Newam

Privacy Policy (NEWAM^AI)

Last Updated: 2026-01-26

Version: 1.1

This Privacy Policy explains how and winter s.r.o. ("NEWAM^AI", "we", "us", or "our"), a company incorporated under the laws of the Slovak Republic with registered office at Černyševského 10, 851 01, Bratislava, Slovakia, Company Registration Number 46094873, collects, uses, shares, and protects personal data when you access or use our online marketplace platform NEWAM^AI (the "Platform").

We operate primarily in the European Union and the United States, and we are committed to protecting personal data in accordance with the GDPR and other applicable privacy laws.

By using the Platform, you acknowledge you have read and understood this Privacy Policy.

1. Definitions

  • Client: A user seeking AI consulting and related professional development services.
  • Consultant: An independent service provider offering AI consulting and related services via the Platform.
  • Marketplace: The Platform functionality that allows Clients and Consultants to discover each other, communicate, book sessions, and transact.

2. Data Controller and Contact

2.1 Data Controller

  • and winter s.r.o.
  • Černyševského 10, 851 01, Bratislava, Slovakia
  • Company Registration Number: 46094873

2.2 Contact

  • Email: office@newam.ai
  • Address: Černyševského 10, 851 01, Bratislava, Slovakia

2.3 Privacy Contact

For privacy-related inquiries and data subject requests, contact: office@newam.ai (Subject line suggestion: "Privacy Request")

3. Marketplace Roles and Responsibilities

3.1 NEWAM^AI's role

The Platform is a marketplace that connects Clients with independent Consultants. We provide the technology and infrastructure that enables discovery, communication, booking, and payments. We do not provide consulting services directly.

3.2 Consultants' role (important)

Consultants are independent contractors. When a Client engages a Consultant, the consulting service is provided by the Consultant, and certain personal data must be shared between Client and Consultant to enable service delivery.

Depending on the context:

  • NEWAM^AI is generally the data controller for personal data processed to operate the Platform (accounts, payments orchestration, platform communications, security, etc.).
  • Consultants are generally independent data controllers for personal data they process to deliver their services and comply with their own legal obligations (e.g., invoicing, taxes, professional recordkeeping), unless explicitly acting on documented instructions.

This means that privacy practices may differ between NEWAM^AI and individual Consultants. Where Consultants receive personal data from you, they are responsible for handling it appropriately.

4. Legal Bases for Processing (EEA/UK/Swiss Users)

Where the GDPR applies, we process personal data on the following legal grounds (Article 6 GDPR), as applicable:

  • Contractual necessity (Art. 6(1)(b)) – to provide the Platform and enable bookings and transactions.
  • Legitimate interests (Art. 6(1)(f)) – to secure the Platform, prevent fraud, improve features, and operate analytics (where consent is not required).
  • Legal obligations (Art. 6(1)(c)) – to comply with tax/accounting, regulatory requirements, and lawful requests.
  • Consent (Art. 6(1)(a)) – for non-essential cookies/tracking and certain marketing activities, where required.

5. Personal Data We Collect

5.1 Data you provide directly

For all users:

  • Full name
  • Email address
  • Password (stored in encrypted/hashed form)
  • Phone number (if provided)
  • Country of residence
  • Profile photograph (optional)
  • Communication preferences
  • Messages and communications on the Platform

For Clients (may include):

  • Company name and details (if applicable)
  • Billing address
  • VAT number (if applicable)
  • Project requirements/descriptions
  • Information necessary to complete transactions (payment handled by our payment provider; see below)

For Consultants (may include):

  • Professional qualifications, credentials, portfolio, service descriptions, pricing
  • Availability and scheduling information
  • Tax identification number (where applicable)
  • Payout/banking details (for receiving payments)
  • Professional certifications/licenses (where applicable)

5.2 Data collected automatically (device/usage)

When you use the Platform, we may collect:

  • IP address
  • Browser type/version, device type, operating system
  • Page views and interactions, referral source
  • Approximate location inferred from IP (country/region level)
  • Logs related to authentication and security events
  • Cookies and similar technologies (see Section 11)

5.3 Consultation session data (video + meetings)

We support sessions both inside the Platform (our video functionality), and/or via external meeting tools (e.g., Zoom, Google Meet, Microsoft Teams), depending on what you and the Consultant use.

