How Elloia collects, uses, and protects personal data when you use our services.

Privacy Policy

Last updated: March 25th, 2026

This Privacy Policy describes how 79.cz s.r.o. (“we”, “us”, “our”) processes personal data when you visit Elloia.ai (the “Site”) or use our services, applications, and related features (together, the “Services”), operated under the brand Elloia.

We respect your privacy and process personal data in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR) where it applies.

1. Data controller

The data controller responsible for your personal data is:

79.cz s.r.o.
Nadějovská 989
190 16, Prague
Czech Republic
Email: privacy@elloia.ai
Company ID / VAT: 28977424 / CZ28977424

2. What data we collect

Depending on how you use the Services, we may process:

2.1 Account and profile data
Name, email address, password (stored in hashed form), profile details you choose to provide, and account preferences.

2.2 Authentication data
If you sign in with Google (or other providers we enable), we receive information from that provider as permitted by your settings (typically name, email address, and an identifier).

2.3 Service usage data
Information about how you use the Services, such as feature usage, timestamps, technical logs, and similar operational data needed to run and secure the platform.

2.4 Content you submit
Prompts, files, images, text, deck content, exports, templates, and other materials you upload or generate through the Services. This may include personal data if you include it in your content.

2.5 Payment data
Payments are processed by our payment provider [Stripe]. We do not receive your full card number. We may receive billing-related metadata (e.g. subscription status, invoice identifiers, last four digits if shown by the provider, and transaction references).

2.6 Marketing and communications
If you subscribe to a newsletter or marketing emails, we process your email address and related subscription preferences. Basic subscription data may be processed from our newsletter provider (Mailchimp) by that provider on our behalf.

2.7 Support and correspondence
Messages you send to support, including email content and metadata.

2.8 Cookies and similar technologies
We may use cookies and similar technologies as described in our Cookies section at the end of this Policy.

3. Why we use your data (legal bases under GDPR)

We process personal data for:

  • Providing the Services and performing our contract with you (account setup, authentication, generation features, billing, support).
  • Legitimate interests that are not overridden by your rights, such as securing the Services, preventing abuse, improving reliability, basic analytics, and internal reporting—where applicable.
  • Consent, where required (e.g. certain cookies/marketing communications, where we rely on consent).
  • Legal obligations, such as tax and accounting obligations, and responding to lawful requests.

4. AI processing

Functional note for users: When you use AI features, your inputs and related context may be sent to third-party AI model providers / APIs like OpenAI, Google Gemini, Claude Anthropic, fal.ai, etc...  to generate outputs.

We use these providers to deliver the product. Depending on configuration, providers may process data in accordance with their terms and our contractual arrangements. The prompts are stored within your projects and generated images until you delete them or until you delete your account.

5. How long we keep data

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law.

Retention depends on:

  • Account data: for the lifetime of the account and a short period afterward for recovery/security logs, unless law requires longer retention.
  • Billing records: as required for accounting/tax compliance.
  • Content: according to your account/workspace settings, product functionality, backups, and legal requirements.
  • Logs: typically for a limited period unless needed for security investigations.

6. Who we share data with

We may share personal data with:

  • Infrastructure and hosting providers that help us operate the Services.
  • Payment processors (e.g. Stripe).
  • Authentication providers (e.g. Google), limited to what is needed for sign-in.
  • Email/marketing tools (e.g. Mailchimp), if you subscribe.
  • AI/model providers as needed to provide AI features.
  • Professional advisers (lawyers, auditors) where necessary.
  • Authorities, if required by law or to protect rights, safety, and security.

If we use processors under GDPR, we aim to put appropriate data processing agreements in place.

7. International transfers

If personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as Standard Contractual Clauses or other mechanisms permitted by law, unless an adequacy decision applies.

8. Security

We implement reasonable technical and organizational measures designed to protect personal data. No method of transmission or storage is completely secure; we encourage you to use strong passwords and protect your account credentials.

9. Your rights (GDPR)

Where applicable, you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data in certain cases (“right to be forgotten”)
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests (including marketing)
  • Data portability for data you provided, where processing is automated and based on contract/consent
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

EU users: You may contact your local data protection authority. In the Czech Republic, the Office for Personal Data Protection (ÚOOÚ).
Requests: privacy@elloia.ai

10. Children

The Services are not directed to children under 16. We do not knowingly collect personal data from children.

11. Automated decision-making

We do not use purely automated decision-making that produces legal or similarly significant effects about you, unless you exactly make the AI models to do so.

12. Changes

We may update this Privacy Policy from time to time. We will post the updated version on the Site and update the “Last updated” date. 

13. Cookies (short summary)

We use essential cookies required for security and basic functionality. We may also use analytics/functional cookies. For details, see our cookie banner settings.