Drellia Effective Date: 1 September of 2025

At Drellia, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Data Controller

Drellia OÜ (“Company,” “we,” “us,” or “our”) acts as the data controller for personal data collected through the Drellia platform (the “Service”) and is responsible for processing your personal data as described in this Privacy Policy.

2. Personal Data We Collect

We collect various types of personal data to operate, improve, and provide our Services. This includes information you provide directly, data generated through your interactions, and information we receive from third parties.

At a Glance: What We Collect

  • Profile Details: Name, email, contact info, and payment data
  • Service Usage Data: IP address, device info, browser type, and interaction logs
  • AI-Related Content: Prompts, inputs, and outputs processed by our platform
  • Cookies & Tracking Technologies: Data collected through browser tools and similar methods
  • Third-Party Connections: Information required to enable integrations with external services

Detailed Breakdown

a. Information You Provide to Us: We collect personal data when you interact directly with Drellia, such as when you sign up, use features, or contact us.

  • Account Details: When you register, we collect basic account information including your name, email address, contact details, date of birth, payment method, and transaction history.
  • Content You Share: You may provide content while using our AI-powered features—this includes text prompts, uploaded files, images, or audio. This input, along with generated outputs, may contain personal data depending on what you choose to share.
  • Communications with Us: If you contact us by email or through social platforms, we collect your name, contact information, and the content of your messages.
  • Additional Voluntary Information: You might provide us with additional data during surveys, events, beta testing, or identity/age verification.

b. Information Collected Automatically: When you access Drellia, we collect certain technical data automatically to ensure security and improve performance.

  • Log and Usage Information: This includes your IP address, time zone, browser type, language preferences, interaction timestamps, and how you engage with different features on the platform.
  • Device Information: We collect data about the devices you use, such as hardware model, operating system, and browser identifiers.
  • Location Data: Based on your IP address or device settings, we may determine a general location for security purposes and to personalize content. Some features may also request more precise location data, with your permission.

c. Cookies and Tracking Technologies: We use cookies and similar tools to remember your settings, analyze usage, and enhance your experience. If you access our Services without logging in, we may still store some data locally to support these functions. For more details, see our cookie page.

d. Data from Third Parties We may receive personal data from:

  • Third-Party Integrations: When you connect other apps or services to Drellia, we collect the necessary information to facilitate those connections securely.
  • Security and Compliance Partners: To help detect fraud, abuse, or other security threats.
  • Marketing and Analytics Providers: These services may share aggregated or interest-based information about potential users of our platform.
  • Publicly Available Sources: In limited cases, we may use publicly available data (e.g., websites, publications) to train or evaluate our systems, in line with applicable laws and ethical guidelines.

3. How We Use Your Data

We use the Personal Data we collect for a variety of purposes to operate, secure, and improve our Services. These include:

  • Providing and Managing the Service: To deliver core functionality, respond to user requests, manage accounts, and support customer service operations.
  • Improving and Evolving Our Services: To develop new features, refine existing tools, analyze usage patterns, and conduct research that supports innovation.
  • Personalizing the User Experience: To tailor content, features, and interactions based on user preferences and behavior.
  • Communicating with You: To send service-related updates, notify you of changes or improvements, and provide information about events or offerings you may be interested in.
  • Processing Payments and Subscriptions: To handle billing, transactions, and subscription management in a secure and efficient manner.
  • Ensuring Security and Preventing Misuse: To protect against fraud, abuse, unauthorized access, and other threats to the integrity of our systems.
  • Legal and Compliance Obligations: To comply with applicable laws, enforce our terms, and safeguard the rights, safety, and property of our users, Drellia, and third parties.
  • AI Training and Service Optimization: With appropriate safeguards in place, we may use user-provided inputs and interaction data to enhance the quality and accuracy of our AI models. You may opt out of this use—see our Help Center for details.
  • Collaboration and Knowledge Sharing (Where Applicable): To support interactive or shared features, such as workspaces or collaborative environments, if offered.

