# Privacy Policy Last updated: June 6, 2026 ## Controller This Privacy Policy applies to biflow / innerchats (the "App"). Operator: Auto Projekt Centrum s.r.o., Identification No. (IN): 47715961, Czech Republic. Contact: hey@joyouslab.com ## App Data The App stores chats, messages, chat titles, uploaded chat images, theme, and style preferences in your browser on your device using local storage. This storage is necessary to provide the App. The Controller does not receive your locally stored chats, messages, or uploaded images through the App. The App does not use accounts, chat sync, analytics, ads, payment processing, or in-app tracking. ## Other Data If you email the Controller, the Controller receives your email address, message, and related metadata so it can respond and keep reasonable records. If you click an external link, your data leaves the App and is handled by your browser, device, network, and the destination service. The hosting provider, browser, device, or network may process basic technical data such as IP address, user agent, request time, and pages requested to deliver, maintain, and secure the site. ## Legal Bases Where GDPR applies, the Controller relies on requested service, legitimate interests, consent where requested, and legal obligation where required. ## Sharing The Controller does not sell App data. The Controller does not share locally stored App content because the Controller does not receive it through the App. Technical hosting data and emails may be processed by hosting, infrastructure, security, and email providers only as needed to provide those services. ## Retention Local App data stays in your browser until you delete it, clear browser storage, switch browsers/devices, or browser/device limits remove it. Emails are kept only as long as reasonably needed for support, records, legal compliance, or dispute protection. Hosting logs are kept by the hosting provider according to its normal security and operations practices. ## Your Rights You can delete chats in the App and clear App storage in your browser or device settings. This may permanently delete local data. Where GDPR applies, you may request access, correction, deletion, restriction, portability, or objection for personal data the Controller actually controls. The Controller cannot access, export, correct, or delete local App data that never leaves your device. You may complain to your local EEA/UK data protection authority. ## Security Because App data is stored locally, privacy depends on your device, browser, backups, and anyone with access to them. Do not store sensitive information unless you accept that risk. ## Children The App is not directed to children. Do not use the App if you are under 13 or if you are not old enough to consent to online services in your country without parent or guardian approval. ## Transfers Technical data and emails may be processed outside your country, including outside the EEA/UK, depending on the providers used. Where GDPR applies, the Controller relies on applicable transfer safeguards provided by those services, such as adequacy decisions or standard contractual clauses. ## Changes The Controller may update this Policy by posting a new version.