Privacy Policy

1. Introduction

Kozip Apparel OÜ (Registry Code: 17342785) ("we", "us", or "our") operates the RizzRater service ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with:

• EU General Data Protection Regulation (GDPR)
• Estonian Personal Data Protection Act
• Other applicable data protection laws

By using the Service, you consent to the data practices described in this policy.

2. Data Controller

We are the data controller responsible for your personal data. If you have any questions about how we handle your data, please contact us using the information above.

3. Personal Data We Collect

3.1 Information You Provide

When you register and use our Service, we collect:

• Account Information: Email address, password (encrypted), username
• Profile Information: Display name, profile preferences
• Payment Information: Billing details processed through our payment processor (Stripe)
• Content Data: Text and other content you submit for analysis
• Communications: Messages you send to us (support requests, feedback)

3.2 Automatically Collected Information

When you use the Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, actions taken
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, referring URLs
• Cookies and Similar Technologies: See Section 8 below

3.3 AI Processing Data

Content you submit to the Service is processed by artificial intelligence systems (including third-party AI providers like OpenAI) to generate ratings and analysis.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing is necessary to provide the Service you've requested (GDPR Art. 6(1)(b)).

4.2 Legitimate Interests

Processing is necessary for our legitimate interests (GDPR Art. 6(1)(f)), such as:

• Improving and developing the Service
• Preventing fraud and ensuring security
• Analyzing usage patterns
• Customer support and communication

4.3 Consent

For certain processing activities (e.g., marketing communications, non-essential cookies), we rely on your explicit consent (GDPR Art. 6(1)(a)).

4.4 Legal Obligations

Processing may be necessary to comply with legal obligations (GDPR Art. 6(1)(c)), such as tax and accounting requirements.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Service Provision: To provide, maintain, and improve the Service
• Account Management: To create and manage your account
• Payment Processing: To process subscription payments and billing
• AI Analysis: To process your content through AI systems and generate ratings
• Communication: To send service-related notifications, updates, and respond to inquiries
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Analytics: To understand how users interact with the Service and improve user experience
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Marketing: To send promotional communications (only with your consent, and you can opt out anytime)

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share your data with trusted third-party service providers who assist us in operating the Service:

These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

6.2 Legal Requirements

We may disclose your data if required by law or in response to valid legal processes, such as:

• Court orders or subpoenas
• Law enforcement requests
• Protection of our rights and safety

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. You will be notified of any such change.

6.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for services like OpenAI and Stripe).

When we transfer data outside the EEA, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Other approved safeguards under GDPR Article 46

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service.

8.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service
• Performance Cookies: Monitor and improve Service performance

8.3 Managing Cookies

You can control cookies through your browser settings or our Cookie Consent banner. You can change your cookie preferences at any time by clicking "Cookie Settings" in the footer of our website.

Note: Disabling essential cookies may affect the functionality of the Service. Functional, analytics, and marketing cookies can be disabled without affecting core functionality.

For more information about managing cookies in your browser:

• Chrome: Settings > Privacy and security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and site permissions

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

9.1 Retention Periods

• Account Data: Retained while your account is active and for up to 90 days after deletion
• Content Data: Processed content may be retained for up to 30 days for service improvement
• Payment Records: Retained for 7 years to comply with accounting and tax laws
• Log Data: Typically retained for 90 days

10. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

10.1 Right of Access (Art. 15)

You have the right to request a copy of the personal data we hold about you.

10.2 Right to Rectification (Art. 16)

You have the right to request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (Art. 17)

You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.

10.4 Right to Restrict Processing (Art. 18)

You have the right to request that we limit how we use your personal data in certain circumstances.

10.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

10.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

10.7 Right to Withdraw Consent (Art. 7)

Where processing is based on consent, you have the right to withdraw consent at any time.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

10.9 Exercising Your Rights

To exercise any of these rights, please contact us at info@rizzrater.ee. We will respond to your request within 30 days.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing (bcrypt)
• Regular security audits and monitoring
• Access controls and authentication
• Secure hosting infrastructure

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Children's Privacy

Our Service is not intended for users under 18 years of age.

We do not knowingly collect personal data from individuals under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

13. Automated Decision-Making and Profiling

The Service uses artificial intelligence to analyze content and generate ratings. This constitutes automated decision-making. However:

• AI-generated ratings are for entertainment and informational purposes only
• These decisions do not produce legal effects or similarly significantly affect you
• You understand that results are generated by AI and may contain errors or biases

We do not use profiling for marketing or other purposes that would significantly affect you without your explicit consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to your registered email address

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

We will respond to your inquiry as soon as possible, and in any case within 30 days as required by GDPR.