PRIVACY NOTICE

ContentTrail – AI-based content generation system

Last updated: 20 May 2026

1. Data Controller

The website accessible at https://contenttrail.com (hereinafter: the website), and the AI-based content generation service accessible through the website (hereinafter: ContentTrail or Service) is operated by the following company:

Wiredsign Private Limited Company (Wiredsign Zártkörűen Működő Részvénytársaság)

Abbreviated name: Wiredsign Zrt.
Company registration number: 12-10-001683
Tax number: 29277261-2-12
Registered office: 2643 Diósjenő, Dózsa György út 28/b., Hungary
Postal address: 2600 Vác, Deákvári fasor 35. fsz. 4., Hungary
Telephone: +36 20 886 1309
E-mail: info@contenttrail.com
Website: https://contenttrail.com (hereinafter: Data Controller)

Contact details of the Data Protection Officer:

Name: Dr. Balázs Cserepka
Postal address: 2643 Diósjenő, Dózsa György út 28/b., Hungary
E-mail: dpo@eszerzodes.hu

2. Applicable legislation and scope of this Notice

2.1. Legal framework

The Data Controller processes Users' data primarily on the basis of the following laws:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter: GDPR;
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.);
Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Ekertv.);
Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Commercial Advertising Activity (Grt.);
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers;
Act C of 2003 on Electronic Communications;
Act CLV of 1997 on Consumer Protection.

2.2. Scope of this Notice

The scope of this Notice extends to the data processing carried out in the course of the use of the https://contenttrail.com website, the use of the Service available there, and the performance of orders placed on the website.

2.3. Definition of User

For the purposes of this Notice, User means natural persons who browse the website, use the services of the website, and contact the Data Controller.

2.4. Brief description of the Service

ContentTrail is a cloud-based, artificial intelligence (AI) powered content generation system that allows Users to create textual and visual content (articles, social media posts, marketing material, illustrations, etc.) with the help of AI. In the course of operating the Service, the Data Controller engages various third-party AI service providers (including Anthropic, OpenAI, xAI – Grok, Perplexity, Google Gemini, Google AI Studio) as data processors, who perform the model operations necessary for content generation. Detailed information on AI data processors is set out in Chapter 21 of this Notice.

2.5. Age limit – use of the Service by minors

2.5.1. The ContentTrail Service may only be used by natural persons who have reached the age of 18 and who have full legal capacity, or by adult representatives of business entities and other organisations. The Service is expressly not offered to minors.

2.5.2. Reasons for the age limit:

the use of the Service involves entering into a contract (acceptance of General Terms and Conditions, paid subscription), which under Act V of 2013 on the Civil Code of Hungary (Ptk.) requires full legal capacity;
the use of content generated by AI functions may have consequences under copyright, civil and commercial law, the assessment of which requires majority of age;
processing through the AI functions of the Service – including the transfer of inputs provided by the User to third-party AI service providers – would, in relation to minors, require enhanced protection and a separate risk assessment, which the Data Controller does not undertake. 2.5.3. During registration, the User makes an express declaration that they have reached the age of 18 and have full legal capacity. If the Data Controller becomes aware that a registered User had not reached the age of 18 at the time of registration, the Data Controller will immediately suspend the user account, and after concluding the investigation, will delete the account.

2.5.4. If the Data Controller detects that a Prompt or input content submitted to an AI function contains identifiable personal data of a minor in such a way that the User obviously does not have an appropriate legal basis to do so, the Data Controller is entitled to refuse the relevant processing operation with immediate effect, or to restrict or suspend the User's account, in order to comply with Article 8 GDPR and for the enhanced protection of minors.

2.5.5. The Data Controller draws attention to the fact that, pursuant to Article 8 GDPR, the processing of the personal data of a child below the age of 16 is only lawful with the consent of the holder of parental responsibility. However, as the ContentTrail Service is not available to persons under the age of 18, the Data Controller does not carry out such processing.

3. Data processing related to the operation of the IT service (cookies)

3.1. The Data Controller uses cookies for the operation of the website and for the collection of technical data about the visitors of the website.

3.2. The Data Controller provides a separate, detailed notice on the data processing carried out via cookies. Consent management is supported by a consent management platform (CookieFirst) provided by Digital Data Solutions BV (Plantage Middenlaan 42a, 1018 DH, Amsterdam, the Netherlands; website: https://cookiefirst.com).

