Privacy Policy
Effective Date: January 27, 2026
Last Updated: January 27, 2026
1. Introduction and Data Controller
1.1 This Privacy Policy ("Policy") explains how Greendev spółka z ograniczoną odpowiedzialnością, a company incorporated under the laws of the Republic of Poland, with its registered office at Głowackiego 3/5/1, 20-060 Lublin, Poland, registered in the National Court Register (KRS) under number 0000896252, with tax identification number (NIP) 5223201436 and statistical number (REGON) 388781726 ("Company," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal data in connection with the Intent platform and related services (collectively, the "Service").
1.2 For purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national implementing legislation, the Company acts as the data controller with respect to personal data collected through the Service.
1.3 This Policy applies to: (a) visitors to our website at useintent.ai; (b) individuals who create accounts and use the Service; (c) individuals whose personal data is processed in connection with the Service; and (d) any other individuals who interact with us in connection with the Service.
1.4 By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must not access or use the Service.
2. Categories of Personal Data Collected
2.1 Data You Provide Directly
2.1.1 Account Registration Data. When you create an account, we collect: (a) full name; (b) email address; (c) organization name (if applicable); (d) password (stored in encrypted form); and (e) any other information you voluntarily provide during registration.
2.1.2 Payment Information. When you subscribe to paid features, our third-party payment processor (Stripe, Inc.) collects payment card details. The Company does not directly collect or store complete payment card numbers. We receive from Stripe: (a) last four digits of payment card; (b) card type and expiration date; (c) billing address; and (d) transaction identifiers.
2.1.3 User-Generated Content. The Service enables you to create, upload, and store content, including but not limited to: (a) product specifications and requirements; (b) screen designs and layouts; (c) feature descriptions; (d) design system configurations; (e) conversations with the AI assistant ("Copilot"); and (f) any other content you choose to input into the Service (collectively, "User Content"). User Content may contain personal data about you or third parties.
2.1.4 Communications. When you contact us via email, contact forms, or other channels, we collect the content of your communications, including any personal data you include therein.
2.2 Data Collected Automatically
2.2.1 Device and Browser Information. We automatically collect: (a) IP address; (b) device type and operating system; (c) browser type and version; (d) screen resolution; (e) language preferences; and (f) unique device identifiers.
2.2.2 Usage Data. We collect information about your interactions with the Service, including: (a) pages visited and features used; (b) dates and times of access; (c) referring URLs; (d) clickstream data; (e) session duration; and (f) actions taken within the Service.
2.2.3 Log Data. Our servers automatically record information, including: (a) access times and dates; (b) application activity; (c) errors and diagnostic data; and (d) system performance metrics.
2.3 Data from Third-Party Sources
2.3.1 We may receive personal data from third-party sources, including: (a) identity verification services; (b) fraud prevention services; (c) business partners; and (d) publicly available sources. Such data is processed in accordance with this Policy.
3. Purposes and Legal Bases for Processing (GDPR)
3.1 The following table sets forth the purposes for which we process personal data and the corresponding legal bases under Article 6(1) of the GDPR:
| Purpose | Categories of Data | Legal Basis |
|---|---|---|
| Providing and maintaining the Service, including account creation, authentication, and feature delivery | Account data, User Content, usage data, device information | Performance of contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Account data, payment information, transaction records | Performance of contract (Art. 6(1)(b)) |
| Responding to inquiries and providing customer support | Account data, communications, usage data | Performance of contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)) |
| Processing User Content through AI/LLM systems to provide Service features | User Content, conversation data with Copilot | Performance of contract (Art. 6(1)(b)) |
| Improving, developing, and optimizing the Service | Usage data, device information, aggregated/anonymized data | Legitimate interests (Art. 6(1)(f)) |
| Ensuring security, preventing fraud, and protecting against unauthorized access | Account data, device information, usage data, log data | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations, including tax and accounting requirements | Account data, payment information, transaction records | Legal obligation (Art. 6(1)(c)) |
| Sending marketing communications (where consent obtained) | Contact information, communication preferences | Consent (Art. 6(1)(a)) |
| Analytics and performance monitoring | Device information, usage data, log data | Consent (Art. 6(1)(a)); Legitimate interests (Art. 6(1)(f)) |
3.2 Legitimate Interests Assessment. Where we rely on legitimate interests as a legal basis, we have conducted a balancing assessment to ensure that our interests do not override your fundamental rights and freedoms. Our legitimate interests include: (a) operating, maintaining, and improving the Service; (b) ensuring the security and integrity of the Service; (c) preventing fraud and abuse; (d) understanding how users interact with the Service; and (e) communicating with users about their accounts and the Service.
