PRIVACY POLICY (AiFrank)


Last updated: 16.04.2026.


This Privacy Policy explains how Crybo Trade OÜ, a company registered in Estonia with registration number 16618647, having its registered address at Tornimäe 7-106, Tallinn, Harjumaa, 10154, Estonia (“Company”, “AiFrank”, “we”, “us”), collects, uses, stores, and protects personal data when users (“User”, “you”) access and use the AiFrank platform (the “Platform”).

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.


1. DATA CONTROLLER


The data controller responsible for the processing of personal data is: Crybo Trade OÜ

Tornimäe 7-106, Tallinn, Estonia Email: legal@aifrank.eu


2. PERSONAL DATA WE COLLECT


We may collect and process different categories of personal data depending on how you use the Platform.



2.1 Data provided directly by the User


When registering or interacting with the Platform, we may collect:

• full name

• email address

• account credentials

• communication content (e.g. messages sent to support or chatbot interactions)



2.2 Financial data


If the User connects their financial accounts or provides financial information, we may process:

• transaction history

• income and expense patterns

• account balances

• financial behavior indicators

This data is used exclusively to generate AI-based insights and recommendations.



2.3 Usage data


We automatically collect data about how the Platform is used, including:

• pages visited

• features used

• session duration

• interactions with AI features


2.4 Device and technical data


We may collect:

• IP address

• browser type and version

• operating system

• device identifiers

This data is used to ensure security and improve performance.



3. PURPOSES OF PROCESSING


We process personal data for the following purposes:

• to provide AI-powered financial insights and recommendations

• to analyze user behavior and improve the accuracy and usefulness of the Platform

• to personalize user experience and tailor content

• to communicate with Users regarding their account or services

• to ensure platform security and prevent fraud or misuse

• to comply with legal and regulatory obligations

We do not use personal data for purposes incompatible with those listed above.



4. LEGAL BASIS FOR PROCESSING (GDPR)



We process personal data based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR):

when the User explicitly agrees to data processing (e.g. connecting financial accounts)

• Contract performance (Art. 6(1)(b) GDPR):

when processing is necessary to provide the Platform services

• Legal obligation (Art. 6(1)(c) GDPR):

when required to comply with applicable laws

• Legitimate interest (Art. 6(1)(f) GDPR):

for improving services, ensuring security, and preventing fraud



5. DATA SHARING AND THIRD PARTIES


We may share personal data with trusted third-party service providers only when necessary for service delivery.

These may include:

• banking and open banking API providers

• cloud infrastructure providers

• analytics and performance monitoring services

• payment processors

All third parties are contractually required to:

• process data only according to our instructions

• implement appropriate security measures

• comply with GDPR and applicable laws

We do not sell personal data to third parties.



6. DATA RETENTION


Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Retention periods may vary depending on:

• the type of data

• legal or regulatory requirements

• the duration of the user relationship



When data is no longer needed, it is securely deleted or anonymized.



7. USER RIGHTS


Under GDPR, Users have the following rights:

• Right of access – to request a copy of their personal data

• Right to rectification – to correct inaccurate or incomplete data

• Right to erasure (“right to be forgotten”) – to request deletion of data

• Right to restriction of processing – to limit how data is used

• Right to data portability – to receive data in a structured format

• Right to object – to processing based on legitimate interest

• Right to withdraw consent – at any time, without affecting prior processing

Requests can be submitted via email: legal@aifrank.eu We will respond within the legally required timeframe.



8. DATA SECURITY


We implement appropriate technical and organizational measures to protect personal data. These include:

• encryption of sensitive data

• secure API connections

• access control and authentication mechanisms

• monitoring systems to detect unauthorized access

Despite these measures, no system can guarantee absolute security.



9. INTERNATIONAL DATA TRANSFERS


Personal data may be transferred and processed outside the European Economic Area (EEA).

In such cases, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• use of service providers with adequate data protection standards



10. AUTOMATED DECISION-MAKING AND AI


The Platform uses artificial intelligence to generate insights.

This may involve automated processing of personal and financial data. However:

• AiFrank does not make legally binding automated decisions

• outputs are advisory in nature

• Users retain full control over decisions



11. COOKIES AND TRACKING


The Platform may use cookies and similar technologies to:

• ensure proper functionality

• analyze usage

• improve performance

Users can manage cookie preferences via browser settings or cookie banner.



12. CHANGES TO THIS POLICY


We reserve the right to update this Privacy Policy at any time.

Users will be informed of significant changes.

Continued use of the Platform implies acceptance of the updated policy.



13. CONTACT


For any questions or requests regarding this Privacy Policy: Email: legal@aifrank.eu