Controller
The controller for this beta service is Živić Elektro j.d.o.o., OIB/VAT ID HR90344764519, 204. vukovarske brigade 39, 32000 Vukovar, Hrvatska. Privacy requests can be sent to contact@ploroai.io.
- Product name: PloroAI
- Service type: SaaS application for AI-assisted electrical quote preparation
- Contact email: contact@ploroai.io
Personal data collected
PloroAI collects data needed to create accounts, provide the SaaS service, analyze uploaded files, prepare quotes, manage subscriptions, process invoices, and protect the service.
- Account data: name, email, password hash, session and settings data
- Billing profile data: billing name, company, OIB/VAT/tax identifiers where provided, address, country, billing email, customer type
- Project data: project names, client names, object type, areas, project status, rooms, materials, quotes, and exports
- Uploaded files: floor plans and project documentation PDFs
- Generated data: AI analysis results, room data, material and labor candidates, quote data, PDF and Excel exports
- Payment/subscription data: Stripe customer, checkout, subscription, payment, and invoice identifiers
- Technical/security data: logs, rate-limit data, IP or request metadata where applicable
- Password reset metadata: email delivery and reset-token metadata without exposing token values
Purposes of processing
Data is processed for operating the product, fulfilling subscriptions, generating project outputs, and meeting security, support, and accounting needs.
- Account creation, authentication, password reset, and account management
- Providing project, floor-plan, material, quote, PDF, and Excel workflows
- AI analysis of uploaded floor plans and project documentation
- Candidate review and accepted material import into quotes
- Billing, subscription management, and Stripe payment handling
- Manual invoice processing and Synesis/accounting workflow where applicable
- Support, contact, complaints, and beta feedback
- Security, abuse prevention, rate limiting, troubleshooting, and legal/accounting obligations
Legal bases
The intended legal bases may include contract performance, legal obligations, legitimate interests, and consent where applicable. Final legal-basis wording must be reviewed before production launch.
- Contract performance for account access, SaaS functionality, subscriptions, and support
- Legal obligations for billing, accounting, tax, and invoicing records
- Legitimate interest for security, abuse prevention, service improvement, and beta support
- Consent where optional cookies, future analytics, or similar optional processing are introduced
Processors and subprocessors
The service may use third-party processors for infrastructure, payments, AI analysis, and email. The final processor list and data-processing agreements must be verified before production launch.
- Hosting, database, and storage provider, including Supabase or equivalent configured infrastructure
- Stripe for card payments, checkout, subscriptions, and customer portal
- OpenAI or another AI service provider for analysis of uploaded plans and project documents
- SMTP/email provider for password reset and service emails
- Analytics are not currently described as active; if added later, this policy must be updated
Storage and infrastructure region
Project data is intended to be stored in EU-hosted infrastructure where configured by the operator. Final hosting, database, and storage regions must be verified before production launch.
- Uploaded project files and generated data are stored using configured cloud infrastructure
- Do not rely on this page as a final EU-only storage guarantee until deployment configuration is verified
- AI and payment providers may process data under their own infrastructure and safeguards
Data retention
Retention periods are beta placeholders and must be finalized. Data is generally kept only as long as needed for the service, legal/accounting duties, security, backups, and support.
- Account data while the account exists or as needed for legitimate support/security needs
- Billing and invoice records according to applicable legal/accounting retention rules
- Project data until deleted by the user or account closure, subject to backups and legal obligations
- Rate-limit, security, and operational logs for a limited operational period
- TODO: final retention periods must be defined before production launch
GDPR rights
Subject to legal conditions, users may exercise GDPR rights by contacting contact@ploroai.io. Users also have the right to lodge a complaint with the Croatian data protection authority, AZOP.
- Access to personal data
- Correction of inaccurate or incomplete data
- Deletion where applicable
- Restriction of processing
- Objection to processing where applicable
- Data portability where applicable
- Withdrawal of consent where processing is based on consent
- Complaint to AZOP, the Croatian Personal Data Protection Agency
International transfers
Some providers, including AI or payment providers, may process data outside the EU/EEA under appropriate safeguards where applicable. This must be verified in final processor documentation.
- Do not treat this beta notice as a guarantee that every processing activity is EU-only
- Provider safeguards and transfer mechanisms must be reviewed before production launch
Privacy contact
For privacy requests, account-data questions, project deletion requests, or processor questions, contact PloroAI at contact@ploroai.io.
- Include the account email related to the request
- Do not send passwords or sensitive access tokens by email
