Jáchym AI®

Privacy & Data Governance Policy

Jáchym AI®Effective date: May 7, 2026

1. Data Governance Framework and Roles

Interzect analytics s.r.o. (the “Provider”) operates the Jáchym AI service within the legal framework under Section 1746 of the Civil Code (Act No. 89/2012 Coll.).

  • Data Controller: The Customer (the “Customer”) is the primary data controller for lead data (prospective customers) and IP-targeting lists.
  • Data Processor: Interzect acts as the data processor and handles such data exclusively in accordance with our Service Agreement and Data Processing Addendum (DPA).
  • Infrastructure: Jáchym AI runs on the Google Cloud Platform (GCP). Google serves as our sole additional processor (sub-processor), ensuring data isolation in a multitenant (shared) environment.

2. Data Origin and Source Transparency

Jáchym AI is designed to find and reach professional B2B contacts.

  • Public Data Only: For its internal search and research functions, Jáchym AI uses exclusively publicly available professional information (e.g., public professional profiles, company websites, and public registers).
  • No Collection of Private Data: We do not collect or store private, non-professional data from social networks or information from non-public sources.

3. Platform-Specific Data Protocols for LinkedIn

Jáchym AI adheres to the following platform-specific integrity rules:

3.1 Authorized Access and Authentication

  • OAuth 2.0 Integration: We use the official LinkedIn OAuth 2.0 protocol for authentication. Jáchym AI never requests, displays, or stores the Customer’s passwords.
  • No Simulated Activity: We do not use the LinkedIn API to simulate natural (organic) human behavior, such as automated profile views, connection requests, or “organic” messaging. All automation is limited to authorized advertising and lead-management functions.

3.2 Mandatory Data Retention and Caching

In line with LinkedIn’s technical requirements, we apply the following data-deletion cycles:

  • 24-Hour Profile Cache: Member profile data (names, headlines, photos) obtained via the API is deleted within 24 hours to ensure the information remains current and compliant.
  • 48-Hour Social Activity Deletion: Member social activity data (e.g., likes or comments) is deleted from our active systems within 48 hours.
  • Zero-Aggregation Policy: We do not scrape LinkedIn data or combine it with third-party databases to create persistent “shadow profiles.”

3.3 User Control and Prohibited Use

  • Access Revocation: Customers can revoke Jáchym AI’s access at any time in the “Permitted Services” section of their LinkedIn account settings.
  • Ethical Use: We strictly prohibit using LinkedIn data for any discriminatory purpose, for creditworthiness/lending eligibility assessment, or for any purpose that violates LinkedIn’s Professional Community Policies.

4. AI Processing: Google Gemini API (Enterprise)

Jáchym AI uses the Google Gemini API for highly accurate B2B content generation and research.

  • Zero-Training Guarantee: Google does not use any partner personal data, prompts, or outputs processed through the Gemini API to train its foundation models or to improve services for other users.
  • EU Data Residency: All processing through the Gemini API is restricted to Google’s data centers in the EMEA region, ensuring your data remains within jurisdictions governed by European data-protection law.
  • Encryption: Data transmitted to the Gemini API is protected by TLS 1.3, and all data at rest is secured with AES-256 encryption.

5. Multi-Channel Security and Precision Targeting

A. Banner Ads: IP-Specific Precision

Jáchym AI uses targeting of specific IP addresses to ensure that ads are served only to verified corporate-network addresses.

  • Inherent Brand Safety: By serving ads only to pre-approved, specific IP addresses, the risk of ads appearing on irrelevant or harmful domains is structurally eliminated.

B. B2B Email Automation

  • Authentication: We require the implementation and enforcement of SPF, DKIM, and DMARC protocols for all connected domains.
  • Regional Protocols:
    • USA: Operates on an “opt-out” basis in compliance with the CAN-SPAM Act.
    • EU/UK: For professional outreach, it relies on legitimate interest (Article 6(1)(f) of the General Data Protection Regulation, GDPR). We provide a clear “Right to Object” via automated suppression lists.

6. AI Governance and Oversight (EU AI Act 2026)

Jáchym AI is a human-centric automation tool. In line with the EU AI Act, we apply a shared Human-in-the-Loop (HITL) model:

  • Shared Oversight: Every automated process is subject to oversight by both Interzect’s systems engineers (who monitor overall system behavior) and the Customer’s human reviewers (who are responsible for the quality of specific campaign outputs and for legal compliance).
  • Synthetic Content Labeling: All AI-generated outputs include machine-readable metadata identifying them as machine-created content, fulfilling the transparency obligations under Article 50.

7. Individual Rights (DSAR)

We are committed to facilitating the exercise of data-protection rights for all individuals.

  • Request Channel: Any individual may exercise their right to access, rectify, or erase their personal data by contacting sykora@interzect.ai.
  • 30-Day Response Window: We will acknowledge and process all verified Data Subject Access Requests (DSARs) within 30 days.

8. Security and Data Deletion

  • Breach Notification: We will inform Customers without undue delay of any security breach affecting partner data.
  • Deletion Cycles: If data is deleted by the Customer, we will begin removing it from our active systems within 60 days. Complete removal from Google’s underlying infrastructure may take up to 180 days, depending on their standard technical cycles.

Legal contact: Interzect analytics s.r.o., nám. T. G. Masaryka 1281, 760 01 Zlín, Email: sykora@interzect.ai.