At Contabilista, we prioritize your privacy and comply with the EU General Data Protection Regulation (GDPR) and Portuguese data protection laws to ensure your personal data is handled lawfully and securely. This Privacy Policy outlines what data we collect, how we use and protect it, and your rights regarding your data.
Contabilista is operated by Rising Formula - Unipessoal Lda, a company registered in Portugal (NIF: 517240912). We are the "data controller" of your personal data. For inquiries about this policy or your data, contact us at support@contabilista.io.
We collect only the data necessary to provide our AI accounting assistant service, including:
Collected when you use our Telegram bot to identify your account and deliver responses.
Includes name, email, and card details for purchases, processed securely by Stripe.
We do not store full credit card numbers; Stripe manages payment data.
Queries and interactions with our AI (questions and answers) are processed to provide and improve the service.
Treated as confidential; may include personal data if you share it in queries.
Collected when you contact us (e.g., name, email, message content) to respond to your inquiries or support requests.
Our website uses cookies and similar technologies to function and enhance your experience, with consent required for non-essential uses.
Necessary for site operation (e.g., loading pages, maintaining sessions); no consent needed.
Used for preferences (e.g., language) or anonymous analytics (e.g., page visits); set only with your consent.
Not used for advertising or profiling.
Accept or reject non-essential cookies on your first visit.
Manage cookies via browser settings; disabling some may affect site functionality.
We process your data under GDPR-approved legal bases:
Processing Telegram username, queries, and payment data to deliver the service (Article 6(1)(b) GDPR).
Retaining payment records for tax/accounting compliance (e.g., 10 years) (Article 6(1)(c) GDPR).
Improving the AI or sending service updates, balanced against your rights (Article 6(1)(f) GDPR).
You may object to this processing (see Your Rights).
Used for optional activities (e.g., marketing emails); withdrawable at any time (Article 6(1)(a) GDPR).
We use your data solely for these purposes:
Telegram username and query content used to deliver AI responses; may be reviewed internally for accuracy.
Payment details processed via Stripe for subscriptions or one-time purchases; records kept for compliance.
Contact info and account details used to assist with inquiries or troubleshoot issues.
Non-promotional updates (e.g., purchase confirmations, policy changes, service alerts).
Usage analysis (preferably anonymized) to enhance AI and features; consent sought if beyond service delivery.
We employ robust security measures:
Data encrypted in transit (HTTPS for website, Telegram's secure channels, Stripe's protocols).
Stored on secure servers with industry-standard safeguards (firewalls, access controls).
Limited to authorized personnel under confidentiality agreements; access logged.
Stripe secures card data (PCI-DSS Level 1); we store only transaction references.
Collect and retain minimal data for minimal time (see Data Retention).
Security practices updated; breaches reported to you and authorities if required.
We do not sell or rent your data, sharing it only as necessary:
Disclosed if legally required or to enforce rights/safety; you're informed if permitted.
Data may transfer in mergers/acquisitions with confidentiality ensured; you'd be notified.
Data is preferably kept in the EEA, but some providers may transfer it outside:
Global infrastructure; data may route beyond EEA (e.g., U.S.); review their terms.
Primarily EEA-processed; may transfer to U.S. with GDPR safeguards (e.g., SCCs).
Non-EEA transfers use adequacy decisions or SCCs for protection.
We retain data only as needed or required:
Kept while active; retained briefly post-use unless deleted upon request.
Stored briefly (e.g., months) for quality; anonymized later unless deletion requested.
Kept 10 years for legal compliance; deleted/anonymized afterward.
Retained for account duration plus a period; deletable upon request unless legally needed.
Short-term retention; anonymized quickly; identifiers removed.
Our service is not for children:
We do not collect data from those under 13; contact us if detected.
13-18 users need parental consent for purchases; age verification possible.
Service not designed for or marketed to minors.
Under GDPR, you have these rights:
Request a copy of your data and details on its use, free of charge.
Correct inaccurate or incomplete data.
Delete data unless legally required to retain (e.g., payment records).
Pause processing in specific cases (e.g., accuracy disputes).
Oppose processing for legitimate interests or marketing.
Receive or transfer your data in a machine-readable format.
Revoke consent anytime for applicable processing.
No solely automated decisions with legal effects apply; human oversight exists.
Contact Portugal's CNPD or us directly with concerns.
Email support@contabilista.io; response within one month (extendable if complex).
Our AI usage is informational, not decisional:
AI answers queries without affecting your rights.
Experts oversee AI knowledge and outputs.
AI uses pattern matching on trained data; no personal profiling.
Any automated decisions would comply with GDPR, with notice and contest rights.
Updates posted with notice (e.g., website, Telegram, email).
Effective upon posting; consent sought for material changes.
Email: support@contabilista.io
Hours: Monday–Friday, 9:00–18:00 WET
Mail: Request address via email if needed.
Last Updated: March 27, 2025