3.3. When the User accesses the website, a connection is established with the CookieFirst server in order to obtain the User's consent for the use of certain cookies. CookieFirst then stores a cookie in the browser to ensure that only the cookies to which the User has consented are activated, and to properly document this.

3.4. A data processing agreement is in place between the Data Controller and CookieFirst, ensuring that visitor data is processed solely in accordance with the Data Controller's instructions and in compliance with the GDPR.

3.5. The following data is collected via server log files:

the User's consent status or withdrawal of consent;
the User's anonymised IP address;
information about the User's browser;
information about the User's device;
the date and time of the visit to the website;
the URL of the website where the consent settings were saved or updated;
the approximate location of the user;
a universally unique identifier (UUID) of the website visitor who interacted with the cookie banner. 3.6. The legal basis for obtaining the legally required consent for the use of cookies is Article 6(1)(c) GDPR.

4. Data processing related to receiving and answering e-mails

4.1. Scope of data subjects: Users who send e-mail messages to the Data Controller using the e-mail address(es) indicated on the website, or via their own e-mail client.

4.2. Legal basis for data processing: the User's consent under Article 6(1)(a) GDPR. The User gives consent by sending the message. The User is entitled to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

4.3. Categories of personal data processed:

name of the User;
e-mail address;
subject of the message;
content of the message. 4.4. Purpose of data processing: enabling the exchange of messages between the User and the Data Controller. The services concerned are: receiving messages sent by e-mail and answering messages received in this way.

4.5. Duration of data processing: if no contract is concluded as a result of the message exchange, the processing lasts until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose 1 month after answering the message / fulfilling the request. In the event of multiple related message exchanges, this period runs from the conclusion of the exchange. If a contract is concluded as a result of the message exchange and the content of the messages is material to the contract, the legal basis and duration of the processing are determined in accordance with Chapters 6–8.

4.6. Method of data storage: in separate datasets in the Data Controller's IT system.

5. Data processing related to the use of the chat window

5.1. Scope of data subjects: Users sending messages via the chat window on the website.

5.2. Legal basis for data processing: the User's consent under Article 6(1)(a) GDPR.

5.3. Categories of personal data processed: the content of the message sent by the User.

5.4. Purpose of data processing: enabling the exchange of messages between the User and the Data Controller.

5.5. Duration of data processing: until the message is answered or the User's request is fulfilled. The Data Controller deletes the data processed for this purpose 1 month after answering the message / fulfilling the request.

5.6. Method of data storage: in separate datasets in the Data Controller's IT system.

5.7. Use of data processor: The Data Controller engages Smartsupp.com, s.r.o. and Intercom R&D Unlimited Company as data processors in connection with the use of the chat window. More details can be found in Chapter 22.

6. Data processing related to the use of the Service by individual Users

6.1. Scope of data subjects: individual (consumer) Users who subscribe to the Service on the website or register for the free / trial service package.

During the performance of the Service, or the provision of access to the free / trial service, a user account is created to ensure access to the Service.

6.2. Legal basis for data processing: Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract to which the User is party, or to take steps prior to entering into a contract.

6.3. Categories of personal data processed:

For the identification and contacting of the User:

name;
e-mail address;
password;
telephone number (optional);
home address (in case of subscription). For the creation of the user account: surname; first name; username (where different from the e-mail address); e-mail address; password.

In case of subscription additionally: billing address; designation of the service package; price of the service package; duration of the subscription; payment method; date of subscription; date and schedule of payment; in case of coupon redemption, the coupon code and the amount of the discount; other information possibly provided by the User that is necessary for the performance of the Service.

Data processing in relation to content transmitted by the User to the AI functions during the use of the Service ("Prompts and inputs") is separately regulated in Chapter 9 of this Notice.

6.4. Purpose of data processing: the conclusion and performance of the contract resulting from the subscription, and ensuring access to the user account and the Service. In case of registration for the free / trial service package, ensuring access to the latter.

6.5. Duration of data processing: data processed in connection with the performance of the contract – including messages exchanged in relation to the contract – are retained by the Data Controller for 5 years from the termination of the contract, corresponding to the general limitation period applicable to civil law claims. The data processing carried out for the fulfilment of related accounting obligations is described in Chapter 14.

