Privacy Policy

1. What We Collect

MyCoordinated AI collects your email address and basic profile information (name) for authentication and account management. We do not access your calendar, email inbox, or directory data.

2. Uploaded Documents

Documents you upload are stored securely in your private account folder. Files are isolated per user — no other user can access your documents. As the service operator, we may access stored files where required for technical support, security investigation, or legal compliance. Uploaded content is never used to train AI models.

3. How Your Data Is Processed

When you send a message or upload a document, the content is processed by third-party AI providers to generate responses. Our current sub-processors include:

• Supabase / AWS — secure file storage and database (AES-256 encryption at rest, TLS in transit)
• OpenAI — AI language model processing
• Anthropic — AI language model processing

These providers process data solely to deliver the service and are bound by their own data protection policies.

4. Data Retention

Your files and chat history are retained for as long as your account is active. You may request deletion of your data at any time by contacting support@mycoordinated.ai. Account closure results in deletion of all associated data within 30 days.

5. No Third-Party Sharing

We do not sell, rent, or share your data with any third parties beyond the sub-processors listed above. We may disclose data if required by law or to protect the rights and safety of our users.

6. Your Rights

You have the right to access, correct, or delete your personal data at any time. To make a request, contact support@mycoordinated.ai.

7. Contact

support@mycoordinated.ai

8. Data Controller

MyCoordinated AI is the data controller for personal data processed through this service. Registered in the Republic of Latvia.
Contact: support@mycoordinated.ai

9. Legal Basis for Processing

We process your personal data on the following legal grounds under GDPR Article 6:

• Contract performance — processing your email and account data is necessary to provide the service you signed up for
• Legitimate interests — processing uploaded documents to deliver AI responses, maintaining security, and preventing abuse
• Legal obligation — where required by Latvian or EU law

10. International Data Transfers

Some of our sub-processors (OpenAI, Anthropic) are based in the United States. Data transferred outside the European Economic Area (EEA) is protected under Standard Contractual Clauses (SCCs) approved by the European Commission, as required by GDPR Chapter V. Supabase offers EU data residency — we recommend enabling this in your Supabase project settings.

11. Your Rights Under GDPR

As an EU resident you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Restriction — request that we limit how we process your data
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact support@mycoordinated.ai. We will respond within 30 days.

12. Data Breach Notification

In the event of a personal data breach, we will notify the Latvian Data State Inspectorate (Datu valsts inspekcija) within 72 hours as required by GDPR Article 33. Affected users will be notified without undue delay where the breach is likely to result in high risk to their rights.

13. Supervisory Authority

You have the right to lodge a complaint with the Latvian supervisory authority: