PhiRM – Privacy Policy

Last updated: 11 May 2026

PhiRM (“PhiRM”, “we”, “our”, “us”) provides a document processing service that converts AI-generated content into structured output formats such as DOCX and PDF.

We are committed to processing personal data responsibly and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Privacy Policy explains what data we collect, why we process it, how long we keep it, and what rights users have.

1. Who we are

The data controller for PhiRM is:

PhiRM
Rubisca s.r.o.
Slovakia
contact@phirm.eu

2. What data we collect

We collect only the data necessary to operate and secure the service.

Account data

email address
password hash
account-related identifiers

Technical data

IP address
session identifiers
browser or device-related technical metadata
authentication and access metadata

Usage data

job identifiers
processing status
timestamps
service usage metadata
billing-related references

Content data

PhiRM processes user-provided content for the purpose of generating documents. This may include content submitted through the PhiRM extension, web interface, or related processing flow.

We process such content only as necessary to provide the requested output.

Browser extension privacy

PhiRM provides a browser extension that works on supported AI chat pages such as ChatGPT and Gemini. The extension is used to export AI conversations into DOCX and PDF documents.

The extension reads the current supported AI conversation only when the user manually starts an export. Depending on the content of the conversation, this may include user prompts, assistant responses, headings, paragraphs, lists, tables, formulas, code blocks, links, images and rendered visual elements needed to reconstruct the requested document.

The selected conversation content and required export metadata are sent to PhiRM servers only to generate the requested DOCX or PDF document.

PhiRM is designed for short-term processing, not long-term storage of exported AI conversation content.

Under normal operation, temporary export files and submitted conversation content used to generate a DOCX or PDF file are scheduled for deletion shortly after the generated document has been downloaded, typically within about 6 minutes.

If the generated result is not downloaded, an export fails, a retry is required, cleanup is delayed, or retention is necessary for debugging, abuse prevention, security, billing, legal compliance or service operation, some technical records or temporary processing data may be kept for a limited longer period.

PhiRM does not use exported content for advertising, does not sell it, and does not use it to train AI models.

The extension uses a PhiRM extension token to authorize exports and check account entitlement. The token and export preferences may be stored locally in browser storage.

PhiRM does not continuously monitor browsing activity, does not collect browsing history, does not scrape unrelated websites, and does not run hidden background exports. Host permissions are used only for supported AI chat pages, PhiRM API endpoints and visual resources needed during a user-initiated export.

Temporary processing data may be used only for document generation, delivery, debugging, abuse prevention, security and service operation, according to PhiRM's retention policy.

3. How we use data

We process personal data for the following purposes:

creating and managing user accounts
authenticating users and maintaining sessions
generating and delivering documents
processing payments and managing billing
enforcing usage limits and preventing abuse
maintaining service security, stability, and diagnostics
complying with legal obligations

4. Legal basis for processing

Depending on the context, PhiRM processes personal data on one or more of the following legal bases:

performance of a contract, where processing is necessary to provide the service
legitimate interests, including service security, fraud prevention, abuse control, and technical maintenance
compliance with legal obligations, especially in relation to tax, accounting, and regulatory requirements
consent, where consent is specifically required

5. Content handling and retention

PhiRM is designed around data minimization.

User-provided content is processed for document generation and is not used for model training.

Content is stored temporarily only and is removed on a rolling basis as part of service operation and cleanup processes. PhiRM is not designed for long-term content retention.

Account data is generally retained for as long as the account remains active, unless a longer retention period is required by law or necessary to resolve disputes, enforce our terms, or protect the service.

Billing and transaction-related records may be retained for the period required under applicable accounting, tax, and legal obligations.

Technical and security-related data, including IP-related records and session data, may be retained for a limited period where necessary for security, abuse prevention, and system integrity.

6. Third-party services

PhiRM uses carefully selected third-party providers where necessary to operate the service.

These may include:

Paddle, as Merchant of Record for relevant checkout transactions, including payment processing, tax calculation, and invoicing
hosting and infrastructure providers, for running the service
email delivery providers, for transactional emails such as sign-in links, verification messages, and account-related notifications

These third parties process data only as necessary to perform their functions.

7. Cookies

PhiRM uses essential cookies only.

These cookies are used to maintain login sessions, support account authentication, and ensure normal operation of the service.

PhiRM does not use advertising cookies or optional tracking cookies on its core service pages.

8. Security

PhiRM takes reasonable technical and organizational measures to protect personal data and service access.

password hashing
token-based authentication
session expiration and session control
HTTPS transport security
access controls and service-side validation
measures against abuse and unauthorized use

No system can guarantee absolute security, but PhiRM is designed to reduce unnecessary exposure and retain as little data as reasonably possible.

9. International transfers

PhiRM aims to process data within the European Economic Area (EEA) where possible.

Where data is processed outside the EEA, appropriate safeguards are used in accordance with applicable law.

10. Your rights

Under applicable data protection law, you may have the right to:

access your personal data
request correction of inaccurate data
request deletion of personal data
request restriction of processing
object to certain processing
request portability, where applicable
lodge a complaint with a competent supervisory authority

Requests may be sent to:

contact@phirm.eu

11. Account deletion

You may request deletion of your account by contacting us at the email address above.

Deletion requests will be handled within a reasonable period, subject to any legal, accounting, security, or contractual retention requirements.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or product changes.

The latest version will always be published on this page.

Background image adapted from a NASA visualization. Original image credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman, 2019.

NASA does not endorse PhiRM. PhiRM is an independent tool and is not affiliated with NASA. PhiRM’s visual design is inspired by respect for science, knowledge, and education, and by the horizons they continue to open.