For Users registered for the free / trial service package, the duration of the processing – provided that they do not order a paid service – lasts until the deletion at the request of the registered User. The User may at any time delete their registration or request its deletion, which the Data Controller carries out without delay, and at the latest within 10 working days of the receipt of the request.

6.6. Method of data storage: in separate datasets in the Data Controller's IT system.

6.7. Warranty regarding age: The individual User expressly warrants upon registration that they have reached the age of 18 and have full legal capacity (see point 2.5 of this Notice). The liability for any consequences arising from the falsity of this warranty – including consequences arising from the invalidity of a contract concluded by a minor, and from the unlawful processing of a minor's personal data – is borne exclusively by the User and/or the holder of parental responsibility.

7. Data processing related to the use of the Service by sole traders and self-employed natural persons with a tax number

7.1. Scope of data subjects: Users who are sole traders or self-employed natural persons with a tax number, who subscribe to the Service on the website or register for the free / trial service package.

7.2. Legal basis for data processing: Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract to which the User is party, or to take steps at the request of the User prior to entering into a contract.

7.3. Categories of personal data processed:

For the identification and contacting of the User:

name;
e-mail address;
password;
telephone number;
form of the business;
registered office of the business;
postal address of the business;
tax number, EU tax number of the business. For the creation of the user account: surname; first name; username; e-mail address; password.

7.4. Purpose of data processing: the conclusion and performance of the contract resulting from the subscription, and the creation of the user account and ensuring access to the Service.

7.5. Duration of data processing: 5 years from the termination of the contract – corresponding to the general limitation period applicable to civil law claims. The related accounting obligations are described in Chapter 14. For the free / trial package, point 6.5 applies accordingly.

7.6. Method of data storage: in separate datasets in the Data Controller's IT system.

8. Data processing related to the use of the Service by natural persons acting on behalf of a client organisation

8.1. Scope of data subjects: a natural person acting on behalf of a client organisation that subscribes to the Service on the website or registers for the free / trial service package, as well as Users registered as users by a client business of any form or by a self-employed individual entrepreneur (hereinafter collectively referred to as: Representative).

During the performance of the Service or the provision of access to the free / trial service, a user account is created. The sub-account may be created by the client User.

8.2. Legal basis for data processing: Article 6(1)(f) GDPR, namely the legitimate interest of the organisation represented by the User (Client) and of the Data Controller.

The legitimate interest of the Client organisation is the use of the ordered Service, which can only be realised through its natural person Representative. The Data Controller processes the Representative's data only to the extent and for the duration necessary for the administration related to the represented organisation and the performance of the Service, and limits itself only to the necessary data. The performance of the Service and the related exchange of information cannot be accomplished without the processing of the Representative's personal data, so the data processing is indispensable for the order. A separate document is available on the balancing of interests, the availability of which can be inquired about at the Data Controller.

8.3. Categories of personal data processed:

For the identification and contacting of the Representative:

name;
e-mail address;
password;
telephone number;
home address;
registered office and postal address of the business. For the creation of the user account: surname; first name; username; e-mail address; password.

For the identification and contacting of the represented business: name; form; registered office; postal address; billing address; tax number, EU tax number.

8.4. Source of data: ordinarily, the User. If the Representative indicated in the order does not register themselves, but someone else provides their data, the source of the data is the Client organisation. In this case, the Data Controller likewise takes over the Representative's data from the Client organisation. The Client organisation is obliged to inform the Representative about the data processing carried out and about the disclosure of the data to the Data Controller.

8.5. Purpose of data processing: the conclusion and performance of the contract resulting from the subscription, and the creation of the user account and ensuring access to the Service.

8.6. Duration of data processing: 5 years from the termination of the contract. The related accounting obligations are described in Chapter 14. For the free / trial package, point 6.5 applies accordingly.

8.7. Method of data storage: in separate datasets in the Data Controller's IT system.

9. Data processing related to the use of AI functions (Prompts, inputs, generated content)

9.1. Scope of data subjects: registered Users of the Service who use the AI-based functions of ContentTrail (in particular text or image generation, text analysis, automatic content generation, recommendations, document interpretation).

