PhiRM – Privacy Policy

Last updated: [15 May 2026]

PhiRM (“PhiRM”, “we”, “our”, “us”) provides a document processing service that converts AI-generated content into structured output formats such as DOCX and PDF.

We are committed to processing personal data responsibly and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Privacy Policy explains what data we collect, why we process it, how long we keep it, and what rights users have.

1. Who we are

The data controller for PhiRM is:

PhiRM
Rubisca s.r.o.
Slovakia
contact@phirm.eu

2. What data we collect

We collect only the data necessary to operate and secure the service.

Account data

email address
password hash
account-related identifiers

Technical data

IP address
session identifiers
browser or device-related technical metadata
authentication and access metadata

Usage data

job identifiers
processing status
timestamps
service usage metadata
billing-related references

Content data

PhiRM processes user-provided content for the purpose of generating documents. This may include content submitted through the PhiRM extension, web interface, or related processing flow.

We process such content only as necessary to provide the requested output.

3. How we use data

We process personal data for the following purposes:

creating and managing user accounts
authenticating users and maintaining sessions
generating and delivering documents
processing payments and managing billing
enforcing usage limits and preventing abuse
maintaining service security, stability, and diagnostics
complying with legal obligations

4. Legal basis for processing

Depending on the context, PhiRM processes personal data on one or more of the following legal bases:

performance of a contract, where processing is necessary to provide the service
legitimate interests, including service security, fraud prevention, abuse control, and technical maintenance
compliance with legal obligations, especially in relation to tax, accounting, and regulatory requirements
consent, where consent is specifically required

5. Content handling and retention

PhiRM is designed around data minimization.

User-provided content is processed for document generation and is not used for model training.

Content is stored temporarily only and is removed on a rolling basis as part of service operation and cleanup processes. PhiRM is not designed for long-term content retention.

Account data is generally retained for as long as the account remains active, unless a longer retention period is required by law or necessary to resolve disputes, enforce our terms, or protect the service.

Billing and transaction-related records may be retained for the period required under applicable accounting, tax, and legal obligations.

Technical and security-related data, including IP-related records and session data, may be retained for a limited period where necessary for security, abuse prevention, and system integrity.

6. Third-party services

PhiRM uses carefully selected third-party providers where necessary to operate the service.

These may include:

Paddle, for payment processing, billing, VAT handling, and invoices
hosting and infrastructure providers, for running the service
email delivery providers, for transactional emails such as sign-in links, verification messages, and account-related notifications

These third parties process data only as necessary to perform their functions.

7. Cookies

PhiRM uses essential cookies only.

These cookies are used to maintain login sessions, support account authentication, and ensure normal operation of the service.

PhiRM does not use advertising cookies or optional tracking cookies on its core service pages.

Because only essential cookies are used for service operation, a consent banner is generally not required for these cookies under applicable rules. This should be verified against the final implementation and jurisdiction-specific requirements.

8. Security

PhiRM takes reasonable technical and organizational measures to protect personal data and service access.

password hashing
token-based authentication
session expiration and session control
HTTPS transport security
access controls and service-side validation
measures against abuse and unauthorized use

No system can guarantee absolute security, but PhiRM is designed to reduce unnecessary exposure and retain as little data as reasonably possible.

9. International transfers

PhiRM aims to process data within the European Economic Area (EEA) where possible.

Where data is processed outside the EEA, appropriate safeguards are used in accordance with applicable law.

10. Your rights

Under applicable data protection law, you may have the right to:

access your personal data
request correction of inaccurate data
request deletion of personal data
request restriction of processing
object to certain processing
request portability, where applicable
lodge a complaint with a competent supervisory authority

Requests may be sent to:

contact@phirm.eu

11. Account deletion

You may request deletion of your account by contacting us at the email address above.

Deletion requests will be handled within a reasonable period, subject to any legal, accounting, security, or contractual retention requirements.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or product changes.

The latest version will always be published on this page.

Background image adapted from a NASA visualization. Original image credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman, 2019.

NASA does not endorse PhiRM. PhiRM is an independent tool and is not affiliated with NASA. PhiRM’s visual design is inspired by respect for science, knowledge, and education, and by the horizons they continue to open.