We may also use aggregated or de-identified information—data that can no longer be linked to you—for analytics, service improvements, and research. This information is maintained in a de-identified state and is not re-identified unless required by law.

4. How We Share Personal Data

We may share your Personal Data with third parties in specific situations, always in line with applicable data protection regulations:

Third-Party Partners and Service Providers

We engage trusted external partners to help us operate, support, and enhance our Services. These include, but are not limited to, providers of web hosting, cloud storage, customer support, payment gateways, security monitoring, analytics, AI Service Providers, communication platforms, and other IT services. These entities process Personal Data strictly under our direction and only to the extent necessary to perform the tasks we assign to them. They are contractually obligated to maintain the confidentiality and security of your data.

Organizational and Business Accounts

If you access Drellia through a business or enterprise account, certain information—such as your name, email address, and service usage—may be visible to and managed by the account administrators. Additionally, when you register using an email associated with a company or institution, we may share relevant account details with that organization for account association and administrative purposes.

Affiliated Companies

Your Personal Data may be shared with companies that are owned by, controlled by, or under common control with Drellia OÜ. These affiliates may process your data in accordance with this Privacy Policy and for the same reasons outlined here, such as providing or improving our Services.

User-Directed Sharing and Integrations

Certain features may allow you to share content or data with others or connect with third-party platforms. For instance, you may share AI-generated conversations via link or enable integrations with other tools. Any information you choose to disclose in this way is governed by the terms and privacy practices of those third parties, and we recommend reviewing those policies before proceeding.

Corporate Changes and Business Transfers

In the context of a potential or completed corporate event—such as a merger, acquisition, restructuring, insolvency proceeding, or asset transfer—your Personal Data may be included as part of the business assets shared or transferred to another entity. In such cases, we will ensure your data continues to be protected appropriately.

We may disclose Personal Data where required to comply with legal obligations, governmental requests, or lawful proceedings. We may also share information if we believe it is necessary to:

  • Satisfy applicable legal or regulatory requirements;

  • Safeguard the rights, property, or safety of users, Drellia, or others;

  • Detect, prevent, or address fraud, abuse, or violations of our terms;

  • Enforce our agreements and legal rights.

5. Legal Bases for Processing Personal Data

We process personal data based on one or more of the following legal bases, as required by applicable data protection laws:

  • Contractual Necessity – When processing is required to fulfill our contractual obligations, such as providing the Services, managing accounts, or processing payments.

  • Legitimate Interests – When processing supports our legitimate interests or those of third parties—such as improving service functionality, preventing abuse, or conducting research—provided these interests are not overridden by your rights and freedoms.

  • Legal Obligations – When processing is necessary to comply with applicable legal requirements, including tax, accounting, or regulatory obligations.

  • Consent – When we request your explicit consent for specific processing activities, such as marketing communications, the use of non-essential cookies, or participation in certain AI training. You may withdraw consent at any time.

Purpose-Based Processing Overview:

Purpose of Processing

Types of Personal Data

Legal Basis

To provide, analyze, and maintain our Services

Account Information, User Content, Communication Information, Other Information You Provide, Log Data, Usage Data, Device Information, Location Information, Cookies and Similar Technologies

Contractual Necessity

To improve and develop the Services, including research and model training

Account Information, User Content, Communication Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies

Legitimate Interests (including broader societal interests)

To communicate with users about Services, updates, and events

Account Information, Communication Information, Social Media Information, Other Information You Provide, Log Data, Usage Data, Device Information, Cookies and Similar Technologies

Contractual Necessity (e.g. service updates), or Consent (e.g. marketing communications)

To prevent fraud, abuse, or security risks

Account Information, User Content, Communication Information, Social Media Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies

Legal Obligation or Legitimate Interests

To comply with legal obligations and protect rights and safety

Account Information, User Content, Communication Information, Social Media Information, Other Information You Provide, Data from Other Sources, Log Data, Usage Data, Device Information, Cookies and Similar Technologies

Legal Obligation or Legitimate Interests (e.g. fraud detection, service protection)

6. Data Retention

We retain your personal data only for as long as necessary to provide our services or for legitimate business purposes, such as ensuring security, resolving disputes, or fulfilling legal obligations. The retention period may vary based on factors including:

  • The purpose for which the data was processed (e.g., to provide our services);
  • The nature, amount, and sensitivity of the data;
  • The potential risks associated with unauthorized use or disclosure;
  • Any applicable legal requirements.

