.7. B2B mode: If you use the Service as an entrepreneur and personal data is processed through the Service on behalf of your organization, Newt may, to the relevant extent, act as a processor. Details are regulated in the Data Processing Agreement (DPA), where applicable.

5. Who has access to the data? (Recipients and processors)

5.1. To ensure the operation of the Service, we use vetted partners who have access to data only to the extent strictly necessary, in particular cloud infrastructure and hosting providers, payment service providers, AI model and API providers selected by you or available within the specific Service plan, and providers of security, monitoring or support tools, if necessary for the operation of the Service.

5.2. Transfers outside the EU/EEA: When using global partners, personal data may be transferred to third countries, in particular to the USA. In such a case, we use appropriate transfer mechanisms under the GDPR, in particular adequacy decisions, standard contractual clauses or other applicable safeguards depending on the specific recipient and type of transfer.

5.3. B2B mode: If we process data on behalf of a business customer as a processor, such processing is also governed by the relevant Data Processing Agreement (DPA).

6. How long do we retain data?

6.1. Account and subscription data: We retain this data for the duration of the subscription. After its termination, we delete it without undue delay, unless further retention is necessary to defend our rights and resolve potential disputes (typically for the duration of limitation periods).

6.2. Accounting and tax data: We retain billing and accounting data for the period stipulated by legal regulations, typically 10 years.

6.3. Operational and security logs: We retain operational, security and error logs for the period strictly necessary for operation, security and incident handling.

6.4. Content submitted for analysis through Newt: If page content or part of it is processed through Newt's infrastructure, in the basic mode we retain the full content only for the period necessary to carry out the request, deliver the result, provide short-term caching, troubleshoot errors or protect the Service, unless longer retention is necessary for legal reasons or unless such data is stored in the user's History under Section 6.5.

6.5. Data stored in history and the web interface: Personal data, texts and results that are linked to your user account as part of the history feature (web interface) may be retained until you expressly delete them from the history yourself, or until your user account is cancelled.

6.6. Cache and technical identifiers: We may retain hashes, fingerprints, metadata and pre-cached analysis results for a period appropriate to the purpose of speeding up the Service, limiting redundant requests and ensuring operation. After this period expires, records are deleted, overwritten, aggregated or anonymized.

6.7. Backups: Selected operational data may be included in security backups for a limited period. After the retention cycle expires, these backups are automatically deleted or overwritten.

7. What rights do you have?

7.1. Under the GDPR, you have the right to access, rectification, erasure, restriction of processing, data portability and the right to object in cases provided by legal regulations with respect to your personal data.

7.2. To exercise these rights, please contact us by e-mail at info@debiasify.cz.

7.3. You also have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection.

8. Changes to this Policy

8.1. We reserve the right to update this Policy on an ongoing basis, in particular due to changes in legal regulations, development of the Service, security measures or changes in the technologies and partners used.

8.2. We will inform you of material changes reasonably in advance, usually by e-mail or by notice in the Service interface. In urgent cases, in particular due to compliance with a legal obligation or ensuring security, changes may become effective earlier.