4. Artificial Intelligence Processing Transparency
4.1 Use of Large Language Models. The Service incorporates artificial intelligence capabilities, including large language models ("LLMs") provided by third-party vendors, specifically Anthropic, PBC and OpenAI, LLC (collectively, "AI Providers"). These AI systems power the Copilot assistant and preview generation features of the Service.
4.2 Data Processed by AI Systems. When you interact with Copilot or use AI-powered features, the following data may be processed by AI systems: (a) User Content you input, including product specifications, screen designs, feature descriptions, and design system configurations; (b) conversation history with the Copilot assistant; (c) contextual information necessary to generate relevant responses; and (d) instructions and prompts generated by the Service.
4.3 No Training on User Data. We do not use your personal data or User Content to train AI models. Our agreements with AI Providers prohibit them from using data submitted through the Service for model training purposes. User Content processed through AI systems is used solely to provide the requested Service functionality.
4.4 Automated Decision-Making. AI-generated outputs, including preview mockups, specification suggestions, and Copilot responses, are provided as assistive tools only. The Service does not engage in solely automated decision-making that produces legal effects or similarly significantly affects individuals within the meaning of Article 22 of the GDPR. Users maintain full control over whether to accept, modify, or reject AI-generated suggestions.
4.5 Data Transfers to AI Providers. Data processed by AI Providers may be transferred to and processed in the United States. Such transfers are conducted in accordance with Section 9 (International Data Transfers) of this Policy.
5. Cookies and Tracking Technologies
5.1 Overview
5.1.1 We use cookies and similar tracking technologies to collect and process information about your use of the Service. "Cookies" are small text files stored on your device that enable us to recognize your browser and remember certain information.
5.2 Types of Cookies
5.2.1 Strictly Necessary Cookies. These cookies are essential for the operation of the Service and cannot be disabled. They include: (a) authentication cookies that identify you when you log in; (b) security cookies that protect against fraudulent activity; (c) session cookies that maintain your session state; and (d) load-balancing cookies that ensure Service stability. Legal basis: Legitimate interests (Article 6(1)(f) GDPR); exempt from consent under Article 5(3) of the ePrivacy Directive.
5.2.2 Functional Cookies. These cookies enable enhanced functionality and personalization, including: (a) language preferences; (b) user interface customization; and (c) feature preferences. Legal basis: Consent (Article 6(1)(a) GDPR) where required; legitimate interests (Article 6(1)(f) GDPR) where exempt.
5.2.3 Analytics Cookies. We use analytics services, including Sentry for error monitoring and potentially Smartlook for session recording and analytics. These services use cookies to: (a) collect information about how users interact with the Service; (b) identify errors and performance issues; (c) analyze usage patterns; and (d) generate aggregated statistical reports. Legal basis: Consent (Article 6(1)(a) GDPR).
5.3 Specific Analytics Tools
5.3.1 Sentry. Sentry is used for application monitoring and error tracking. Data collected includes: (a) error and exception data; (b) browser and device information; (c) IP address (which may be anonymized); and (d) user interactions leading to errors. Sentry's privacy practices are described at https://sentry.io/privacy/.
5.3.2 Smartlook (if implemented). Smartlook may be used for session recording and user behavior analytics. Data collected may include: (a) mouse movements, clicks, and scrolls; (b) page views and navigation; (c) form interactions (with sensitive fields masked); and (d) device and browser information. Smartlook's privacy practices are described at https://www.smartlook.com/privacy/.
5.4 Managing Cookies
5.4.1 Cookie Consent. Upon your first visit to the Service, you will be presented with a cookie consent mechanism that allows you to: (a) accept all cookies; (b) reject non-essential cookies; or (c) customize your cookie preferences by category. Your consent preferences are stored and can be modified at any time.
5.4.2 Browser Controls. Most web browsers allow you to control cookies through their settings. You can typically: (a) delete existing cookies; (b) block all cookies; (c) block third-party cookies; or (d) receive alerts when cookies are set. Note that blocking certain cookies may impact Service functionality.
5.4.3 Withdrawal of Consent. You may withdraw your consent to non-essential cookies at any time by: (a) adjusting your preferences in our cookie settings panel; (b) clearing cookies from your browser; or (c) using browser settings to block future cookies. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. Data Retention
6.1 General Retention Principles. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
6.2 Specific Retention Periods. The following retention periods apply:
| Category of Data | Retention Period |
|---|---|
| Account registration data | Duration of account existence plus 3 years following account deletion |
| User Content (projects, specifications) | Duration of account existence; deleted within 90 days of account deletion or upon user request |
| Payment and transaction records | 7 years from transaction date (legal/tax requirements) |
| Server logs and security data | 90 days (standard logs); up to 2 years for security incidents |
| Analytics data | 26 months from collection (aggregated/anonymized data may be retained indefinitely) |
| Customer support communications | 3 years from resolution of inquiry |
| Marketing consent records | Duration of consent plus 3 years following withdrawal |
| Cookie consent records | 12 months from consent date |
6.3 Extended Retention. We may retain personal data for longer periods where: (a) required by applicable law; (b) necessary to establish, exercise, or defend legal claims; (c) required for ongoing litigation or regulatory investigation; or (d) necessary to comply with a legal hold or preservation order.