We do not record or transcribe consultation sessions at this time.

However, for Platform operation and dispute prevention, we may process session metadata, such as:

  • whether each party joined/attended,
  • join/leave timestamps,
  • session duration,
  • technical diagnostics (e.g., connectivity or performance indicators).

If we introduce recording or transcription in the future, we'll update this policy and, where required, obtain consent before enabling it.

5.4 Data from third parties

We may receive information from:

  • Payment providers (payment status, transaction IDs, partial billing details; we do not receive full payment card numbers in typical setups)
  • Identity/verification providers (if we verify users)
  • Social login providers (if you choose social sign-in)
  • Google Calendar (if you connect Google Calendar; see Section 18)

5.5 Public information (Consultant directory)

Certain Consultant profile data may be publicly visible on the Platform (e.g., via the consultant directory), such as:

  • name (or chosen display name),
  • country/location,
  • languages,
  • professional bio, skills/specializations,
  • rates/pricing,
  • reviews/ratings (when applicable).

Public profiles may be accessible without logging in and may be indexed by search engines depending on Platform configuration and search engine behavior.

6. How We Use Personal Data

6.1 Platform operation and service delivery

  • Create and manage accounts
  • Enable discovery/search and matching
  • Enable messaging and communication between Clients and Consultants
  • Enable bookings, scheduling, calendar events
  • Process transactions (including retainers / credits if applicable) and facilitate payouts
  • Provide customer support and handle inquiries
  • Enforce Terms, prevent misuse, and maintain Platform integrity

6.2 Payments

Payments are processed through third-party payment providers (e.g., Stripe). We use payment data to:

  • process purchases and payouts,
  • prevent fraud,
  • manage refunds/chargebacks where applicable,
  • maintain accounting and transaction records.

6.3 Platform improvement, analytics, and debugging

  • Understand feature usage and improve functionality
  • Diagnose errors and performance issues
  • Develop and test new features

6.4 Safety, fraud prevention, and compliance

  • Protect users and the Platform from fraud, abuse, and security incidents
  • Comply with legal and regulatory obligations
  • Respond to lawful requests and protect rights and safety

6.5 Marketing (where permitted)

  • Send newsletters and updates (where required, based on consent or other lawful basis)
  • Surveys and feedback requests

You can opt out of marketing emails at any time using the unsubscribe link or by contacting us.

7. Data Sharing and Disclosure

7.1 Sharing within the marketplace (Clients ↔ Consultants)

To enable services, we share certain information between Clients and Consultants, including:

  • profile information needed to evaluate and provide services,
  • booking details and scheduling info,
  • transaction confirmations relevant to the engagement,
  • messages and communications related to the engagement.

Note: Consultants may be located in different countries. By engaging a Consultant, you understand that personal data may be shared with them, and they may process it under their own privacy obligations.

7.2 Service providers (processors)

We share data with service providers that help us run the Platform, such as:

  • Payment processing (e.g., Stripe)
  • Cloud hosting and infrastructure
  • Email and communications
  • Customer support tools
  • Analytics, debugging, and security monitoring (e.g., Sentry, Smartlook)
  • Calendar integration providers (e.g., Google Calendar API; see Section 18)

These providers are authorized to process personal data only as needed to provide services to us and are contractually required to protect it.

7.3 Legal disclosures

We may disclose personal data to comply with law, court orders, lawful requests, or to protect rights, safety, and security, including investigating suspected fraud or violations of our Terms.

7.4 Business transfers

If we undergo a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of that transaction, subject to applicable legal requirements.

