Privacy Policy

Last updated: June 2026

Who we are

Selaro is operated by a small team based in Denmark. We are subject to EU law, including the General Data Protection Regulation (GDPR). The data controller is the operator of Selaro, based in Denmark.

Questions about this policy: privacy@selaro.ai

What data we collect and why

Account data

When you create an account, we collect your email address and display name. We use this to identify you, send you important account communications, and provide the service.

Conversation data

Your conversations with Selaro are stored so you can access them later and so Selaro can build memory over time (paid plans only). We do not use your conversations to train AI models — ever.

Memory profile

For paid users, Selaro extracts themes, values, and patterns from your conversations to build a profile that makes future conversations more relevant. You can view, edit, and delete this at any time from your account settings.

Usage data

We collect basic usage data (credits used, features accessed) to operate the service and prevent abuse. We do not track you across other websites.

Payment data

Payments are processed by Stripe. We do not store your card details — Stripe handles all payment data under their own privacy policy.

Cookies

We use necessary cookies to keep you signed in. We use functional cookies (with your consent) to remember preferences. We use analytics cookies (with your consent) to understand how the product is used. You can manage your cookie preferences at any time via the cookie banner.

AI-generated content

Selaro's responses are generated automatically by third-party AI models and may contain errors, omissions, or inaccuracies. They are not professional advice. See our Terms of Service for the full AI-content disclaimer.

How we use your data

  • To provide and improve the Selaro service
  • To send you important account communications (never marketing without consent)
  • To detect and prevent abuse
  • To comply with legal obligations

We do not sell your data. We do not share your data with third parties except as described below.

Legal basis for processing

Under the GDPR, we rely on the following legal bases to process your personal data:

  • Account operation and providing the service — Contract (Art. 6(1)(b))
  • Processing payments — Contract (Art. 6(1)(b))
  • Abuse prevention and security — Legitimate interest (Art. 6(1)(f))
  • Analytics (cookieless) — Legitimate interest, or consent where required
  • Meeting legal obligations — Legal obligation (Art. 6(1)(c))
  • Building your private memory profile — Contract / legitimate interest (core to the service you signed up for)

Who we share data with

  • Anthropic — powers the AI. Your conversations are sent to Anthropic's API to generate responses, under a Data Processing Agreement (DPA). Anthropic does not use API data to train models. See Anthropic's privacy policy at anthropic.com/privacy.
  • Supabase — our database, hosted in the EU.
  • Stripe — payment processing. Stripe is GDPR-compliant.
  • Vercel — provides our hosting infrastructure. Where personal data is transferred outside the EEA, appropriate safeguards (such as SCCs) are used.
  • Plausible — privacy-friendly, cookieless analytics on our public pages only. It collects no personal data and does not track you across sites.

We do not use any advertising networks, data brokers, or third-party analytics that track you across websites.

International data transfers

Some of our processors (including Anthropic, which provides AI processing) are based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).

We may engage additional subprocessors from time to time. An up-to-date list of subprocessors is available upon request at privacy@selaro.ai.

Your rights (GDPR)

You have the right to:

  • Access the data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing in certain circumstances
  • Receive your data in a portable format (data portability)
  • Object to processing based on our legitimate interests
  • Withdraw consent at any time
  • Lodge a complaint with the Danish Data Protection Agency (Datatilsynet)

To exercise any of these rights, go to Settings → Profile → Data and Privacy, or email privacy@selaro.ai.

Data retention

  • While your account is active, your conversations and memory profile are retained so you can use the service.
  • When you delete your account, all your personal data is permanently deleted within 30 days.
  • Residual copies in encrypted backups are purged within 90 days.
  • You can export or delete your data at any time from Settings → Profile → Data and Privacy.

Security

We use encryption in transit (HTTPS) and at rest. Access to production data is restricted to essential personnel only. We conduct regular security reviews.

Changes to this policy

We will notify you by email of material changes to this policy at least 30 days before they take effect.