Privacy Policy & Cookie Policy

AI 4E-Learning Privacy Policy

Version dated: 21 April 2026

1. General Information

This Privacy Policy explains how we process personal data in connection with the use of AI-4E-Learning.

AI-4E-Learning is a SaaS solution for creating training materials based on content provided by customers. The application can analyse text, graphics, audio and video materials and assist in the preparation of scripts, tests, presentations, language versions and audio tracks.

2. Data Controller

With regard to data processed for the purposes of commercial and organisational contact, the conclusion and performance of a contract, the maintenance of user accounts, billing, handling enquiries, ensuring security, compiling statistics and managing cookie consents, the data controller is:

Transition Technologies MS S.A., with its registered office in Warsaw, ul. Chmielna 69, 00-801 Warsaw, entered in the National Court Register (KRS) under number 0000913657, Tax Identification Number (NIP) 5272728327, Statistical Identification Number (REGON) 360679205, hereinafter: "Service Provider".

Contact regarding privacy matters: rodo@ttms.pl

3. Distinction Between Roles

Within AI-4E-Learning, there are two models of data processing. This distinction is of practical importance, as it determines to whom questions or requests relating to data should be addressed.

The Service Provider as data controller

In this role, we primarily process data relating to client contact persons, account users, billing data, technical data, logs, security-related data, support requests, and data processed when using the website and cookies.

The Service Provider as a data processor

If personal data is contained in materials, files, prompts, recordings, documents or other content entered into the Application by the client or users, as well as in materials generated by the Application, the client using the Application is, as a rule, the data controller. To this extent, the Service Provider acts on their behalf as a data processor.

If your data is contained in materials entered into the Application by the Service Provider's client, you should first contact that client as the data controller.

4. What Data Do We Process

The scope of data depends on which feature of the website or App you are using. In particular, we may process:

Identification and contact details: first name and surname, email address, telephone number, job title or role, company name, VAT number, business address or postal address.

Account and access data: login, password or authentication method, user ID, information on roles and permissions within the system, data obtained from an external login provider if the user uses a Google account or another SSO solution.

Data related to the use of the website and the Application: IP address, internet identifiers, session data, information about the device, operating system and browser, technical and security logs, information about activity within the Application, data stored in cookies or similar technologies.

Billing and transaction data: data required to issue an invoice, payment information, payment status, billing history.

Data contained in correspondence and reports: message content, data provided in contact forms, information provided in service, complaint and organisational reports.

Data entered into the Application by the customer or users: text, documents, graphics, audio and video recordings, prompts, commands and metadata, data contained in input materials and in materials generated by the Application.

5. Where We Obtain Data

We collect personal data directly from you, from the client you represent or on whose behalf you use the App, from systems used for logging in, payments or statistics, and automatically when you use the website or the App.

6. Purposes and Legal Bases for Processing

Below we describe the main purposes of data processing and the legal bases on which we rely.

Conclusion and performance of a contract and provision of the Application

Legal basis: Article 6(1)(b) of the GDPR, if you are a party to the contract as a natural person; Article 6(1)(f) of the GDPR, if you are acting on behalf of a business; and our legitimate interest in managing customer relations.

Creating and maintaining user accounts, managing access, authentication and ensuring the security of the Application:

Legal basis: Article 6(1)(b) of the GDPR, Article 6(1)(f) of the GDPR.

Handling enquiries, technical support, complaints and organisational contact

Legal basis: Article 6(1)(b) of the GDPR, Article 6(1)(f) of the GDPR.

Establishing, pursuing or defending claims

Legal basis: Article 6(1)(f) of the GDPR.

Compiling statistics and analysing the use of the website or the App

Legal basis: Article 6(1)(a) of the GDPR, to the extent based on consent to analytical cookies, and Article 6(1)(f) of the GDPR, to the extent of necessary technical and security data.

Feedback from the tests carried out

Legal basis: Article 6(1)(f) of the GDPR, where the legitimate interest lies in improving the product and ensuring its functionality and security.

Processing of data entered into the Application by the customer

Where data is entered into the Application for the purpose of providing a SaaS service, including the generation of output materials using AI tools, the Service Provider generally acts as a data processor. In such cases, the legal basis for processing is determined by the customer as the data controller.

7. Artificial Intelligence and Data Entered into the Application

The Application uses artificial intelligence components, including solutions based on language models and speech synthesis. Data entered into the Application may be technically processed for the purposes of: analysing materials, generating scripts, tests, presentations and language versions, preparing audio tracks, and storing and reproducing the results of the Application's work.

In accordance with the solution's design, customer data should not be used to train models for other customers' needs, nor should it be mixed between accounts.

Materials generated by the Application may contain personal data already present in the input materials or resulting from their processing.

8. Recipients of Data

Personal data may be disclosed to entities that support us in providing services and maintaining the system, in particular:

• hosting and cloud infrastructure providers,
• providers of AI tools and services supporting content generation,
• analytics service providers,
• providers of product-analytics tools for analysing the use of the Application and improving its quality (PostHog – provided under its European variant, with data processed on servers within the European Union),
• IT, security, maintenance and support service providers,
• entities providing accounting, legal or auditing services,
• public authorities, where the obligation to disclose data arises from legal provisions.

