EU AI Act & GDPR Notice

Transparent AI compliance for European users
πŸ‡ͺπŸ‡Ί πŸ‡·πŸ‡΄ πŸ‡¬πŸ‡§

This notice explains how RomandemAI complies with the EU AI Act and GDPR, ensuring your rights are protected while you enjoy conversations with CosmoG.

Last Updated: August 16, 2025

πŸ€– EU AI Act Compliance

EU AI ACT COMPLIANT

The European Union's AI Act is the world's first comprehensive AI regulation, and we're proud to be fully compliant from day one.

🏷️ AI System Classification

  • System Type: General Purpose AI Model (GPAI)
  • Risk Category: Limited Risk System
  • Primary Function: Conversational AI for entertainment and general assistance
  • Model Base: OpenAI GPT-4 with custom Romanian-British personality layer
  • Training Data: Diverse internet data + curated Romandem personality data

Transparency Requirements Met

πŸ” AI Disclosure

Users are clearly informed they're interacting with CosmoG, an AI system, not a human.

πŸ“‹ Capability Information

Clear documentation of what CosmoG can and cannot do, including limitations.

🎯 Purpose Declaration

Explicitly stated purpose: entertainment, conversation, and general assistance.

⚠️ Risk Assessment

Comprehensive risk assessment conducted and documented.

Human Oversight Measures

  • Continuous monitoring: Human oversight of AI responses and system behavior
  • Content filtering: Multiple safety layers to prevent harmful outputs
  • User feedback: Mechanisms for users to report concerning AI behavior
  • Regular audits: Periodic review of AI system performance and safety
  • Intervention capability: Ability to immediately halt or modify AI operations

πŸ›‘οΈ GDPR Data Protection

Full GDPR Compliance Since Day One
We've built our entire platform with GDPR principles at its core, not as an afterthought.

Data Protection Principles

  • Lawfulness, fairness, transparency: Clear legal basis and transparent processing
  • Purpose limitation: Data used only for specified, legitimate purposes
  • Data minimisation: We collect only what's necessary for the service
  • Accuracy: Mechanisms to keep data accurate and up-to-date
  • Storage limitation: Data kept only as long as necessary
  • Integrity and confidentiality: Robust security measures protect your data
  • Accountability: We can demonstrate compliance with all principles

Your GDPR Rights in Practice

πŸ” Right to Access

Download all your data anytime through your account settings or by contacting us.

✏️ Right to Rectification

Correct any inaccurate personal data immediately through your account.

πŸ—‘οΈ Right to Erasure

Delete your account and all associated data with a single click.

πŸ“€ Right to Portability

Export your data in standard formats (JSON, CSV) for use elsewhere.

⏸️ Right to Restrict Processing

Temporarily limit how we process your data while keeping your account active.

πŸ›‘ Right to Object

Object to specific types of data processing, such as analytics.

πŸ“’ Transparency & User Information

Under both the EU AI Act and GDPR, we must be completely transparent about how our AI system works and how we handle your data.

⚠️ Important AI Interaction Notice

You are interacting with an AI system. CosmoG is an artificial intelligence, not a human. All responses are generated by AI algorithms and should be evaluated accordingly.

What You Need to Know About CosmoG

  • AI-generated responses: All replies come from artificial intelligence, not humans
  • Personality layer: CosmoG's Romanian-British personality is programmed, not genuine cultural identity
  • Learning limitations: CosmoG doesn't learn from individual conversations or remember previous chats (unless you're logged in)
  • Knowledge cutoff: Training data has a specific cutoff date; recent events may not be known
  • Accuracy disclaimer: AI responses may contain errors, biases, or inaccuracies
  • No professional advice: CosmoG cannot provide medical, legal, or financial advice

How We Process Your Data

  • Chat messages: Sent to OpenAI's GPT-4 API for response generation
  • User accounts: Stored securely on EU servers (Supabase)
  • Analytics: Minimal, anonymized usage statistics for service improvement
  • Tone analysis: Emotional context analysis for better responses (optional feature)
  • Security logs: Technical logs for security and debugging purposes

βš–οΈ Your Rights & How to Exercise Them

We make exercising your data protection and AI transparency rights simple and straightforward.

Immediate Actions You Can Take

πŸ’Ύ Download Your Data

Go to Settings β†’ Privacy β†’ Export Data to download all your information.

πŸ—‘οΈ Delete Your Account

Settings β†’ Account β†’ Delete Account removes all data within 24 hours.

✏️ Update Information

Modify your profile, preferences, and privacy settings anytime.

🚫 Opt Out of Analytics

Turn off usage analytics in Privacy Settings with one click.

