Legal
Privacy Policy
Last updated: December 23, 2025
This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection laws. It explains how we collect, use, and protect your personal information.
1. Data Controller
Company: Yummy, MB
Registration code: 306425153
Address: Žaibo g. 1-78, LT-04126 Vilnius, Lithuania
Email: juras.sulcas@gmail.com
2. Personal Data We Collect
We collect and process the following personal data:
| Category | Data |
|---|---|
| Registration Data | Email address, name, company name, encrypted password |
| Optional Information | Phone number, business details |
| Usage Data | Login date/time, IP address, device type, operating system |
| Service Data | Uploaded content (images, videos, brand assets), generated AI content |
3. Processing Purposes & Legal Basis
We process your personal data for the following purposes and legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Account creation & management | Contract (Art. 6(1)(b)) |
| AI advertising services | Contract (Art. 6(1)(b)) |
| Service notifications | Legitimate interest (Art. 6(1)(f)) |
| Service improvement & analytics | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Recipients
Your personal data may be shared with the following recipients:
- Cloud Infrastructure Providers – For data storage and processing. Data is stored on EU servers where possible.
- AI Processing Services – For generating AI advertising content based on your uploads.
- Payment Processors – For handling subscription payments securely.
- Analytics Services – For understanding service usage (anonymized where possible).
- Law Enforcement – When required by law.
5. International Data Transfers
Your primary data is stored on servers within the European Union. Some service providers may transfer data to the USA. In such cases, we apply appropriate safeguards under GDPR Article 46, including European Commission-approved Standard Contractual Clauses.
6. Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 1 year after deletion |
| Login logs | 6 months |
| Generated content | While account is active or as agreed |
| Analytics data | 24 months (anonymized) |
7. Your Rights
Under the GDPR, you have the following rights:
- Right of Access (Art. 15) – Obtain information about your processed data
- Right to Rectification (Art. 16) – Request correction of inaccurate data
- Right to Erasure (Art. 17) – Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing (Art. 18) – Request limitation of data processing
- Right to Data Portability (Art. 20) – Receive your data in a structured format
- Right to Object (Art. 21) – Object to processing based on legitimate interest
- Right to Withdraw Consent – Withdraw consent at any time (without affecting prior processing)
To exercise these rights, contact us at: juras.sulcas@gmail.com
8. Right to Lodge a Complaint
If you believe your data is being processed in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
Lithuanian Supervisory Authority:
State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija)
Address: L. Sapiegos g. 17, 10312 Vilnius, Lithuania
Website: vdai.lrv.lt
Email: ada@ada.lt
9. Is Providing Data Mandatory?
Providing personal data is voluntary but necessary to use our services. Without providing the required data (email, password), you cannot create an account and use personalized features.
10. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that would have legal or similarly significant effects on you. Our AI services process your uploaded content to generate advertisements but do not make automated decisions about you as an individual.
11. Cookies
We use cookies to operate our service. You can manage your preferences on our Cookie Settings page.
12. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Data encryption in transit (TLS/SSL)
- Password hashing
- Access control and authentication
- Regular security reviews
- Secure cloud infrastructure
13. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.
14. Changes & Contact
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our service. For questions, contact us at the email listed in Section 1.
This Privacy Policy has been prepared in accordance with GDPR and applicable EU data protection laws.