In some instances, data retention may depend on your settings. For more details, you can review our data control.

7. Data Sharing & Transfers

  • We do not sell your personal data.
  • We may share your data with trusted third-party service providers—such as those handling hosting, analytics, and payment processing—to help us operate and improve our services. All such sharing is done in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
  • If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized mechanisms, to protect your information.

8. Your Rights 

As a user, you have the following rights in relation to your personal data, subject to applicable laws:

  • Access – Request a copy of the personal data we hold about you, along with information on how it is processed.

  • Rectification – Request correction of inaccurate or incomplete personal data.

  • Erasure – Request deletion of your personal data in certain circumstances, including knowledge inputs stored for AI response improvements.

  • Restriction – Request a limitation on how your personal data is processed.

  • Portability – Request a structured, commonly used, and machine-readable copy of your data, or have it transferred to a third party.

  • Objection – Object to the processing of your personal data when it is based on legitimate interests, or for direct marketing purposes.

  • Withdraw Consent – Where processing is based on your consent, you may withdraw that consent at any time.

If you are unable to exercise your rights through your account settings, you may contact us at contact@drellia.com to submit a request.

For concerns regarding data protection, you may also contact your local data protection authority. 

9. Children

The Services are not intended for people under the age of 13, and we do not knowingly collect personal data from anyone in that age group. Users under 18 must have permission from a parent or guardian to use the Services.

If personal data from a child under 13 is discovered, it may be removed. To report a concern, contact contact@drellia.com.

10. Security Measures

Technical, administrative, and organizational measures are in place to help protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures may include encryption, access controls, and periodic security assessments.

Despite these safeguards, no method of data transmission over the Internet or email is completely secure or error-free. Users should consider this when sharing information through the Services. The Service cannot guarantee protection against the circumvention of privacy settings or security features, including on third-party websites linked through the platform.

11. Data Transfers 

Drellia stores and processes personal data primarily on servers located within the European Union. This ensures that user data benefits from the protections provided under EU data protection laws.

In cases where users choose to enable AI-powered features, the processing of data may involve applying external AI models (OpenAI, Deepseak, Gemini…), which could be hosted outside the European Economic Area (EEA), Switzerland, or the UK. The specific location of this processing depends on the model selected and the service integration enabled by the user.

When personal data is transferred outside of these jurisdictions, Drellia ensures that appropriate safeguards are in place to comply with applicable data protection regulations. These safeguards may include:

  • Reliance on the European Commission’s adequacy decisions under Article 45(1) GDPR for countries deemed to provide an adequate level of protection;

  • Use of Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Data Transfer Addendum where applicable.

Regardless of where processing occurs, personal data is handled in accordance with this Privacy Policy and relevant legal requirements. For more information or to request details about applicable safeguards, contact us at contact@drellia.com.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience. You can manage cookie preferences in your browser settings. Some cookies may be required for integrations with third-party services.

13. Third-Party Services and Integrations

Drellia may integrate with third-party platforms. When users enable such integrations, data necessary for functionality may be exchanged while ensuring compliance with privacy regulations. We encourage reviewing the privacy policies of third-party services before enabling integrations.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes, and continued use of the Service constitutes acceptance of the updated policy.

15. Contact Information

For questions or concerns about this Privacy Policy, please contact us at contact@drellia.com.

By using Drellia, you acknowledge that you have read and agree to this Privacy Policy.