This Privacy Notice explains how P. W. R. G. Ltd (PWRG) collects, uses, shares, maintains, and stores your personal data in accordance with the GDPR and applicable data protection laws.
Last Updated: 22 December 2025
Controller: P. W. R. G. Ltd (Cyprus, HE 416441)
Contact: privacy@pentir.ai
Supervisory Authority: Cyprus Commissioner for Personal Data Protection
For consistency, capitalized terms used in this Privacy Notice have the same meaning as in the PENTIR Terms and Conditions, unless otherwise stated. In this Privacy Notice, we explain how we at P. W. R. G. Ltd (PWRG) process your personal data. PWRG is the primary data controller responsible for your information.
This Privacy Notice sets out how we process your personal data in line with applicable data protection laws, and what steps we take to safeguard your privacy. It applies to your use of the PENTIR mobile application, your interaction with the Service, and any other related activities.
Important: Subscribers are prohibited from uploading personal data or special-category data. Following the applicable retention period, Service Data is either deleted or irreversibly anonymized.
Logs associated with Firebase-issued internal user identifiers, not email addresses. These identifiers remain capable of being linked to a Subscriber account and therefore constitute personal data.
As part of our relationship, you may be required to provide us with certain personal data so that we can deliver the Service and its features. Without this data, we will generally not be able to perform our contract and provide you with the Service.
The legal bases we rely on when processing your personal data include:
Operating the Service and delivering chat functionality, storing chat history, processing document uploads (Business Subscribers only), DX performance, retrieve/suspend/delete accounts.
Legal Basis: GDPR Art. 6(1)(b) – contract necessity/performance
Generating responses, RAG retrieval, maintaining session history.
Legal Basis: GDPR Art. 6(1)(b) – contract necessity/performance
PWRG processes Subscriber data for improvement only with the Subscriber's express opt-in consent:
(A) "Prompt Improvement" Consent
Covers: prompts, outputs, interaction metadata, error inspection, debugging across user sessions, evaluation datasets for future system quality checks
(B) "Document Improvement" Consent
Covers: Business-Subscriber document uploads, limited to those shared by the Subscriber
Legal Basis: GDPR Art. 6(1)(a) – explicit consent
Subscribers may withdraw consent at any time through an in-app settings menu. PWRG does not use Subscriber data to train or fine-tune large language models.
Monitoring performance, preventing abusive use, detecting unauthorized access, measuring aggregate usage statistics.
Legal Basis: GDPR Art. 6(1)(f) – legitimate interests
Subscription management, processing recurring payments, issuing invoices, retaining billing data as applicable under Cyprus tax laws.
Legal Basis: GDPR Art. 6(1)(b) – contract necessity/performance, and Art. 6(1)(c) – legal obligation
Sanctions-related geoblocking (EU + OFAC), enforcement of Terms, age verification (16+).
Legal Basis: GDPR Art. 6(1)(c) – legal obligation
PWRG collects Personal Data directly from Subscribers when they interact with the Service, including during account creation and when submitting prompts, messages, or documents.
The Service generates Technical Data automatically through interactions, including device and browser information, usage events, and analytics data.
PWRG receives limited payment-related information from designated payment processors to facilitate billing and account management.
PWRG does not obtain Personal Data from any third parties other than the processors identified in this Privacy Notice.
We may disclose your personal data to the following categories of recipients:
Data Processors – third-party service providers who support our operations under GDPR Article 28:
Professional advisors – such as auditors, accountants, or legal advisors, where necessary.
Public authorities – where disclosure is legally required (e.g., tax authorities, regulators, or law enforcement).
We never sell your personal data, and we only share it with trusted partners when necessary or when you've given us permission.
To provide our services globally, we may transfer your personal data outside the European Economic Area (EEA). We implement safeguards including:
Any data, including Personal Data, that you enter as prompts may be transferred to the United States for processing by OpenAI. Aside from prompts containing Personal Data, PWRG generally anonymizes Subscriber Personal Data sent to third parties outside the EU.
We only keep your personal data for as long as necessary to fulfill the purposes described in this Privacy Notice or where required by law. When data is no longer needed, we will either delete it or anonymize it.
All Personal Data is stored exclusively in AWS data centers located within the European Union.
Retained for at least the duration of the Subscriber's plan-specific history window. When a Subscriber deletes a chat, the associated data is removed from active systems within a reasonable period. Data may be irreversibly anonymized for analytics and Service improvement.
Documents uploaded by Business Subscribers are stored only within the chat session to which they relate and are deleted when the corresponding chat is deleted.
Retained per PWRG's internal retention schedule, then deleted or irreversibly anonymized. Anonymized data may be retained for statistical purposes.
Kept as required by applicable law.
Retained for 6 years after the end of the relevant financial year, in line with Cypriot VAT and tax law, then securely deleted or anonymized.