9.2. Legal basis for data processing: Article 6(1)(b) GDPR, as the processing is necessary for the performance of the contract concluded with the User (Service Agreement). To the extent that certain elements of the AI functions go beyond strictly contractual performance (e.g. model development or quality assurance opt-in purposes), the legal basis for the processing is the User's express prior consent under Article 6(1)(a) GDPR, which the User may give by separate declaration at the appropriate point of the Service, and may withdraw at any time.

9.3. Categories of personal data processed:

the textual and/or visual content provided by the User as input to the AI functions (hereinafter: Prompts and input content), which may, at the User's discretion, also contain personal data;
the output content generated by the AI on the basis of the input (hereinafter: Generated content);
technical metadata of the generation (timestamp, model version, provider used, tokens / resource quantity consumed);
user action logs related to the generation (e.g. feedback, regeneration requests). 9.4. Purpose of data processing:
provision of AI-based content generation at the User's request;
execution of model calls necessary for the operation of the Service to third-party AI service providers (Anthropic, OpenAI, xAI – Grok, Perplexity, Google Gemini, Google AI Studio);
display and storage of the Generated content in the User's account;
technical logging related to usage-based billing and abuse prevention. 9.5. Duration of data processing:
The Prompt and the Generated content are stored by the Data Controller linked to the user account, until deletion by the User or the termination of the user account.
Technical metadata and operation logs are processed by the Data Controller for a maximum of 12 months for the purposes of security monitoring, troubleshooting and abuse prevention.
Data processing for model development or quality assurance purposes (where the User has separately consented to such processing) lasts until the withdrawal of consent, or for a maximum of 24 months from the granting of consent. 9.6. Method of data storage: in separate datasets in the Data Controller's IT system, linked to the user account.

9.7. Data transfer to AI service providers: The Prompts and input content provided by the User are transferred to the relevant AI service provider (data processor) for the operation of the selected AI function. The AI service providers are largely located in the United States (third country); the legal basis for the data transfer is the Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR. Details of the individual AI data processors are set out in Chapter 21.

9.8. Special category data and sensitive content: The Data Controller emphatically draws Users' attention to the fact that Prompts and input content submitted to the AI functions must not contain special category data (data referred to in Article 9 GDPR: health data, religious, political, sexual orientation, biometric / genetic data, etc.), or personal data of third parties for whose transfer the User does not have an appropriate legal basis. The User is responsible for the use of such content as input.

9.9. User rights in relation to AI functions: The User is at any time entitled to view, export or delete their Prompts and Generated content via the functions available in the user account, or by exercising the rights detailed in Chapter 25.

10. Data processing related to content uploaded by the User

10.1. Scope of data subjects: Users who upload their own textual, visual or other digital content (hereinafter: Uploaded content) to the Service for content generation, AI-based processing or as input reference.

10.2. Legal basis for data processing: Article 6(1)(b) GDPR, as the processing is necessary for the performance of the contract concluded with the User.

10.3. Categories of personal data processed: textual, visual and other digital content uploaded by the User, their metadata (upload time, filename, size, format), and related user actions.

10.4. Purpose of data processing: storage and use of the Uploaded content for the content generation operations requested by the User.

10.5. Duration of data processing: the Data Controller stores the Uploaded content until the termination of the user account or its deletion by the User.

10.6. Liability clause: The User warrants that they have the necessary rights to upload and use the uploaded content, and do not infringe the copyright or data protection rights of third parties. Liability for any claims arising from the breach of this warranty rests exclusively with the User.

11. Data processing related to sending newsletters

11.1. Scope of data subjects: Users who make a declaration of consent to subscribe to the newsletter on the website.

11.2. Legal basis for data processing: Article 6(1)(a) GDPR, having regard to Section 6(1) and (2) of the Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Commercial Advertising Activity (Grt.), namely the voluntary consent of the User. The User gives voluntary consent by ticking the checkbox preceding the subscription declaration. The User is entitled to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

The newsletter service, in addition to sending useful information, is also aimed at direct marketing by the Data Controller. The User may subscribe to this service independently of the use of the Service. The use of this service is voluntary and is based on the User's informed decision. If the User does not use the newsletter service, this does not entail any disadvantage with regard to the use of other services of the Data Controller.

