PRIVACY POLICY

Effective date: 6 March 2026

This Privacy Policy explains how Hodman.ai (“we”, “us”, “our”) processes personal data when you use Hodman.ai (the “Service”).

  1. Data Controller

The data controller is:

  • Maksim Karmatskikh PR Beograd
  • Registration number: 67014731
  • Registered address: Republic of Serbia
  • Email: hodman@hodman.ai
  1. Personal data we process

We process only the following personal data:

  • Name
  • Email address

We do not intentionally collect any other categories of personal data (including special categories of data).

  1. How we collect data

We collect personal data when you:

  • provide it to us via forms on the Service (e.g., sign-up, contact, request a demo, subscribe);
  • communicate with us by email.
  1. Purposes and legal bases

We process your name and email for the following purposes:

  • Providing the Service and performing a contract (e.g., account creation, access delivery, responding to service requests) - Article 6(1)(b) GDPR (performance of a contract).
  • Communicating with you about the Service (e.g., support replies, service-related notices) - Article 6(1)(b) GDPR and/or Article 6(1)(f) GDPR (legitimate interests in ensuring proper communication and service continuity).
  • Compliance with legal obligations where applicable (e.g., accounting/tax recordkeeping if your email is included in transactional documentation) - Article 6(1)(c) GDPR (legal obligation).

If we ever ask for consent for a specific purpose (e.g., optional marketing emails), we will do so separately. This policy does not assume marketing processing by default.

  1. Data retention

We keep your personal data only as long as necessary for the purposes described above:

  • For active users/customers: for the duration of the contractual relationship.
  • For inquiries/support requests without a contract: typically up to 12 months after the last interaction, unless we need longer to establish, exercise, or defend legal claims.
  • Where retention is required by law: for the legally mandated period.

After the retention period, we securely delete or anonymize the data.

  1. Who we share data with

We may share your name and email with third parties only to the extent necessary to perform the contract and operate the Service, such as:

  • hosting / infrastructure providers,
  • email delivery and communication tools,
  • CRM/helpdesk providers,
  • professional advisers (e.g., accountants, lawyers) when necessary.

These third parties act as processors (or, where relevant, independent controllers). Where they act as processors, we enter into data processing agreements in accordance with Article 28 GDPR and require appropriate confidentiality and security measures.

We do not sell your personal data.

  1. International transfers and storage locations (EU and Serbia)

Your data is stored and may be processed within the European Union and in the Republic of Serbia.

Where processing occurs in Serbia, this is a transfer outside the EU/EEA. In such cases, we use appropriate safeguards as required by GDPR Chapter V, such as:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable, and/or
  • other lawful transfer mechanisms under the GDPR.
  1. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Measures include access controls, least-privilege access, and secure service providers.

No method of transmission or storage is 100% secure, but we work to protect your data to an appropriate standard.

  1. Your rights

Subject to the conditions and limitations in the GDPR, you have the right to:

  • access your personal data;
  • rectify inaccurate or incomplete data;
  • erase your data (“right to be forgotten”);
  • restrict processing;
  • data portability;
  • object to processing based on legitimate interests;
  • withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact us (Section 12). We may need to verify your identity before responding.

  1. Contact

If you believe our processing violates data protection law, you have the right to lodge a complaint with a supervisory authority in the EU/EEA where you reside, work, or where the alleged infringement occurred.

You can also contact us first - we’ll try to resolve it promptly.

  1. Children

The Service is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided data to us, please contact us to request deletion.

  1. Contact

For privacy-related questions and requests, contact:

  1. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be published on the Service with a revised “Effective date”.