Alterego Bot 3.3v

Privacy Policy (GDPR)

1. Introduction

The purpose of this Privacy Policy is to provide information on data processing during the operation of the artificial intelligence based chatbot available at AlteregoBot.com (hereinafter: Service), in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, EU GDPR) and the UK GDPR.

2. Data Controller Details

Operator of the Service: Alterego Agent LTD

Registered Office / Postal Address: 128 City Road London EC1V 2NX United Kingdom

Company Registration Number: 16995431

Tax ID: TODO: Adószám

Privacy Contact Email: info@alteregobot.com

3. Scope, Purpose, and Legal Basis of Processed Personal Data

3.1. Conversation Data

  • Processed Data: Messages entered by the user in the chat interface and responses generated by the chatbot.
  • Purpose of Processing: Ensuring the operation of the chatbot, understanding and answering user requests, improving chatbot functionality, and optimizing user experience.
  • Legal Basis: The primary legal basis for conversation data is the performance of the contract necessary to provide the service (GDPR Art. 6(1)(b)). Data processing related to service development is based on legitimate interest (GDPR Art. 6(1)(f)).
  • Retention Period: Conversation data is stored for the time necessary for operation, but no longer than 30 nap, or until the user requests its deletion.
  • Arena conversations: Conversations (debates) generated in the Arena function are also stored and may become available in an archived form on the platform. The legal basis for this is the performance of the contract, as well as the legitimate interest in operating the platform. Storage time for Arena debates: until the bot is active, or until deletion.

3.2. Technical Data

  • Processed Data: IP address, browser type, operating system, date and time of access.
  • Purpose of Processing: Maintaining security of the Service, debugging, monitoring service availability, and creating statistical analyses.
  • Legal Basis: The Service Provider's legitimate interest in the secure and efficient operation of the service, maintaining system security, preventing abuse, and developing the service. (GDPR Art. 6(1)(f)).
  • Retention Period: Technical data is stored for the time necessary for operation, but no longer than 30 days.

3.3. Registration Data (if relevant)

  • Processed Data: Username, email address, password (hashed).
  • Purpose of Processing: Creating and managing the user account, ensuring login, personalizing the service.
  • Legal Basis: Performance of contract (GDPR Art. 6(1)(b)).
  • Retention Period: Until the user account is deleted, or 5 years from registration (limitation period).

4. Data Processors and Data Transfer

During the operation of the Service, we also use third-party service providers to process data. These providers act as data processors and may only process data according to the Service Provider's instructions.

4.1. Hosting Provider

The hosting for the website and database is provided by DotRoll Kft. (1148 Budapest, Fogarasi út 3-5.).

4.2. Artificial Intelligence Provider (OpenAI)

To generate the chatbot's responses and analyze content, we use the services of OpenAI, L.L.C. (HQ: 3180 18th Street, San Francisco, CA 94110, USA).

  • Data Transfer to Third Countries: OpenAI's servers are located in the United States. Data transfer takes place with appropriate guarantees under the GDPR (e.g., Standard Contractual Clauses).
  • Data Protection: OpenAI undertakes not to use the data transferred to it for training its own models (default setting for API usage), unless we explicitly grant permission (we currently do not).
  • More information: OpenAI Privacy Policy.

5. Data Security

The Service Provider applies appropriate technical and organizational measures to ensure the secure processing of data, in particular protecting against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as accidental destruction and damage. The database is password-protected, and communication takes place via SSL encryption (HTTPS).

6. Handling of Data Protection Incidents

In the event of a data protection incident affecting personal data, the Service Provider shall immediately take the necessary technical and organizational measures and notify the competent supervisory authority in accordance with GDPR regulations, as well as—if the incident involves high risk—the data subjects.

7. Rights of the Data Subject

The data subject may exercise the following rights:

  • Right of Access: Request information about the data processed about them and the details of the processing.
  • Right to Rectification: Request the correction of inaccurate personal data stored about them.
  • Right to Erasure ("Right to be Forgotten"): Request the deletion of their personal data if the legal basis for processing no longer exists or if the processing is unlawful.
  • Right to Restriction of Processing: Request the restriction of processing in certain cases (e.g., if the accuracy of the data is contested).
  • Right to Data Portability: Request to receive the data processed about them in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing if it is based on the Service Provider's legitimate interest.
  • Removal of content containing personal data: If the Arena or any other chatbot content contains personal data, the data subject may request its deletion within the framework of exercising data protection rights.

The data subject may exercise the above rights at the email address "info@alteregobot.com".

8. Automated Decision Making and Profiling

Certain functions of the Service (e.g., bot creation verification) apply automated decision-making using artificial intelligence. The purpose of the automated decision is to prevent the creation of infringing, deceptive, or unauthorized bots.

The automated decision does not result in legal effects or similarly significant consequences for the user, as the user has the opportunity to request human review during the validation process.

The data subject is entitled to:

  • request human intervention,
  • express their point of view,
  • contest the decision.

9. Right to Lodge a Complaint

If the data subject believes that the processing of their personal data has violated GDPR regulations, they may file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).

  • NAIH Contact Details:
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal Address: 1363 Budapest, Pf. 9.
  • Phone: +36 (1) 391-1400
  • Email: ugyfelszolgalat@naih.hu
  • Website: www.naih.hu

10. Handling of Minors' Data

The Service is not recommended for persons under 16 years of age. The Service Provider considers the processing of personal data of minors to be undesirable and, if it becomes aware that it is processing data of a person under 16, it will immediately take measures to delete it.

11. Bot Creation Verification and Validation

When using the Service, particularly when creating new bots, the system performs an automated, artificial intelligence-based check. The purpose of this is to prevent the creation of bots that unauthorizedly depict famous people, public figures, or protected personalities.

If the AI detects that the bot to be created depicts a known personality (based on name or profile picture), the system automatically blocks publication and forces the validation process.

Steps of the validation process:

  1. Data Request: The user must prove their eligibility to create the bot (e.g., proof of identity or official authorization).
  2. Website Verification: The user must place a verification code or file on their own website, or publish a verification post on their official social media channel, linking the person to the created bot.
  3. Approval: After successful technical verification, the bot receives "Verified" status and becomes public.

12. Cookie Information

The website uses essential cookies (session cookies) to identify the session. Without these, the site functions (e.g., login, chat history) will not work. We do not use third-party marketing cookies unless you explicitly consent to this. The user is entitled to restrict or disable the use of cookies in their browser settings.

13. Amendment of Privacy Policy

The Service Provider reserves the right to modify this Privacy Policy at any time without prior notice. Amendments become effective upon publication. Last update date: 2026.05.08