11.3. Categories of personal data processed: the User's name and e-mail address.

11.4. Purpose of data processing: sending newsletters by the Data Controller to the User by e-mail. Newsletters are sent for the purpose of providing information about news and current events related to the Data Controller's service, attention-grabbing offers, advertising and sales promotion content.

11.5. Duration of data processing: the Data Controller processes data for the purpose of sending newsletters until the User's withdrawal of consent (unsubscription), or until the deletion of the data at the User's request.

11.6. Method of data storage: in separate datasets in the Data Controller's IT system.

12. Data transfer related to online payment

12.1. Scope of data subjects: Users who pay on the website by online payment.

12.2. Recipient of the data transfer:

Barion Payment Zrt.

Company registration number: 01-10-048552
Tax number: 25353192-2-43
Registered office: 1117 Budapest, Irinyi József utca 4-20. 2nd floor, Hungary
Telephone: +36 1 464 70 99
E-mail: adatvedelem@barion.com
Website: https://www.barion.com/ 12.3. Legal basis for data transfer: Article 6(1)(f) GDPR, namely the legitimate interest of the Recipient. The Recipient is required, under the laws applicable to it – in particular Section 165(5) of Act CCXXXVII of 2013, Section 92/A(3)(f) of Act CCXXXV of 2013, and Section 14(1)(v) of Act LXXXV of 2009 – to operate a fraud prevention and detection system in connection with the payment service, and is entitled to process the personal data necessary for this purpose.

12.4. Categories of transferred data:

purchase data relating to the ordered service packages (prices, costs, duration of the subscription, renewal);
surname;
first name;
telephone number;
e-mail address;
address. The bank card data is provided by the User directly to the payment service provider, and therefore is not transferred to the Data Controller.

12.5. Purpose of the data transfer: proper operation of the payment service and the technical execution of the payment, fraud prevention (fraud-monitoring), and customer service assistance for the User.

12.6. Secure data transfer: Barion Payment Zrt. uses SSL encryption and infrastructure compliant with the PCI DSS standard. The User provides the bank card data directly on the encrypted payment page of Barion Payment Zrt.

12.7. Further details on the data processing carried out by Barion Payment Zrt. are available at https://www.barion.com/en/legal-statements/data-protection-statement-and-privacy-policy/.

12.8. The Data Controller does not transfer data to third parties for business or marketing purposes. Beyond the above case, the Data Controller transfers data only to authorities in the case of statutory obligation.

13. Data transfer related to coupons

13.1. Scope of data subjects: Users redeeming a coupon code on the website.

13.2. Recipient of the data transfer: the partner of the Data Controller who provided the coupon to the User.

13.3. Legal basis for the data transfer: Article 6(1)(f) GDPR, namely the legitimate interest of the Recipient. The Recipient has a legitimate interest in being able to measure the effectiveness of the promotional activity carried out by it. A separate document has been prepared on the balancing of interests, the availability of which can be inquired about at the Data Controller.

13.4. Categories of transferred data: name and e-mail address of the User redeeming the coupon.

13.5. Purpose of the data transfer: verifiable, authentic feedback to the partner providing the coupon about the redemption of the coupon.

14. Data processing related to the fulfilment of accounting obligations

14.1. Scope of data subjects: subscribing Users.

14.2. Legal basis for data processing: Article 6(1)(c) GDPR, namely the processing is necessary for the fulfilment of a legal obligation to which the Data Controller is subject.

14.3. Categories of personal data processed – data recorded on accounting documents:

name and address of the User;
in case of a business: tax number / EU tax number, registered office, billing address;
the duration of the ordered service, designation of the service package, price, due date and schedule of payment, information on its payment;
furthermore, if data provided during the subscription, as well as material of message exchanges with the Data Controller, are treated as accounting documents, then the data contained in them. 14.4. Purpose of data processing: accounting obligations related to the contract resulting from the subscription; fulfilment of the obligations of data recording and document retention set out in Section 169(2) of Act CXXVII of 2007 on Value Added Tax.

14.5. Duration of data processing: the obligation to retain accounting documents stemming from the accounting law is at least 8 years from the issuance of the document, after which the Data Controller deletes the data within one year.

14.6. Method of data storage: on paper and electronic accounting documents; the latter in separate datasets in the Data Controller's IT system.

