🔒 Privacy Policy
Last updated: 2025-04-13
UAB AZORA (hereinafter "we", "our") respects your privacy and is committed to protecting your personal data
in accordance with the General Data Protection Regulation (GDPR) and the laws of the Republic of Lithuania.
1. Data Controller
Data controller: UAB AZORA
Email: info@azora.lt
Website: azora.lt
Registered office: Vilnius, Lithuania
2. Data We Collect
- Registration data: email address, password (encrypted)
- Usage data: conversation history with the AI assistant, session information
- Technical data: IP address, browser type, visit time
- Payment data: processed via Stripe — we do not store card numbers
3. Purposes of Data Processing
- Providing the service and administering user accounts
- Delivering AI medical consultations
- Processing payments and managing subscriptions
- Improving service quality and analytics
- Fulfilling legal obligations
4. Legal Basis for Processing
- Contract — data is processed to provide you with services (GDPR Art. 6(1)(b))
- Consent — analytics cookies are used only with your consent (GDPR Art. 6(1)(a))
- Legitimate interest — website security and operation (GDPR Art. 6(1)(f))
5. Data Retention Periods
- Account data — while the account is active or 2 years after last login
- Conversation history — 12 months from conversation date
- Payment records — 10 years per accounting requirements
- Technical logs — 90 days
6. Data Recipients
- Stripe, Inc. — payment processing (USA, EU-US DPF certified)
- Anthropic — AI model service provision (USA)
- Google Analytics — website traffic analysis (with your consent)
Data may be transferred to third countries (USA) based on standard contractual clauses or adequacy decisions.
7. Your Rights
Under the GDPR you have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request erasure of data ("right to be forgotten")
- Restrict data processing
- Data portability to another controller
- Object to data processing
- Withdraw consent at any time
To exercise these rights, contact us at: info@azora.lt
8. Security Measures
We use: 256-bit SSL/TLS encryption, password hashing (PBKDF2-SHA256, 100,000 iterations), secure API key management,
regular security audits and access control. Payment data is handled by PCI DSS certified Stripe.
9. Cookies
For information about cookies we use, please see our Cookie Policy.
10. Complaints
If you believe your rights have been violated, you have the right to file a complaint with
the State Data Protection Inspectorate (vdai.lrv.lt).
11. Special Category Data (GDPR Art. 9)
MAI processes health data, which under GDPR Article 9 is considered special category personal data.
Legal basis: Explicit user consent before using AI analysis features.
Data types: Blood test results, symptom descriptions, medical conversations, photos for analysis.
DPIA: A Data Protection Impact Assessment (DPIA) is conducted and reviewed annually, as required for high-risk data processing.
12. Data Breach Management
In the event of a data security breach, AZORA acts according to an established protocol:
- Within 72 hours we notify the State Data Protection Inspectorate (VDAI) per GDPR Art. 33
- Within 30 days we notify affected users if the breach poses a risk to their rights and freedoms (GDPR Art. 34)
- We conduct an internal investigation and implement preventive measures
Security contact: security@azora.lt
13. Changes
This policy may be updated. We will inform you of material changes on the website or by email.
← Back to home page