7. Data Sharing and Disclosure
7.1 Categories of Recipients. We may share personal data with the following categories of recipients:
7.1.1 AI Service Providers. Anthropic, PBC and OpenAI, LLC receive User Content and conversation data to provide AI-powered features. These providers act as data processors under contractual agreements that include appropriate data protection obligations.
7.1.2 Infrastructure Providers. Amazon Web Services, Inc. (AWS) provides cloud hosting infrastructure. Data may be stored on servers located in the European Union and/or United States.
7.1.3 Payment Processors. Stripe, Inc. processes payment transactions. Stripe acts as an independent data controller with respect to payment card data. Stripe's privacy policy is available at https://stripe.com/privacy.
7.1.4 Analytics and Monitoring Services. Sentry (Functional Software, Inc.) and potentially Smartlook (Smartlook.com, s.r.o.) receive device and usage data for performance monitoring and analytics purposes.
7.1.5 Professional Advisors. Legal, accounting, and other professional advisors may receive personal data as necessary for the provision of their services.
7.1.6 Legal and Regulatory Authorities. We may disclose personal data to: (a) comply with legal process or government requests; (b) enforce our Terms of Service; (c) protect our rights, privacy, safety, or property; (d) respond to emergencies; or (e) establish, exercise, or defend legal claims.
7.1.7 Business Transfers. In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, personal data may be transferred to the acquiring entity or successor.
7.2 No Sale of Personal Data. We do not sell personal data to third parties within the meaning of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), or any other applicable law.
7.3 No Sharing for Cross-Context Behavioral Advertising. We do not share personal data for cross-context behavioral advertising within the meaning of the CPRA.
8. Your Rights Under EU Law
8.1 If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the GDPR and applicable national law:
8.1.1 Right of Access (Article 15). You have the right to obtain confirmation as to whether personal data concerning you is being processed, and if so, to access the personal data and receive information about the processing, including the purposes, categories of data, recipients, retention periods, and your rights.
8.1.2 Right to Rectification (Article 16). You have the right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed.
8.1.3 Right to Erasure (Article 17). You have the right to obtain the erasure of personal data where: (a) it is no longer necessary; (b) you withdraw consent; (c) you object to processing; (d) processing was unlawful; (e) erasure is required by law; or (f) data was collected from a child. This right is subject to legal exceptions, including retention required for legal compliance or legal claims.
8.1.4 Right to Restriction (Article 18). You have the right to restrict processing where: (a) you contest accuracy (pending verification); (b) processing is unlawful but you oppose erasure; (c) we no longer need the data but you require it for legal claims; or (d) you have objected (pending verification of grounds).
8.1.5 Right to Data Portability (Article 20). You have the right to receive personal data you provided in a structured, commonly used, machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and carried out by automated means.
8.1.6 Right to Object (Article 21). You have the right to object to processing based on legitimate interests or public interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, or processing is necessary for legal claims. You have an absolute right to object to direct marketing at any time.
8.1.7 Right to Withdraw Consent (Article 7(3)). Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect lawfulness of processing prior to withdrawal.
8.1.8 Right Not to Be Subject to Automated Decision-Making (Article 22). You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you, except where authorized by law or based on explicit consent with appropriate safeguards.
8.2 Exercising Your Rights. To exercise any of these rights, please contact us at matt@useintent.ai. We will respond to your request within one (1) month of receipt, which may be extended by two (2) further months where necessary. We may request verification of your identity before processing your request.
8.3 Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. For users in Poland, the competent authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, "PUODO"), ul. Stawki 2, 00-193 Warszawa, Poland, website: https://uodo.gov.pl/. You may also lodge a complaint with the supervisory authority of your habitual residence or place of work.
9. International Data Transfers
9.1 Transfers Outside the EEA. Personal data collected in the EEA, United Kingdom, or Switzerland may be transferred to, and processed in, countries outside these regions, including the United States, where our AI Providers and certain infrastructure is located.
9.2 Transfer Mechanisms. For transfers to countries not covered by an adequacy decision, we implement appropriate safeguards, including:
9.2.1 Standard Contractual Clauses (SCCs). We enter into contracts with recipients incorporating the European Commission's Standard Contractual Clauses for international transfers (Commission Implementing Decision (EU) 2021/914).
9.2.2 EU-U.S. Data Privacy Framework. Where applicable, we may rely on transfers to organizations certified under the EU-U.S. Data Privacy Framework, where such certification is valid and maintained.
