Effective Date: 11 September 2025
Data Controller: SIBRIK LTD (Company No. 16676069), 167-169 Great Portland Street, Fifth Floor, London, United Kingdom, WIW 5PF
Privacy Contact/DPO:
support@sibrik.ai
1) Data We Collect
Account data: name/handle, email, password hash, country, language.
Payment metadata: provider token, amounts, currency, statuses (we do not store full card details).
Technical data: IP, device/browser, logs, cookies, session telemetry.
Content & metadata: prompts, uploads, generated outputs, timestamps, usage limits.
Communications: support tickets, marketing preferences.
2) Purposes & Legal Bases (GDPR)
Provide the Service & billing — Art. 6(1)(b) (contract).
Abuse prevention & security — Art. 6(1)(f) (legitimate interests) and Art. 6(1)(c) (legal obligation).
Analytics & product improvement — Art. 6(1)(f).
Marketing (email/push) — Art. 6(1)(a) (consent, opt-in).
Legal compliance (tax/AML/sanctions) — Art. 6(1)(c).
3) Categories of Recipients
We may share personal data with categories of third parties strictly to deliver the Service:
hosting and content-delivery providers;
payment processors and their correspondent banks;
analytics/logging tools;
infrastructure/AI compute providers (to process prompts/outputs within the Service);
legal/accounting advisors where necessary. A current list can be provided upon request to privacy@sibrik.ai.
4) International Transfers
Transfers outside the EEA may occur under Standard Contractual Clauses (SCCs) and additional safeguards.
5) Retention
Account data — until account deletion + 90 days (backups).
Logs/analytics — 12 months.
Generated content — 30 days by default (you may delete earlier).
Financial records — as required by law.
6) Your Rights (GDPR)
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Send requests to
support@sibrik.ai. You may lodge a complaint with the ICO (UK) or your local supervisory authority.
7) Security
Encryption in transit, access controls, logging, and environment segregation. No system is 100% secure.
8) Children’s Data
The Service is not intended for persons under 16. We delete such data if discovered.
9) Marketing & Communications
Marketing emails are opt-in only; unsubscribe via the email link or profile settings. Transactional notices (receipts, critical alerts) are mandatory.
10) Cookies
See the Cookie Policy. Manage consent via the banner/preferences center.
11) Changes
We will post updates here and notify of material changes.
