Thank you for using FunctionalAI. This Privacy Policy explains how FunctionalAI ("we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website and services ("Service"). It also describes your rights and choices regarding your personal data. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and other relevant regulations.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
We may collect several types of information from and about users of our Service, including:
When you sign up for FunctionalAI or use our Service, you may provide personal information such as your name, email address, company name, and account login credentials. You may also provide content when using the Service's features – for example, by entering chat conversations, uploading files or documents, or providing prompts to the AI. All data that you input into the Service (including any text, files, or other materials) is collected and stored to enable the Service's functionality.
If you choose to integrate or connect third-party accounts with FunctionalAI, we will access certain information from those accounts with your permission. The currently supported integrations are:
Other channels (e.g., WhatsApp Business, LINE) may be added in the future. We will update this Privacy Policy and the sub-processor list before any new channel becomes available to you.
If you make a purchase or subscribe to a paid plan outside the Shopify ecosystem, our third-party payment processor Lemon Squeezy (a Stripe company) acts as merchant of record: Lemon Squeezy issues the invoice to you, collects payment, handles VAT/sales tax, and pays FunctionalAI a monthly settlement net of fees. If you install us through the Shopify App Store, Shopify plays the same merchant-of-record role through its Billing API. In both cases, your payment-card details, billing address, and cardholder name are collected and stored by the merchant of record, not by us.
On our side, while your account is active we keep an internal reconciliation record per transaction — amount, date, plan tier, and the pseudonymous order/subscription identifier issued by Lemon Squeezy or Shopify. These rows are operational data, not Polish tax records. Our Polish tax records are the monthly payout / settlement statements from Lemon Squeezy or Shopify and the invoices we issue to them; those documents (which do not identify individual end users by name or card details) are retained for the 5-year period required by Art. 86 § 2 of the Polish Tax Ordinance. When you delete your account, the per-transaction reconciliation rows are deleted along with the rest of your data.
When you use our website or app, we may collect certain information automatically via cookies, log files, and similar tracking technologies. This can include your IP address, browser type, device type, operating system, referring URLs, pages viewed, and links clicked.
We use the information we collect for the following purposes:
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
We use cookies and similar tracking technologies to collect and store information when you use our Service. Here is how we use these technologies:
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect the functionality of the Service. For more information on managing cookies, visit www.allaboutcookies.org.
Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. Our Service does not currently respond to "Do Not Track" signals.
We understand that your data is important, and we only share personal information with others in the following circumstances:
We use trusted third-party companies to perform certain functions to operate and improve FunctionalAI. Key service providers include:
We do not sell your personal information to third parties. We also do not share personal data with third parties for their own direct marketing purposes unless you have given us consent to do so.
We want to be explicit about how your data is used in relation to AI model training:
We do NOT train any AI models on your data. Your conversations, knowledge bases, customer interactions, and business information are used solely to power YOUR AI assistant — never to train or improve AI models.
If you use FunctionalAI through our Shopify integration, we want to be crystal clear about our data practices:
We use OpenAI's API to generate AI responses. According to OpenAI's data usage policy:
For the latest information on OpenAI's data practices, please refer to their official data usage policy.
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:
We take the security of your personal information seriously. We have implemented various technical and organizational measures to protect your data, including:
You have certain rights regarding your personal information, especially if you are in the EEA or in other jurisdictions with similar data protection laws:
Authenticated users can also exercise the right of access / portability and the right to erasure directly from the application via in-product self-service endpoints (under Account → Privacy): POST /api/users/gdpr/data-export/ initiates an asynchronous machine-readable export, and POST /api/users/gdpr/delete-account/ initiates account erasure (subject to a confirmation step).
To exercise any of these rights by other means, please contact us at privacy@functional-ai.com or through the contact information provided below. We will respond to verifiable data-subject requests within 30 days of receipt, with one 60-day extension where permitted by law for particularly complex or voluminous requests (you will be informed within the first 30 days if an extension is needed).
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Do Not Sell or Share My Personal Information: FunctionalAI does not sell personal information to third parties, nor do we share personal information for cross-context behavioral advertising purposes. If this changes in the future, we will provide a clear opt-out mechanism.
To exercise your California privacy rights, please contact us at privacy@functional-ai.com. We will respond to verifiable requests within 45 days, with a one-time extension of up to 45 additional days where reasonably necessary, in accordance with Cal. Civ. Code § 1798.130(a)(2).