9.2.3 Supplementary Measures. Where required based on a transfer impact assessment, we implement supplementary technical, contractual, or organizational measures to ensure an essentially equivalent level of protection.
9.3 UK Transfers. For transfers from the United Kingdom, we rely on the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, as applicable.
9.4 Copies of Safeguards. You may request a copy of the safeguards we have put in place for international transfers by contacting us at matt@useintent.ai.
10. Additional Disclosures for United States Residents
10.1 Notice at Collection
10.1.1 This section provides the notices required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), and other U.S. state privacy laws including the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and similar state laws.
10.1.2 Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information:
| Category | Examples | Business Purpose |
|---|---|---|
| Identifiers | Name, email address, account credentials, IP address, device identifiers | Service delivery, security, communication |
| Commercial Information | Subscription plans, transaction history, payment records | Payment processing, billing, legal compliance |
| Internet Activity | Browsing history, usage data, interactions with Service, log data | Service improvement, analytics, security |
| Geolocation Data | Approximate location derived from IP address | Service delivery, compliance, security |
| Professional Information | Organization name, job title (if provided) | Service customization, communication |
| Inferences | Preferences and interests derived from usage patterns | Service personalization, improvement |
10.2 Sources of Personal Information
10.2.1 We collect personal information from the following categories of sources: (a) directly from you; (b) automatically through your use of the Service; (c) from our service providers; and (d) from publicly available sources.
10.3 Disclosure of Personal Information
10.3.1 In the preceding twelve (12) months, we have disclosed personal information to the categories of third parties identified in Section 7 (Data Sharing and Disclosure) for business purposes.
10.3.2 Sale and Sharing. We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising purposes.
10.4 Your California Privacy Rights
10.4.1 If you are a California resident, you have the following rights under the CCPA:
(a) Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which personal information was collected, the business or commercial purposes for collecting personal information, and the categories of third parties with whom we share personal information.
(b) Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to exceptions permitted by law.
(c) Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.
(d) Right to Opt-Out of Sale/Sharing. You have the right to opt-out of the sale or sharing of your personal information. As we do not sell or share personal information, this right is not applicable.
(e) Right to Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of sensitive personal information. We do not use sensitive personal information for purposes requiring opt-out rights.
(f) Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising your privacy rights.
10.4.2 Exercising Your Rights. To submit a request, please contact us at matt@useintent.ai. We will verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf.
10.5 Virginia, Colorado, Connecticut, and Other State Rights
10.5.1 If you are a resident of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, or another state with comprehensive privacy legislation, you may have similar rights to access, delete, correct, and port your personal information. To exercise your rights, contact us at matt@useintent.ai. You may appeal a decision regarding your request by contacting us at the same address.
11. Profiling
11.1 We may engage in limited profiling activities, specifically the analysis of usage patterns to improve the Service and personalize your experience. Such profiling does not produce legal effects or similarly significantly affect you.
11.2 We do not engage in profiling for the purposes of: (a) automated decision-making that produces legal effects; (b) targeted advertising based on sensitive personal data; or (c) credit scoring or similar assessments.
12. Children's Privacy
12.1 The Service is not directed to individuals under the age of sixteen (16) in the European Union or thirteen (13) in the United States ("Children"). We do not knowingly collect personal data from Children.
12.2 If you become aware that a Child has provided us with personal data, please contact us at matt@useintent.ai. If we learn that we have collected personal data from a Child without appropriate parental consent, we will take steps to delete that information.
12.3 We do not sell or share the personal information of consumers under sixteen (16) years of age.
13. Data Security
13.1 We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: (a) encryption of data in transit using TLS; (b) encryption of data at rest; (c) access controls and authentication; (d) regular security assessments; (e) employee training; and (f) incident response procedures.
13.2 No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect personal data, we cannot guarantee absolute security.
14. Contact Information
14.1 Data Controller Contact. For questions about this Policy or our data processing practices, please contact:
Greendev sp. z o.o.Attn: Data Protection
Głowackiego 3/5/1, 20-060 Lublin, Poland
Email: matt@useintent.ai
14.2 EU Representative (if required). As a company established in the European Union, we are not required to appoint an EU representative under Article 27 of the GDPR.
14.3 Supervisory Authority. The competent supervisory authority for data protection matters in Poland is:
Prezes Urzędu Ochrony Danych Osobowych (PUODO)ul. Stawki 2
00-193 Warszawa, Poland
Website: https://uodo.gov.pl/
15. Changes to This Policy
15.1 We may update this Policy from time to time. Material changes will be communicated by: (a) posting the updated Policy with a new "Last Updated" date; (b) notifying you via email if you have an account; or (c) providing notice through the Service interface.
15.2 Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the changes, except where additional consent is required by law.
— End of Privacy Policy —