Privacy Policy

Effective date: March 22, 2026

1. Data Controller

Residento ("we", "our", "the Service") — including the website at residento.app, the web application, and the mobile apps for iOS and Android — is operated by:

Sergej Děďuchin
IČO: 09827064
Kurzova 2222/16, Praha – Stodůlky, 155 00, Czech Republic
Email: [email protected]

Residento is an AI-powered assistant that helps foreigners navigate Czech immigration, residency, and daily life.

2. Data We Collect

We only collect data that is necessary to provide and improve our service. Profile data is entirely voluntary — the Service functions fully without it.

Account information

Email address (if you sign up with email)
Name and profile photo (if you sign in with a third-party authentication provider)
A unique user ID generated by our authentication provider

Conversation data

Your conversation history with the AI assistant, including your questions and the answers provided, to enable continuous and context-aware assistance
Images you attach to conversations
Documents generated within the app

Profile data (voluntary)

Document-related details you optionally provide to enable automatic form filling (e.g. name, passport number, file reference number, address, visa type, nationality, date of birth)
This information is stored securely in your account and never used for any purpose other than generating your documents
You may update or delete your profile data at any time from within the Service

Usage & analytics data (only with your consent)

Aggregated interaction patterns such as screen views and feature usage, used solely to improve the app experience
Device type, OS version, app version
Crash reports to help us maintain stability and fix issues

Purchase data

Subscription status and transaction identifiers (managed by Apple / Google Play and our subscription management provider; we never see your payment card details)

3. How We Use Your Data

Purpose	Legal Basis (GDPR Art. 6)
Provide the service (chat, documents, profile)	Contract performance (Art. 6(1)(b))
Service quality assurance & improvement	Legitimate interest (Art. 6(1)(f))
Analytics & app improvement	Consent (Art. 6(1)(a)) — you can opt out any time
Payment processing	Contract performance (Art. 6(1)(b))
Customer support	Legitimate interest (Art. 6(1)(f))
Legal obligations	Legal obligation (Art. 6(1)(c))

We do not sell your personal data to third parties.

4. AI Processing & Conversation Data

To answer your questions, Residento uses AI together with our own curated knowledge base. Your message is sent over encrypted HTTPS to our third-party AI providers: it is converted into a numeric embedding by Voyage AI to search our knowledge base (stored in the Pinecone vector index), and then routed through OpenRouter to large-language-model providers — Anthropic (Claude), Google (Gemini), Mistral and Moonshot (Kimi) — which generate the answer. These providers process your messages solely to produce a response, do not use your conversations to train their models, and do not sell your data; each is contractually bound to provide the same or equal protection of your personal data as set out in this policy. Conversation context is retained in your account for a continuous experience across sessions.

These providers process your messages solely to generate a response. We never sell your data, and we do not permit your conversations to be used to train AI models. Aggregated, anonymized data may be used to improve answer quality and expand our knowledge base; in rare cases an individual interaction may be reviewed for technical troubleshooting.

No automated decisions with legal or similarly significant effects are made based solely on automated processing.

5. Cookies & Local Storage

On the web version we use:

Type	Purpose	Can be disabled?
Essential	Authentication session, language preference, app settings	No (required for the app to work)
Analytics	Anonymous usage statistics to help us improve the app	Yes — via the cookie consent banner

On native mobile apps, analytics data is collected via an analytics SDK; you can disable analytics tracking in your device settings.

6. Third-Party Services

We use third-party data processors in the following categories:

Cloud database and authentication provider (EU-based servers)
Analytics and crash reporting provider
OpenRouter — routing gateway that forwards your AI requests to the language-model providers below; processes messages only to deliver them (some servers outside the EU)
Anthropic (Claude), Google (Gemini), Mistral and Moonshot (Kimi) — large-language-model providers that generate the answers; they process your messages solely to produce a response and do not use your conversations to train their models (some servers outside the EU)
Voyage AI — converts your question into a numeric embedding so we can search our knowledge base; does not train on this data
Pinecone — vector search index that stores our knowledge base and retrieves the passages relevant to your question (servers in the US)
Push notification delivery service
Subscription management provider — we never see your payment card details
Third-party authentication providers (sign-in via external accounts)

All third-party processors act under data-processing agreements and are required to provide the same or equal protection of your personal data as set out in this policy. A current, named list of all our sub-processors is also available on request at [email protected].

7. International Data Transfers

Your primary data is stored in the EU. Some data may be processed by US-based services for AI processing, analytics, and subscription management. These transfers are protected by:

EU-US Data Privacy Framework (DPF) certifications
Standard Contractual Clauses (SCCs) where applicable

8. Data Storage & Security

We implement multiple layers of security to protect your data:

Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS
Encryption at rest — our database provider encrypts all stored data at the storage level
Column-level encryption — sensitive personal data in your profile (such as passport numbers, national identification numbers, addresses, and contact details) is additionally protected using industry-standard cryptographic algorithms. This means even in the unlikely event of unauthorized database access, this data remains unreadable
Access controls — production data access is restricted to authorized personnel through role-based access policies

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

10. Your Rights (GDPR)

You have the right to:

Access your personal data
Correct inaccurate data
Delete your data ("right to be forgotten")
Export your data in a portable format
Restrict or object to processing
Withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech data protection authority: Úřad pro ochranu osobních údajů (ÚOOÚ) — www.uoou.cz

11. Children's Privacy

Residento is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or your data:
Email: [email protected]