We honor the Global Privacy Control (GPC) browser-level signal as a valid opt-out request from California residents under the CPRA. Because we do not sell or share personal information for cross-context behavioral advertising, the GPC signal effectively confirms our existing position: your information is not sold or shared. If our practices change in the future, the GPC signal will be processed automatically as your opt-out.
FunctionalAI is based in Poland (in the European Union) and the core of the Service is hosted in the EU: application servers, the primary database, Redis, and persistent storage are operated by Hetzner Online GmbH in Falkenstein, Germany; user-uploaded files and conversation-export archives live in AWS S3 in Frankfurt (eu-central-1); and transactional email is sent through Mailjet (France). We serve users around the world, so some sub-processors are located outside the EEA — most relevantly OpenAI (United States) for LLM inference, Lemon Squeezy (United States) for payments, and PostHog and Google Analytics (United States) for consent-gated analytics on our marketing site.
Where personal data of EU/UK/EEA or Swiss data subjects is transferred outside the EEA/UK/Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as amended for the UK (ICO International Data Transfer Addendum) and Switzerland (FDPIC adaptations), together with supplementary technical and organizational measures. Where a sub-processor is certified under the EU–U.S. Data Privacy Framework, that certification may also be relied upon. Full details, including the current list of sub-processors, are in our Data Processing Agreement and on our Sub-Processors page.
If you are a business customer using the Service to process personal data of your own customers or end-users, we act as your Processor under GDPR Art. 28. Our Data Processing Agreement (DPA) is incorporated into our Terms and applies automatically; a signed counterpart is available on request at privacy@functional-ai.com.
Where we are data controller for your personal data (e.g., your account information as a FunctionalAI customer), in the event of a confirmed personal data breach we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Art. 33 GDPR). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Art. 34 GDPR).
Where we act as data processor for a business customer (the "Controller") under the Data Processing Agreement, we will notify the Controller of any personal-data breach affecting their data within 48 hours of becoming aware, so that the Controller can meet its own 72-hour supervisory-authority obligation.
We use strictly necessary cookies to operate this website and, with your prior consent, analytics and session-replay technologies (Google Analytics with IP anonymization and Google Consent Mode v2; PostHog product analytics and session replay with inputs masked by default). No non-essential cookies or analytics scripts are loaded before you grant consent through our cookie banner. You can change your choices at any time via the “Cookie preferences” link in our footer; we store your preferences locally in your browser.
FunctionalAI is a business service intended for users who are at least 18 years of age or who have the legal capacity to enter into binding agreements on behalf of a business or organization. By using the Service, you represent that you meet these requirements.
We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected personal data from a minor without proper consent, we will delete that information as soon as possible. If you believe a minor has provided us with personal information, please contact us at privacy@functional-ai.com.
We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy. If the changes are significant, we will provide a more prominent notice.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
FunctionalAI Support and Privacy Team
Privacy Requests:privacy@functional-ai.com
Legal Matters:legal@functional-ai.com
General Support:support@functional-ai.com
Service provider (data controller):
Jakub Szumlas FunctionalAI
(jednoosobowa działalność gospodarcza wpisana do CEIDG)
ul. ks. Karola Kulisza 10, 43-445 Dzięgielów, Poland
NIP: 5482772056 · REGON: 543058690
VAT: not registered for Polish VAT (zwolnienie podmiotowe, Art. 113 ust. 1 ustawy o VAT). Invoicing is issued without VAT; B2B customers in other EU/EEA countries should consult their local tax adviser regarding any VAT obligations on their side.
This disclosure is provided pursuant to Art. 5 of the Polish Act on Providing Services by Electronic Means (ustawa o świadczeniu usług drogą elektroniczną) and Art. 434 § 1 of the Polish Civil Code. FunctionalAI is offered as a B2B service; disputes are governed by Polish law and subject to the jurisdiction of Polish courts. For B2B customers domiciled in other EU/EEA Member States, jurisdiction follows Regulation (EU) 1215/2012 (Brussels I bis).
We will do our best to address any issue or query promptly and transparently. If you are an EU/EEA individual and you believe we have not adequately resolved your privacy concern, you have the right to lodge a complaint with your relevant data protection authority.
Thank you for trusting FunctionalAI. Your privacy is important to us, and we are dedicated to safeguarding your personal information while providing you with a powerful and secure AI-driven service.