15. Data processing related to complaints

15.1. Scope of data subjects: consumers reporting complaints in connection with the Data Controller's Service.

15.2. Legal basis for data processing: Article 6(1)(c) GDPR, namely the processing is necessary for the fulfilment of a legal obligation.

15.3. Categories of personal data processed:

name of the User;
telephone number / e-mail address / postal address – depending on the method of submitting the complaint;
information provided in the complaint;
where a record is taken: the User's home address, registered office, or, where necessary, mailing address; the place, time and manner of submitting the complaint; a detailed description of the complaint; the identifier of the contract concerned by the complaint; a list of documents, papers and other evidence presented by the User; the place and time of taking the record. 15.4. Purpose of data processing: investigation and answering of complaints in accordance with Act CLV of 1997 on Consumer Protection.

15.5. Duration of data processing: where the Data Controller takes a record of the complaint, it is required to retain it for 3 years pursuant to the Consumer Protection Act. Where the Data Controller immediately remedies the complaint, no record is taken.

15.6. Method of data storage: in separate datasets in the Data Controller's IT system; where a record is taken, also on paper.

16. Use of data processors

The Data Controller engages the following data processors in the provision of the Service. The detailed description of the data processing carried out by each data processor is contained in Chapter 21 and Chapter 22 of this Notice.

16.1. Hosting service provider

The Data Controller engages the following entity as a data processor:

Google Ireland Ltd.

Company registration number: 11603307
Tax number: IE 6388047V
Registered office: Gordon House, Barrow Street, Dublin 4, Ireland
Telephone: +353 1 436 1000
Website: https://www.google.ie as web hosting (cloud infrastructure) provider.

Categories of personal data concerned by the data processing: the data processing may potentially affect all data indicated in this Notice. The specific scope is determined by the functions and services used by the User.

Purpose of engaging the data processor: ensuring the operation of the website from an IT perspective, by using appropriate electronic storage.

Duration of data processing: corresponds to the processing periods for the respective data categories indicated in this Notice.

16.2. Other data processors

The detailed listing and description of data processors related to AI-based content generation, e-mail sending, newsletter sending, invoicing, accounting, and sales and customer success processes is provided in Chapter 22.

21. Detailed description of AI-based data processors

For the operation of the ContentTrail Service, the Data Controller engages several third-party artificial intelligence (AI) service providers as data processors. When using the AI functions of the Service, Users may select the following service providers – depending on the function chosen – for the processing of textual and/or visual content provided as input, or these providers may be used automatically by the Data Controller in the operation of the Service.

21.1. AI-based data processing through the Anthropic API

21.1.1. Scope of data subjects: Users of the system who use the AI-based functions of Anthropic (e.g. text generation, document interpretation, automatic text completion).

21.1.2. The Data Controller engages the following entity as a data processor:

Anthropic, PBC

Registered office: 548 Market Street, PMB 90375, San Francisco, CA 94104, USA
Website: https://www.anthropic.com
Privacy policy: https://www.anthropic.com/legal/privacy 21.1.3. Categories of personal data concerned by the data processing: the complete textual and/or visual content (Prompt and input) submitted by the User to the AI function may be transferred to the data processor, which may also contain personal data. The data transfer takes place exclusively during the use of the given function, in a technical sense.

21.1.4. Purpose of engaging the data processor: large language model (LLM) based text generation and content analysis (provision of AI functions).

21.1.5. Duration of data processing: Anthropic processes the transferred data only for the purpose of generating responses; persistent storage takes place in accordance with Anthropic's privacy policy. Data processed via the Anthropic API is by default not used for further training of the models.

21.1.6. Nature of the data processing: takes place by electronic means. The transfer of data to the United States (a third country) is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR) adopted by the European Commission.

21.2. AI-based data processing through the OpenAI API

21.2.1. Scope of data subjects: Users of the system who use the AI-based functions of OpenAI (e.g. ChatGPT-based text generation, image generation, document interpretation, recommendations).

21.2.2. The Data Controller engages the following entity as a data processor:

OpenAI, L.L.C.

Registered office: 3180 18th Street, San Francisco, CA 94110, USA
Website: https://openai.com
Privacy policy: https://openai.com/policies/privacy-policy 21.2.3. Categories of personal data concerned by the data processing: the complete document, textual or visual content (Prompt and input) uploaded or submitted for processing by the User, which may also contain personal data (e.g. name, address, identification data, e-mail address, etc.), may be transferred to the data processor. The data transfer takes place exclusively during the use of the given function.