Subscribers have the right to:
Subscribers may submit requests by contacting PWRG at privacy@pentir.ai. Instructions for exercising these rights will be provided upon request.
If you believe your rights have been infringed, you have the right to lodge a complaint with a supervisory authority (Art.77, GDPR). For EU users, this is the Cyprus Commissioner for Personal Data Protection.
Subscribers can delete their account from the platform by clicking the "Delete Account" button in their profile. A verification email will be sent with a one-time password.
PENTIR uses cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our Service. This section explains what cookies we use, why we use them, and how you can control them.
What are cookies?
Cookies are small text files stored on your device when you visit a website or use an application. They help us recognize you, remember your preferences, and understand how you use our Service.
These cookies are required for the Service to function and cannot be disabled. They enable core features such as authentication, security, and session management.
| Cookie Provider | Purpose | Duration |
|---|---|---|
| PENTIR Session | Maintains your active session and preferences | Session |
Legal Basis: GDPR Art. 6(1)(b) – contractual necessity / performance of contract
User Control: Cannot be disabled as they are required for the Service to function.
These cookies help us understand how Subscribers use the Service, which features are most popular, and how we can improve performance. Analytics data is collected in aggregate form and, where possible, anonymized.
| Provider | Cookie Name(s) | Purpose | Duration |
|---|---|---|---|
| Google Analytics (GA4) | _ga, _ga_*, _gid | Tracks page views, user behavior, traffic sources, and engagement metrics | 2 years / 24 hours |
| AppsFlyer | AF_* | Attribution tracking, marketing campaign performance, user acquisition analytics | Up to 2 years |
| RevenueCat | rc_* | Subscription analytics, revenue tracking, and payment event monitoring | Up to 1 year |
Legal Basis: GDPR Art. 6(1)(a) – consent, or Art. 6(1)(f) – legitimate interests (where analytics data is fully anonymized)
User Control: Can be disabled through our cookie consent banner or your browser settings.
We may use marketing cookies to understand the effectiveness of our campaigns and deliver relevant content. These cookies track your interaction with our marketing materials.
| Provider | Purpose | Duration |
|---|---|---|
| Google Ads | Conversion tracking and remarketing | Up to 90 days |
| AppsFlyer (Marketing) | Campaign attribution and user acquisition tracking | Up to 2 years |
Legal Basis: GDPR Art. 6(1)(a) – consent
User Control: Can be disabled through our cookie consent banner.
In addition to cookies, our mobile application uses Software Development Kits (SDKs) that collect similar information for analytics and performance monitoring:
These SDKs may collect device identifiers (such as advertising IDs), device information, and usage data in accordance with this Privacy Notice.
For more information about how third-party providers use cookies and tracking technologies, please refer to their privacy policies:
You have several options to control or disable cookies:
A. Through Our Cookie Consent Banner
When you first visit our website or app, you'll see a cookie consent banner. You can choose to accept or reject optional cookies (Analytics and Marketing). You can change your preferences at any time through the cookie settings link in the footer or settings menu.
B. Through Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically:
For specific instructions, visit your browser's help section:
C. Through Device Settings (Mobile Apps)
On mobile devices, you can limit ad tracking and manage app permissions:
D. Opt-Out Tools
You can also use industry opt-out tools:
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is currently no universal standard for how to interpret DNT signals, our Service does not currently respond to DNT browser signals. However, you can use the cookie management options described above to control tracking.
We may update our use of cookies and tracking technologies from time to time. When we make significant changes, we will update this section and notify you through our cookie consent banner or other appropriate means. We encourage you to review this section periodically.
The Service does not perform automated decision-making producing legal or similarly significant effects under GDPR Article 22. Outputs are informational only.
Subscribers must not upload personal data, special-category data, or any documents containing personal information relating to identifiable individuals, including sanctions data or UBO-related information.
Under Cyprus law, the digital age of consent is 14 years old. However, it is our policy that individuals under 16 years old may not use the Service, and we do not knowingly collect or process personal data from any individual below the age of 16.
We take the protection of your personal data seriously. In line with GDPR Art.32, we implement appropriate technical and organizational measures including:
Despite these safeguards, no system can be guaranteed 100% secure. We continuously review and improve our security measures to protect your data against unauthorized access, loss, or misuse.
In the unlikely event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Art.34.
We will update this Privacy Notice when processing activities change, or where required to reflect changes in our Service or legal requirements.
If we make material changes, we will notify you in a clear and timely manner, for example by email, in accordance with GDPR Art.12(1). Continued use after updates constitutes acceptance of the revised Privacy Notice.
We encourage you to review this Privacy Notice periodically so that you stay informed about how we protect your data. The date of the latest update will always be shown at the top of this Privacy Notice.