9. Transfer of Data Outside the EEA

As a general rule, the Application's infrastructure is hosted on Microsoft Azure within the EU or the EEA. The product-analytics service PostHog, used by the Service Provider, operates under its European variant — data is processed on servers located within the European Union (Germany, AWS Frankfurt region); accordingly, this does not involve any transfer of data outside the EEA.

However, some functionalities may involve the transfer of data outside the EEA, in particular when using the services of ElevenLabs, which is based in the USA, or other providers operating outside the EEA.

Should data be transferred outside the EEA, we will ensure that the appropriate legal mechanisms required by the GDPR are in place, in particular standard contractual clauses, where required.

10. Data Retention Period

We retain data for as long as is necessary to fulfil the purpose for which it was collected. In practice, this means in particular:

• data relating to the conclusion and performance of a contract: for the duration of the contract and, after its termination, for the period necessary for settlement, handling claims and fulfilling legal obligations;
• account data, logs and technical data: for the duration of use of the Application and for the time required to ensure security, investigate incidents, handle claims and ensure compliance;
• data contained in materials entered into the Application and in output data: for the duration of the service, and after its termination for the time necessary to export, return, delete or anonymise the data in accordance with the agreed cooperation model;
• data processed on the basis of consent, including analytical cookies: until consent is withdrawn or the relevant purpose is no longer applicable.

If data remains temporarily in backups, it is not used for ongoing processing and is deleted in accordance with the standard backup retention cycle.

11. Your Rights

To the extent that we act as a data controller, you have the right to:

• access your data,
• rectify data,
• erase data,
• restrict processing,
• data portability, where the basis for processing is a contract or consent,
• object to processing based on a legitimate interest,
• withdraw consent at any time, if processing is based on consent,
• lodge a complaint with the President of the Office for Personal Data Protection.

If we process data solely as a data processor on behalf of a client, exercising these rights may require you to address your request to the relevant client as the data controller.

12. Is the Provision of Data Mandatory?

Providing data is, as a rule, voluntary. In some cases, however, it is necessary for us to:

• contact you,
• conclude or perform a contract,
• create an account,
• enable you to use the App,
• issue an invoice,
• respond to a request or deal with a complaint.

If you do not provide your data, in some situations we may not be able to provide the service or deal with your matter.

13. Automated Decision-Making

The App uses AI tools to generate content and process materials, but their results are for guidance only and should be verified by the user.

This Policy does not describe instances of decisions being made regarding individuals that produce legal effects or similarly significantly affect them based solely on automated data processing.

14. Security

We implement technical and organisational measures appropriate to the risk, in particular data transmission security using SSL/TLS and solutions restricting access to systems exclusively to authorised persons.

15. Changes to the Privacy Policy

The Privacy Policy may be updated in line with the development of the Application, technological changes, changes in suppliers or changes in legislation. The current version will be published in the Terms of Service or within the Application.

---

AI-4E-Learning Cookie Policy

Version dated: 21 April 2026

1. What Are Cookies

Cookies are small text files stored on the user's device in connection with the use of a website or the App. They help the service to function properly, remember settings and analyse how the service is used.

In this Policy, we also refer to similar technologies as cookies if they are used on the website or within the Application.

2. Who Uses Cookies

Cookies may be used by:

• the Service Provider,
• analytics tool providers,
• providers of technical and security components,
• other third parties used within the website or the App.

3. What Types of Cookies Do We Use

a) Essential cookies

These are cookies necessary for the proper functioning of the website or the App, including maintaining the user's session, authentication, ensuring security, remembering basic privacy settings and maintaining technical stability.

Such cookies do not require the user's consent, as they are necessary for the provision of the service by electronic means or for the proper functioning of the website.

b) Functional cookies

These may be used to remember user preferences, such as interface settings, language, page layout or other individual choices.

If they are not technically necessary, their use requires the user's consent.

c) Analytical cookies

These are used to compile statistics, analyse traffic, measure the use of the website or the App, and improve services.

Such tools may involve the collection of information about user activity, IP addresses, online identifiers or events on the website.

We use analytical cookies only after obtaining consent.

d) Marketing cookies

If advertising, remarketing or marketing campaign tracking tools are implemented in the future, their use will require the user's prior consent.

4. Legal Basis for the Use of Cookies

We use essential cookies in accordance with the provisions of the Electronic Communications Act concerning technologies that store information on the user's end device. With regard to the processing of personal data, we rely on Article 6(1)(f) of the GDPR, i.e. our legitimate interest in ensuring the proper functioning and security of the website.

We use analytical, functional and, where applicable, marketing cookies on the basis of the user's consent.

5. Consent Management

On their first visit to the website, users should see a cookie banner that allows them to:

• consent to selected categories of cookies,
• refuse consent for optional categories,
• change cookie settings at any time.

Withdrawing consent does not affect the lawfulness of actions taken prior to its withdrawal.

6. How to Disable Cookies

You can manage cookies:

• via the banner or consent management centre,
• via their browser settings.

Restricting the use of essential cookies may cause the website or App to not function properly.

7. Cookie Retention Period

Cookies may be stored:

• for the duration of the session, i.e. until the browser is closed,
• for a specified period after the session ends, depending on their function and the provider's settings.

It is advisable to specify the exact retention periods in the cookie table once the final CMP solution has been implemented and the tools actually in use have been confirmed.

8. List of Cookies

9. Changes to the Cookie Policy

The Cookie Policy may be updated in the event of changes to the tools used, the configuration of the website or the App, legal requirements, or the implementation of new features. The current version will be published on the website.