Skip to main content
ContentCloudContentCloud
← Back to Consumer Legal Pack

Privacy Notice

Product scope: CCBot and CCBot Mobile (together, the "Service")
Operator: EWORX S.A., trading as ContentCloud
Last updated: May 22, 2026

Short Summary (Layered Privacy)

  • Who: Operated by EWORX S.A. (trading as ContentCloud), Agias Varvaras 40, Chalandri, Greece.
  • What we process: Prompts you enter, answers returned, basic security logs, and optional account/analytics data.
  • No training by default: Your interactions are NOT used to train our general AI models unless you explicitly choose to opt in.
  • EU Data Residency: All data is stored and processed within the EU (no transfers to third countries outside the EEA).
  • Your choices: Control analytics, reset sessions, delete history, or exercise your GDPR rights by emailing dpo@contentcloud.com.

#1Controller identity

EWORX S.A., trading as ContentCloud, is the controller for the personal data described in this notice, unless a separate controller is clearly identified for a specific embedded deployment. Our registered office is at Agias Varvaras 40, 15231 Chalandri, Greece.

#2Services covered

This notice covers public consumer-facing use of CCBot and CCBot Mobile, including anonymous sessions, optional account features, mobile permissions, and customer support interactions.

#3Data we process in anonymous sessions

We may process the text of your prompts, the answers returned to you, session identifiers, device/browser/app metadata, language and accessibility preferences, limited security logs, abuse-prevention data, and limited technical diagnostics. We aim to avoid collecting directly identifying account data where anonymous use is possible.

#4Data we process for authenticated features

If account features are enabled, we may process your name, username, email, password hash or SSO token, subscription status, saved history, preferences, exports, device associations, account security events, support records, and communication preferences.

#5Data we process in mobile use

In CCBot Mobile we may process app-install metadata, device and OS information, crash data, push-notification token if permission is granted, and encrypted offline cache data stored locally on your device for continuity and performance.

#6Data we do not use for training by default

We do not use your prompts, conversation history, uploads, or outputs to train our general AI models by default. If we later offer an optional improvement programme, it will be clearly separated and rely on an explicit opt-in choice.

#7Purposes and legal bases

We process personal data: (a) to provide the Service and return answers you request; (b) to maintain security, prevent abuse, investigate incidents, and protect users; (c) to maintain your account, if you create one; (d) to comply with legal obligations; (e) to send service notices; (f) to support you if you contact us; and (g) only with consent where we use non-essential analytics, push notifications, persistent memory, marketing communications, or other optional features requiring consent. We rely primarily on performance of a contract where you ask us to provide the digital service, legitimate interests for proportionate security and anti-abuse processing, legal obligation for mandatory compliance records, and consent where law requires it or where we make a feature optional.

#8Legitimate interests balancing statement

Where we rely on legitimate interests, those interests are limited to securing the Service, preventing fraud and misuse, maintaining service integrity, investigating incidents, handling complaints, and producing de-identified service statistics. We consider those interests necessary and proportionate because they are expected in a secure AI service, are supported by user controls, and are balanced by data-minimization, short retention, access restriction, and reset/delete tools.

#9Cookies, local storage, SDKs, and other device access

We use strictly necessary device-side storage or access only where needed for core functions such as session continuity, user-requested saved settings, accessibility settings, load balancing, and abuse prevention. Optional analytics, marketing technologies, non-essential persistent identifiers, or non-essential local storage are used only if legally permitted and, where required, after consent.

#10Recipients

We may share data with carefully selected processors and service providers that help us host, secure, analyze, support, notify, or maintain the Service. We do not sell your personal data.

#11International transfers

If processing is deemed necessary, it will be kept within the EU/EEA.

#12Retention defaults

Anonymous prompt/response logs: 30 days. Security logs: 90 days. Crash diagnostics: 30 days. Authenticated account history: until you delete it or close the account, then 30 days for live systems and up to 30 additional days in backups. Consent records: 3 years. Offline mobile cache: until logout, app reset, uninstall, or 30 days of inactivity, whichever occurs first. These periods are configurable and may be extended where required by law or for a documented security investigation.

#13Deletion and anonymization

We delete or anonymize data when it is no longer needed for the purpose for which it was collected, unless we must retain it for legal, security, fraud-prevention, accounting, or evidence purposes. Where feasible, we prefer anonymization or strong de-identification for aggregate statistics.

#14Profiling and automated decision-making

We do not use the standard public consumer version of CCBot to make solely automated decisions producing legal or similarly significant effects about you. We may use limited session-based personalization, safety filtering, spam scoring, or abuse signals to protect and tune the service. You may object to legitimate-interest processing and reset personalization settings where available.

#15Children

The Service is not designed to solicit sensitive personal data from children. In Greece, where consent is the basis for an information-society-service feature, the age threshold is 15 unless parental authorization is provided as required by law. In other EEA states, a different local age threshold may apply.

#16Your rights

Depending on the circumstances, you may have rights of access, rectification, erasure, restriction, portability, objection, complaint to a supervisory authority, and withdrawal of consent at any time where consent is the basis. If you are anonymous and we cannot identify you, we may ask for additional information to locate your data; we will not collect extra identifying data solely for that purpose unless necessary to act on your request.

#17How to exercise rights

Contact dpo@contentcloud.com. To help us locate anonymous session data, provide the date/time of use, copy of the prompt or answer, error/reference ID if shown, device type, and approximate location or language settings if available.

#18Supervisory authority and complaints

You may complain to the Hellenic Data Protection Authority or the supervisory authority in your habitual residence in the EEA. We encourage you to contact us first so we can try to resolve the issue directly.

#19Security summary

We use proportionate technical and organizational measures such as encryption in transit, access controls, monitoring, logging, patching, backup procedures, and incident-response plans.

#20Mobile stores and third parties

If you download the app through Apple App Store or Google Play, those platforms may separately process app-install, purchase, and device data under their own roles and privacy terms. Their app privacy labels and data-safety disclosures must be kept consistent with our actual practices.

#21Changes to this notice

We may update this notice when the Service or the law changes. Material changes will be highlighted in-app, on the website, or by email where appropriate.