21.2.4. Purpose of engaging the data processor: provision of the artificial intelligence-based functions of the system – including text analysis, response generation, recommendations, image generation and other processes based on automated text interpretation.

21.2.5. Duration of data processing: OpenAI does not store the transferred data persistently for the API service; by default, the data is not used for training the models. Any temporary storage by OpenAI takes place for the time necessary for the operation of the given function. In the event of a deletion request by the User, the data is removed within 30 days.

21.2.6. Nature of the data processing: takes place by electronic means. The data is processed in a purely technical sense via the OpenAI API service, for the purposes of AI-based response generation and processing operations. The transfer of data to the United States is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR).

21.3. AI-based data processing through the xAI (Grok) API

21.3.1. Scope of data subjects: Users of the system who use the AI-based functions of Grok (xAI).

21.3.2. The Data Controller engages the following entity as a data processor:

X.AI LLC (xAI)

Registered office: 1450 Page Mill Rd, Palo Alto, CA 94304, USA
Website: https://x.ai
Privacy policy: https://x.ai/legal/privacy-policy 21.3.3. Categories of personal data concerned by the data processing: textual content (Prompt and input) submitted by the User to the AI function, which may also contain personal data.

21.3.4. Purpose of engaging the data processor: Grok model-based text generation and provision of AI functions.

21.3.5. Duration of data processing: the transferred data is processed exclusively for the purpose of generating responses; persistent storage takes place in accordance with xAI's relevant privacy policy.

21.3.6. Nature of the data processing: takes place by electronic means. The transfer of data to the United States is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR).

21.4. AI-based data processing through Perplexity AI

21.4.1. Scope of data subjects: Users of the system who use the AI-based search and answering functions of Perplexity.

21.4.2. The Data Controller engages the following entity as a data processor:

Perplexity AI, Inc.

Registered office: 575 Market Street, 4th Floor, San Francisco, CA 94105, USA
Website: https://www.perplexity.ai
Privacy policy: https://www.perplexity.ai/hub/legal/privacy-policy 21.4.3. Categories of personal data concerned by the data processing: textual content (Prompt and query) submitted by the User to the AI function, which may also contain personal data.

21.4.4. Purpose of engaging the data processor: provision of AI-based search, answering and research functions within the Service.

21.4.5. Duration of data processing: the transferred data is processed exclusively for the purpose of generating responses; persistent storage takes place in accordance with Perplexity's privacy policy.

21.4.6. Nature of the data processing: takes place by electronic means. The transfer of data to the United States is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR).

21.5. AI-based data processing through the Google Gemini API

21.5.1. Scope of data subjects: Users of the system who use the AI functions provided by Google Gemini models.

21.5.2. The Data Controller engages the following entity as a data processor:

Google Ireland Ltd. (European subsidiary of Google LLC)

Company registration number: 11603307
Tax number: IE 6388047V
Registered office: Gordon House, Barrow Street, Dublin 4, Ireland
Telephone: +353 1 436 1000
Website: https://www.google.ie
Privacy policy: https://policies.google.com/privacy 21.5.3. Categories of personal data concerned by the data processing: textual and/or visual content (Prompt and input) submitted by the User to the AI function, which may also contain personal data.

21.5.4. Purpose of engaging the data processor: Gemini model-based text and image generation, provision of AI functions.

21.5.5. Duration of data processing: the transferred data is processed exclusively for the purpose of generating responses; persistent storage takes place in accordance with Google's relevant policy. Google, by default, does not use data transferred via the Gemini API on paid plans for model training.

21.5.6. Nature of the data processing: takes place by electronic means. The data is primarily processed on EU servers; any data transfer to the United States is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR) and the EU–US Data Privacy Framework (Google is a DPF-certified organisation).

21.6. Data processing carried out via Google AI Studio

21.6.1. Scope of data subjects: Users of the system who use the AI functions accessible through Google AI Studio.

21.6.2. The Data Controller engages the following entity as a data processor:

Google Ireland Ltd.

Company registration number: 11603307
Registered office: Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://www.google.ie
AI Studio: https://aistudio.google.com
Privacy policy: https://policies.google.com/privacy 21.6.3. Categories of personal data concerned by the data processing: textual and/or visual content (Prompt and input) submitted by the User to the AI function, which may also contain personal data.

