Back to home

    Privacy Policy

    Effective date: March 22, 2026

    1. Data Controller

    Residento ("we", "our", "the Service") — including the website at residento.app, the web application, and the mobile apps for iOS and Android — is operated by:

    Sergej Děďuchin
    IČO: 09827064
    Kurzova 2222/16, Praha – Stodůlky, 155 00, Czech Republic
    Email: info@residento.app

    Residento is an AI-powered assistant that helps foreigners navigate Czech immigration, residency, and daily life.

    2. Data We Collect

    We only collect data that is necessary to provide and improve our service. Profile data is entirely voluntary — the Service functions fully without it.

    Account information

    • Email address (if you sign up with email)
    • Name and profile photo (if you sign in with a third-party authentication provider)
    • A unique user ID generated by our authentication provider

    Conversation data

    • Your conversation history with the AI assistant, including your questions and the answers provided, to enable continuous and context-aware assistance
    • Images you attach to conversations
    • Documents generated within the app

    Profile data (voluntary)

    • Document-related details you optionally provide to enable automatic form filling (e.g. name, passport number, file reference number, address, visa type, nationality, date of birth)
    • This information is stored securely in your account and never used for any purpose other than generating your documents
    • You may update or delete your profile data at any time from within the Service

    Usage & analytics data (only with your consent)

    • Aggregated interaction patterns such as screen views and feature usage, used solely to improve the app experience
    • Device type, OS version, app version
    • Crash reports to help us maintain stability and fix issues

    Purchase data

    • Subscription status and transaction identifiers (managed by Apple / Google Play and our subscription management provider; we never see your payment card details)

    3. How We Use Your Data

    PurposeLegal Basis (GDPR Art. 6)
    Provide the service (chat, documents, profile)Contract performance (Art. 6(1)(b))
    Service quality assurance & improvementLegitimate interest (Art. 6(1)(f))
    Analytics & app improvementConsent (Art. 6(1)(a)) — you can opt out any time
    Payment processingContract performance (Art. 6(1)(b))
    Customer supportLegitimate interest (Art. 6(1)(f))
    Legal obligationsLegal obligation (Art. 6(1)(c))

    We do not sell your personal data to third parties.

    4. AI Processing & Conversation Data

    To provide you with accurate and helpful answers, your conversations are processed by our AI infrastructure. Conversation context is retained in your account to ensure a seamless, continuous experience across sessions.

    Aggregated and anonymized interaction data may be used to improve the quality of our AI responses, expand our knowledge base, and enhance the overall service experience. In rare cases, individual interactions may be reviewed for technical troubleshooting or resolving service issues.

    Your data is never sold or shared with third parties for their own commercial purposes. Our AI provider, Anthropic (Claude), processes your messages solely to generate responses and does not use your data for model training.

    No automated decisions with legal or similarly significant effects are made based solely on automated processing.

    5. Cookies & Local Storage

    On the web version we use:

    TypePurposeCan be disabled?
    EssentialAuthentication session, language preference, app settingsNo (required for the app to work)
    AnalyticsAnonymous usage statistics to help us improve the appYes — via the cookie consent banner

    On native mobile apps, analytics data is collected via an analytics SDK; you can disable analytics tracking in your device settings.

    6. Third-Party Services

    We use third-party data processors in the following categories:

    • Cloud database and authentication provider (EU-based servers)
    • Analytics and crash reporting provider
    • Anthropic (Claude) — AI natural language processing provider; conversations are processed solely to generate responses; the provider does not use API data for model training (privacy policy)
    • Subscription management provider — we never see your payment card details
    • Third-party authentication providers (sign-in via external accounts)

    7. International Data Transfers

    Your primary data is stored in the EU. Some data may be processed by US-based services for AI processing, analytics, and subscription management. These transfers are protected by:

    • EU-US Data Privacy Framework (DPF) certifications
    • Standard Contractual Clauses (SCCs) where applicable

    8. Data Storage & Security

    We implement multiple layers of security to protect your data:

    • Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS
    • Encryption at rest — our database provider encrypts all stored data at the storage level
    • Column-level encryption — sensitive personal data in your profile (such as passport numbers, national identification numbers, addresses, and contact details) is additionally protected using industry-standard cryptographic algorithms. This means even in the unlikely event of unauthorized database access, this data remains unreadable
    • Access controls — production data access is restricted to authorized personnel through role-based access policies

    In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

    9. Data Retention

    We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

    10. Your Rights (GDPR)

    You have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Delete your data ("right to be forgotten")
    • Export your data in a portable format
    • Restrict or object to processing
    • Withdraw consent at any time (without affecting prior processing)

    To exercise any of these rights, email us at info@residento.app. We will respond within 30 days.

    You also have the right to lodge a complaint with the Czech data protection authority: Úřad pro ochranu osobních údajů (ÚOOÚ)www.uoou.cz

    11. Children's Privacy

    Residento is not intended for children under 16. We do not knowingly collect data from children.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. Continued use of the Service after changes constitutes acceptance.

    13. Contact Us

    For questions about this Privacy Policy or your data:
    Email: info@residento.app

    © 2026 Residento. All rights reserved.