7.5 No sale of personal data

We do not sell personal data to third parties for their own marketing purposes. (For Google user data, see Section 18 for additional restrictions and commitments.)

8. International Data Transfers

Your personal data may be processed in countries outside the EEA (including the United States), for example where our service providers or Consultants are located.

Where required, we use appropriate safeguards such as:

  • European Commission Standard Contractual Clauses (SCCs), and/or
  • other legally recognized transfer mechanisms.

You may request information about relevant safeguards by contacting office@newam.ai.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law.

9.1 Typical retention periods

  • Account data: retained while your account is active.
  • Terminated accounts: typically deleted or anonymized within 30 days after termination, unless we must retain certain data for legal/compliance reasons.
  • Transaction records: typically retained for 7 years to comply with tax and accounting obligations.
  • Messages and engagement records: retained while accounts are active and as needed for dispute prevention, security, and legal compliance; may be retained longer where required.
  • Session metadata (attendance/duration): retained as necessary to operate the Platform and handle disputes, then deleted/anonymized according to our retention practices.
  • Analytics/debugging logs:
    • Smartlook session replay: typically retained for a limited period (e.g., up to 30 days) unless we need to retain longer to investigate security/performance issues.
    • Sentry logs/error reports: typically retained for a limited period (e.g., up to 90 days) unless needed longer for security/debugging investigations.

9.2 Deletion requests

You may request deletion of your personal data, subject to legal retention requirements (see Sections 10 and 12).

10. Your Rights (EEA/UK/Swiss Users)

Where GDPR (or similar laws) apply, you may have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase data ("right to be forgotten") in certain cases (Art. 17)
  • Restrict processing in certain cases (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interests or for direct marketing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Lodge a complaint with a supervisory authority (Art. 77)

10.1 How to exercise your rights

Email: office@newam.ai

We typically respond within one month, and may extend by up to two additional months where legally permitted.

10.2 Lead Supervisory Authority (Slovakia)

Office for Personal Data Protection of the Slovak Republic

Hraničná 12, 820 07 Bratislava 27, Slovakia

11. Cookies, Tracking Technologies, and Session Replay

We use cookies and similar technologies to operate the Platform and to understand and improve usage.

11.1 Essential cookies

Essential cookies are required for core functions such as authentication, security, and session management. These cannot be disabled without affecting Platform functionality.

11.2 Analytics, debugging, and session replay (Smartlook + Sentry)

We use tools such as Sentry (error monitoring) and Smartlook (session replay) to:

  • debug issues,
  • monitor performance,
  • improve user experience.

Smartlook session replay is used across the Platform, including logged-in areas. Session replay may capture interaction data such as clicks, scrolling, mouse movements, page navigation, and technical/device information. Depending on configuration, session replay tools can also capture what users type into fields.

Data minimization controls (our commitments):

  • We take steps to avoid collecting sensitive data in session replay, including implementing masking/suppression for sensitive fields (e.g., passwords and payment card fields) and limiting collection where appropriate.
  • Even with these steps, you should avoid entering sensitive personal data into free-text fields unless necessary for service delivery.

11.3 Consent and cookie preferences

Where required by law, we'll activate non-essential cookies and tracking (including analytics/session replay) only after you provide consent via our cookie banner/preferences. You can withdraw or adjust your preferences at any time through the cookie banner/settings.

11.4 "Do Not Track" and Global Privacy Control

Some browsers offer signals such as Global Privacy Control (GPC). Where legally required, we will treat such signals as a request to opt out of certain forms of data "sale" or "sharing" (as defined by applicable laws). If we do not engage in such practices, the signal may have limited practical effect beyond cookie preferences.

12. US Privacy Disclosures (United States)

If you're a resident of certain US states, you may have rights regarding your personal data, depending on applicable law and whether we meet statutory thresholds.

