Privacy Policy

Last updated on January 21, 2026.

DoneByAI s.r.o., IČO: 23610361, with its registered office in the Czech Republic ("DoneByAI," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered captioning and transcription services, websites, and related applications (collectively, the "Services").

We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable Czech data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

DoneByAI s.r.o.
IČO: 23610361
DIČ: CZ23610361
Email: jiri@banditshq.com

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Services, including:

  • Account Information: Name, email address, company name, job title, and password when you create an account.
  • Payment Information: Billing address and payment details processed through our secure payment providers.
  • Content Data: Audio, video, and text content you upload for processing through our Services.
  • Communications: Information you provide when contacting our support team or responding to surveys.

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers, and hardware information.
  • Usage Data: Pages visited, features used, time spent, and interaction patterns.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Cookies and Similar Technologies: Information collected through cookies, pixels, and similar tracking technologies.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI captioning and transcription Services.
  • Account Management: To create and manage your account, process transactions, and provide customer support.
  • Communication: To send service-related notifications, updates, and promotional materials (with your consent where required).
  • Analytics and Improvement: To analyze usage patterns and improve our Services, features, and user experience.
  • Security: To detect, prevent, and address technical issues, fraud, and security threats.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contractual obligations to you.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving Services and preventing fraud.
  • Consent: Processing based on your explicit consent, which you may withdraw at any time.
  • Legal Obligation: Processing required to comply with applicable laws.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Third-party vendors who perform services on our behalf (hosting, payment processing, analytics) under contractual data protection obligations.
  • Business Partners: With your consent, we may share information with partners for integrated services.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Account data is retained for the duration of your account plus a reasonable period thereafter. Content data may be deleted immediately after processing if you enable our zero-retention option.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication measures
  • SOC 2 Type II certification

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data under certain circumstances.
  • Restriction: Request limitation of processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at privacy@banditshq.com. We will respond within 30 days.

10. Cookies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. You can manage cookie preferences through your browser settings. For more information, please see our Cookie Policy.

11. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of the Services after changes constitutes acceptance of the updated policy.

13. Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů).

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

DoneByAI s.r.o.
Email: jiri@banditshq.com
Website: banditshq.com