Polaris AIBack to home

Privacy Policy

Effective date: 2026-07-10

This Privacy Policy explains how Polaris AI ("we", "us") collects, uses, and protects personal data when you use the Polaris AI platform (the "Service"). We act as the data controller for account data, and as a processor for the content your organization brings into the Service.

Questions and privacy requests: hey@myroomie.gr.

1. Data we collect

We collect only what the Service needs to operate:

  • Account data — name, email address, and profile image, managed through our authentication provider (Clerk).
  • Organization and brand data — workspace names, brand profiles, voice guidelines, and team membership.
  • Content you provide — documents you upload or import, prompts you write, and connections you authorize (e.g. Google Drive, Dropbox, OneDrive, GitHub, social media accounts).
  • Generated content — AI outputs, chat conversations, and their quality/validation metadata are stored so you can review, edit, schedule, and publish them.
  • Usage and billing records — token counts, feature usage, and subscription state, used for quota enforcement and billing.

2. AI processing

Polaris AI is an AI-powered service. When you use generation, chat, document search, or brand-analysis features, the relevant content (your prompts, selected brand context, and excerpts of your uploaded documents) is sent to large-language-model providers for processing. Depending on configuration, this is routed through the Vercel AI Gateway to model providers such as Anthropic and OpenAI, or to Microsoft Azure OpenAI.

We do not permit our model providers to use your content to train their models under the terms of our provider agreements. Prompts and outputs are stored in your workspace so your team can use them; they are not shared with other customers.

3. Service providers (processors)

We rely on the following subprocessors to run the Service:

  • Clerk — authentication and user management.
  • Vercel — application hosting, file storage (Vercel Blob), and AI Gateway routing.
  • CapyDB — managed PostgreSQL database hosting.
  • Anthropic, OpenAI, and Microsoft Azure OpenAI — AI model processing, as configured for your workspace.
  • Polar — billing and payments (merchant of record). Payment card data is handled by Polar, never by us.
  • Google Analytics 4 — only if your organization connects it, to measure the performance of your own published content.
  • Social platforms (X, LinkedIn, Meta, WordPress) — only when you connect accounts, to publish content and read its performance metrics on your behalf.

4. Legal bases

We process personal data to perform our contract with you (providing the Service), to comply with legal obligations, and for our legitimate interests in securing and improving the Service. Where processing depends on consent (for example optional analytics connections), you can withdraw it at any time.

5. Retention and deletion

Content remains in your workspace until you delete it or your organization is deleted. Deleting a document, generation, or brand removes it and its derived data (chunks, embeddings, metrics). Deleting your organization removes all workspace data. Deleting your user account removes your personal profile; content you created for your organization is retained for the organization with the personal link removed.

Operational usage logs are retained for billing and abuse-prevention purposes.

6. International transfers

Our subprocessors may process data outside the EEA (primarily in the United States). Where they do, transfers are protected by the EU Standard Contractual Clauses or an adequacy decision (e.g. the EU-U.S. Data Privacy Framework), per each provider’s data processing agreement.

7. Your rights

Under the GDPR you can request access to, correction of, deletion of, or a portable copy of your personal data, and you can object to or restrict certain processing. Write to hey@myroomie.gr and we will respond within the statutory deadline. You may also lodge a complaint with your supervisory authority — in Greece, the Hellenic Data Protection Authority (dpa.gr).

8. Cookies

The Service uses strictly necessary cookies only: authentication session cookies (Clerk) and a locale preference cookie. We do not use advertising or cross-site tracking cookies.

9. Security

Data is encrypted in transit (TLS) and at rest. Third-party integration credentials are additionally encrypted at the application level (AES-256-GCM). Access to production systems is restricted and logged.

10. Changes

We will post any changes to this policy on this page and update the effective date. Material changes will be announced in the Service.