12.1 Categories of personal data we may collect (US)

Depending on how you use the Platform, we may collect:

  • Identifiers: name, email, IP address, account identifiers
  • Commercial information: purchases, subscription/retainer details, transaction history
  • Internet/electronic activity: device info, usage data, analytics/session replay data
  • Professional information: consultant profile details, skills, experience
  • Approximate location: inferred from IP (region/country)
  • Communications: messages and support interactions

12.2 Purposes

We collect and use personal data for the purposes described in Section 6 (operate the Platform, facilitate bookings and transactions, improve services, analytics/debugging, security, compliance, and marketing where permitted).

12.3 "Sale" / "Sharing" (California-style definitions)

We do not sell personal information in exchange for money. We also do not share personal information for cross-context behavioral advertising in the typical sense. We do disclose personal data to service providers (like analytics and payment processors) to operate and secure the Platform.

12.4 Your US privacy rights (where applicable)

Depending on your state, you may have rights to:

  • access/know what data we have about you,
  • delete certain data,
  • correct inaccurate data,
  • obtain a portable copy of your data,
  • opt out of certain processing such as targeted advertising (where applicable),
  • limit the use of certain sensitive information (where applicable),
  • not be discriminated against for exercising privacy rights.

12.5 How to exercise US privacy rights

Email us at office@newam.ai with subject line "US Privacy Request".

We may need to verify your request (e.g., by confirming account access). If you use an authorized agent (where permitted), we may require proof of authorization.

12.6 Appeals (certain states)

If we deny your request and your state law provides an appeal right, you may request an appeal by replying to our decision email and stating "Appeal".

13. Children's Privacy

The Platform is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact office@newam.ai.

14. Automated Decision-Making and Profiling

14.1 Matching

We may use automated systems to recommend or match Clients with Consultants based on factors such as:

  • project requirements,
  • consultant expertise, availability, and preferences,
  • prior ratings/feedback (where applicable).

This matching is intended to assist discovery and does not produce legal effects or similarly significant effects by itself. Users retain control over which Consultant they engage.

14.2 Fraud prevention

We may use automated tools to detect suspicious activity. If flagged, accounts or transactions may be reviewed and may be suspended pending investigation.

15. Data Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures may include:

  • encryption in transit (TLS/SSL),
  • access controls and authentication,
  • monitoring and logging,
  • secure development and incident response processes.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

15.1 Data breach notification (GDPR contexts)

Where required, we'll notify relevant authorities and affected individuals in accordance with applicable law.

16. Links to Third-Party Sites

The Platform may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their policies.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, features, or legal requirements. We'sll post the updated policy on the Platform and update the "Last Updated" date. For material changes, we may also notify you by email or through the Platform.

18. Google User Data (Google Calendar Integration)

This section explains how we access, use, store, and protect Google user data when you connect Google Calendar.

18.1 What Google user data we access

If you connect Google Calendar, we may access:

  • availability information to display open time slots,
  • calendar event creation data for booked consultations,
  • basic metadata needed to manage the integration (e.g., calendar IDs, event identifiers).

We do not access other Google user data beyond what is necessary for calendar integration.

18.2 How we use Google user data

We use Google user data only to provide and improve calendar-related functionality, such as:

  • reading availability,
  • creating consultation events,
  • synchronizing bookings to prevent double booking,
  • troubleshooting and improving the integration.

We do not use Google user data for:

  • targeted advertising,
  • selling to data brokers,
  • creditworthiness or lending decisions,
  • building unrelated databases,
  • training AI models.

18.3 Sharing Google user data

We do not transfer or disclose Google user data to third parties except as necessary to provide or improve the calendar integration (e.g., using Google APIs and storing data on our cloud infrastructure).

18.4 Retention and deletion (Google user data)

  • Retained while your account is active and the integration is connected.
  • If you disconnect Google Calendar, we delete associated Google user data typically within 30 days, unless legally required otherwise.

You may request deletion by disconnecting the integration or emailing office@newam.ai.

19. Contact Us

For questions, concerns, or requests related to this Privacy Policy:

  • Email: office@newam.ai
  • Address: Černyševského 10, 851 01, Bratislava, Slovakia