Contact for Complex Requests

Data Protection Officer

dpo@romandemai.com

For GDPR requests, AI transparency questions, or data protection concerns.

AI Ethics & Safety

ai-ethics@romandemai.com

For questions about AI system behavior, bias concerns, or safety issues.

European Representative

eu-representative@romandemai.com

For EU-specific compliance questions or regulatory matters.

Supervisory Authority Rights

You have the right to lodge a complaint with your national data protection authority:

  • EU residents: Contact your national Data Protection Authority
  • Romanian users: Autoritatea NaΘ›ionalΔƒ de Supraveghere a PrelucrΔƒrii Datelor cu Caracter Personal (ANSPDCP)
  • UK users: Information Commissioner's Office (ICO)
  • Other jurisdictions: We'll help you identify the appropriate authority

πŸ”§ Technical & Organisational Measures

We implement comprehensive technical and organisational measures to ensure both AI safety and data protection.

AI Safety Measures

  • Content filtering: Multi-layer safety systems prevent harmful outputs
  • Bias monitoring: Regular testing for unfair bias in AI responses
  • Human oversight: Qualified humans monitor AI system behavior
  • Incident response: Rapid response procedures for AI safety issues
  • Regular audits: Periodic assessments of AI system performance and safety

Data Protection Measures

  • Encryption: All data encrypted in transit and at rest using industry standards
  • Access controls: Strict role-based access to personal data
  • Audit logging: Complete logs of all data access and processing activities
  • Data minimisation: Automated systems ensure we only collect necessary data
  • Regular backups: Secure, encrypted backups with tested recovery procedures
  • Staff training: Regular GDPR and AI ethics training for all team members

International Safeguards

  • EU-first approach: Primary data storage and processing in EU
  • Standard contractual clauses: Appropriate safeguards for necessary international transfers
  • Adequacy decisions: Transfers only to countries with adequate protection
  • Additional safeguards: Extra protection measures for sensitive transfers

πŸ”„ Updates & Legal Changes

AI regulation and data protection law continue to evolve. Here's how we stay compliant:

Continuous Compliance

  • Regulatory monitoring: We track changes to EU AI Act and GDPR requirements
  • Proactive updates: Our systems evolve to meet new legal requirements
  • User notification: Clear communication about any changes affecting your rights
  • Expert consultation: Regular consultation with legal and technical experts

Notice of Changes

  • 30 days notice: Advance notification for significant policy changes
  • Email alerts: Direct notification to registered users
  • Website notices: Prominent notices on our platform
  • Version tracking: Previous versions available for reference

Your Options During Changes

  • Review period: 30 days to review and understand changes
  • Feedback submission: Contact us with concerns about proposed changes
  • Data export: Export your data before changes take effect
  • Service discontinuation: Option to delete your account if you disagree with changes

πŸ“ž Compliance Support & Contact

We're here to help you understand and exercise your rights under EU AI Act and GDPR.

πŸ‡ͺπŸ‡Ί EU Compliance Officer

eu-compliance@romandemai.com

For questions about EU AI Act compliance, AI system transparency, or regulatory matters.

πŸ›‘οΈ Data Protection Officer (DPO)

dpo@romandemai.com

For GDPR requests, data protection questions, or privacy concerns.

βš–οΈ Legal & Rights Questions

legal@romandemai.com

For questions about your rights, legal compliance, or dispute resolution.

πŸ€– AI Ethics & Safety

ai-ethics@romandemai.com

For concerns about AI behavior, bias issues, or safety-related questions.

Response Commitments

  • GDPR requests: Response within 30 days (usually 3-5 business days)
  • AI transparency questions: Response within 5 business days
  • Safety concerns: Response within 24 hours
  • General compliance questions: Response within 48 hours

Regulatory Authorities

πŸ‡·πŸ‡΄ Romania (Primary)

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

πŸ‡ͺπŸ‡Ί European Data Protection Board

For EU-wide data protection matters and cross-border issues

πŸ‡¬πŸ‡§ UK ICO (Post-Brexit)

Information Commissioner's Office for UK users

πŸ›οΈ EU AI Office

For AI Act compliance and AI system oversight matters

πŸŒ€ Your rights, respected. Your data, protected.

This isn't just compliance β€” it's our commitment to you. We believe that responsible AI and strong data protection aren't obstacles to innovation, they're the foundation of trust. Every feature we build, every decision we make, starts with respect for your rights and privacy.

Questions about compliance? Want to understand your rights better? Just curious about how we balance innovation with protection? We're always happy to talk.

πŸ‡ͺπŸ‡Ί EU AI Act & GDPR Compliant πŸ‡ͺπŸ‡Ί

β€” The RomandemAI Team