Privacy Policy for Joana AI

Last Updated: August 4, 2025

1. Introduction

Welcome to Joana AI ("we," "us," or "our"). Joana AI is an application operated by Applied Musearch ApS (CVR: 45763773), a company registered in Denmark.

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of your information through the use of our application (the "Service"). It also describes your data protection rights under the General Data Protection Regulation (GDPR).

The data controller for your personal data is Applied Musearch ApS.

2. Data We Collect

We collect several different types of personal data for various purposes to provide and improve our Service to you.

2.1. Data You Provide to Us

  • Account Information: When you register for an account, we collect your login credentials, such as your name and email address, as provided through your Facebook login.
  • Chat Data: We collect and store all conversations, prompts, and content you generate while interacting with our AI agents ("Chats").

2.2. Data from Meta (Facebook)

To provide our Service, you must authorize us to access information from your Meta account. We collect the following data:

  • Facebook Profile Information: Your name and email address associated with your Facebook account.
  • Ad Account Data: All data related to the ad accounts you grant us access to. This includes, but is not limited to, campaign structures, ad set configurations, ad creatives, performance metrics (e.g., spend, impressions, clicks, conversions), audience details, and billing information.

3. How We Use Your Data and Legal Basis for Processing

We use your personal data for the following purposes, based on the specified legal grounds:

To Provide and Maintain Our Service

We process your Ad Account Data to deliver the core functionalities of Joana AI, such as analyzing performance, generating insights, and providing recommendations.

Legal Basis: The processing is necessary for the performance of a contract with you (Article 6(1)(b) GDPR).

To Improve and Train Our AI Agents

We use your stored Chats to train, fine-tune, and improve the performance, accuracy, and capabilities of our AI models. This helps us provide a better, more intelligent service to all our users. The data used for training is processed to remove direct personal identifiers where feasible.

Legal Basis: Our legitimate interest in developing and improving our commercial product (Article 6(1)(f) GDPR). You have the right to object to this processing.

To Manage Your Account and Provide Support

We use your account information to manage your access to the Service, send you important service-related notifications, and respond to your support requests.

Legal Basis: The processing is necessary for the performance of a contract with you (Article 6(1)(b) GDPR).

4. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy.

  • Account and Ad Data: We retain this data as long as your account is active. If you delete your account, we will delete this data within 90 days, unless we are required to retain it for a longer period to comply with legal obligations.
  • Chat Data for AI Training: Anonymized or pseudonymized versions of your chat data may be retained indefinitely for the sole purpose of AI model improvement.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with third parties only in the following situations:

  • Service Providers: We may employ third-party companies (e.g., hosting providers) to facilitate our Service. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

6. Your Data Protection Rights Under GDPR

As a data subject in the European Economic Area (EEA), you have the following rights:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your personal data, particularly where we rely on legitimate interest as our legal basis.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent. You have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

To exercise any of these rights, please contact us at the details below.

7. Data Security

The security of your data is important to us. We use commercially acceptable means to protect your Personal Data, including encryption and access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Company: Applied Musearch ApS
  • CVR: 45763773
  • Email: malthe@musaeus.dk

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority in Denmark is the Danish Data Protection Agency (Datatilsynet). You can find their contact details on their website: www.datatilsynet.dk.