Cell AI – Privacy Policy
Effective date: 20 June 2025
This Privacy Policy explains how Hack GmbH, Am Heumarkt 4, 1030 Vienna, Austria ("Cell AI", "we", "us") collects and processes personal data when you use our Excel-copilot website, add-in, API or related services ("Services"). We process data in accordance with the EU General Data Protection Regulation (GDPR).
1. Controller and contact
2. Data we collect
- Technical usage data – anonymised IP address, browser type, pages viewed, time stamps.
- Account data – name, e-mail address, hashed password.
- User inputs – spreadsheets, formulas, prompts and queries you submit.
- Subscription and payment data – plan, invoices, last four digits of card.
- Marketing preferences – newsletter opt-in status.
- Cookies and analytics – Google Analytics and Microsoft Clarity cookies (set only with your consent).
Legal bases: Art. 6 (1) b GDPR (contract performance), Art. 6 (1) f GDPR (legitimate interest in security and improvement), Art. 6 (1) a GDPR (consent for marketing and analytics), Art. 6 (1) c GDPR (legal obligations).
3. How we use your data
- Deliver and secure the Services.
- Analyse and improve functionality and performance.
- Train and evaluate AI models using only anonymised, aggregated data.
- Send product updates and marketing e-mails (you can opt out at any time).
- Process payments and manage subscriptions.
- Comply with legal obligations.
4. Sharing with third parties
We never sell your data. We share it only with trusted processors that help us operate the Services, such as:
- Vercel (hosting)
- Amazon Web Services CloudFront (content delivery)
- Cloudflare (CDN and security)
- Stripe Payments Europe (payment processing)
- Microsoft Clarity (analytics, consent-based)
- Google Analytics (analytics, consent-based)
All processors act under GDPR-compliant Data-Processing Agreements. Where data is transferred outside the EEA, we rely on the EU–US Data Privacy Framework or Standard Contractual Clauses.
5. Data security
We implement state-of-the-art technical and organisational measures, including TLS encryption, encryption at rest (AES-256), role-based access control, multi-factor authentication, regular penetration testing and continuous monitoring.
6. Data retention
- Account and billing records: seven years (Austrian tax law).
- Support tickets: two years after closure.
- Analytics data: 26 months.
- Anonymised model-training data: kept indefinitely (no personal reference).
You may delete your account at any time; certain data may remain in backups or where retention is required by law.
7. Your rights
You may request access, rectification, erasure, restriction, data portability, or object to processing based on Art. 6 (1) f GDPR. Where processing relies on consent, you may withdraw it at any time. To exercise any right, e-mail alex@trycell.ai. You have the right to lodge a complaint with the Austrian Data Protection Authority (DSB).
8. Data breach notification
If a breach affecting personal data occurs, we will notify affected users and the DSB without undue delay, in accordance with Articles 33–34 GDPR.
9. Age requirements
The Services are intended for users aged 18 and over. We do not knowingly collect data from children under 13.
10. Changes to this policy
We may update this Privacy Policy. Material changes will be announced on the website or via e-mail. Continued use of the Services after changes become effective constitutes acceptance.