21.6.4. Purpose of engaging the data processor: provision of generative AI functions (text, image and content generation) provided by Google AI Studio.

21.6.5. Duration of data processing: the data stored and processed by Google AI Studio is handled in accordance with Google's relevant privacy policy.

21.6.6. Nature of the data processing: takes place by electronic means. Any data transfer to the United States is based on the Standard Contractual Clauses (SCCs, Article 46(2)(c) GDPR) and the EU–US Data Privacy Framework.

21.7. General information about the AI data processors

21.7.1. The precise scope of AI data processors may vary depending on the Service package chosen and the AI function selected by the User. The Data Controller endeavours to maintain an up-to-date list of the AI service providers engaged in this Notice at all times.

21.7.2. Some of the AI data processors are located in third countries (in particular the United States). In all cases, the data transfer is carried out on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission and, where relevant, the EU–US Data Privacy Framework, which constitute adequate safeguards for the protection of personal data.

21.7.3. The Data Controller emphatically draws Users' attention to the fact that Prompts and input content submitted to the AI functions must not contain:

special categories of data referred to in Article 9 GDPR (e.g. health data, religious, political, sexual orientation data, biometric / genetic data);
trade secret or confidential information whose transfer is prohibited by internal regulations;
personal data of third parties for whose transfer the User does not have an appropriate legal basis. 21.7.4. The User is responsible for the accuracy, lawfulness and consequences of the use of the content generated by the AI functions. The Data Controller does not warrant the accuracy of the Generated content, its compliance with third-party rights, or its suitability for a particular purpose.

22. Other data processors

22.1. Data processing related to electronic mail software and storage

The Data Controller engages the following entity as a data processor:

SendGrid, Inc.

Registered office: 1801 California Street, Suite 500, Denver, Colorado 80202, USA
E-mail: help@twilio.com
Website: https://sendgrid.com as the developer and hosting provider of the software used for electronic mail. The data concerned by the processing is primarily the name and e-mail address of the data subject, and secondly other data sent by the User by e-mail. The purpose of the data processing is to ensure the operation of electronic mail. The data transfer to the United States takes place on the basis of the Standard Contractual Clauses (SCCs).

22.2. Provision of chat window service

The Data Controller engages the following entities as data processors:

Smartsupp.com, s.r.o.

Registration number: C 86206
Tax number: CZ03668681
Registered office: Šumavská 31, 602 00 Brno, Czechia
E-mail: support@smartsupp.com
Website: https://www.smartsupp.com/ and

Intercom R&D Unlimited Company

Registered office: 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland
E-mail: legal@intercom.io
Website: https://www.intercom.com/ as providers of the chat window messaging application. Categories of data concerned by the processing: the content of the message sent by the User. Purpose of the data processing: provision of the storage and software necessary for the operation of the messaging application.

22.3. Data processing related to the sending of newsletters

The Data Controller engages the following entity as a data processor:

Mailgun Technologies, Inc.

Registered office: 112 E Pecan St., 1135, San Antonio, TX 78205, USA
Telephone: +1 210 796 9998
Website: https://www.mailgun.com/ as the developer and maintainer of the newsletter sending software used by the Data Controller. The data processing concerns the first name and e-mail address of the User subscribed to the newsletter. Duration of the data processing: until the User's withdrawal of consent for newsletter sending (unsubscription), or until the deletion of the data at the User's request. The data transfer to the United States takes place on the basis of the Standard Contractual Clauses (SCCs).

22.4. Data processing related to the issuance of invoices

The Data Controller engages the following entity as a data processor:

KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság

Abbreviated name: KBOSS.hu Kft.
Company registration number: 01-09-303201
Tax number: 13421739-2-41
Registered office: 1031 Budapest, Záhony utca 7., Hungary
E-mail: info@szamlazz.hu
Website: https://www.szamlazz.hu as the developer and maintainer of the invoicing software used by the Data Controller. The data processing concerns the name and address of the User placing the order, the designation of the ordered service(s), the time of purchase and the purchase price. Duration of the data processing: until the document retention obligation arising from the accounting law is fulfilled – 8 years from the issuance of the document.

22.5. Data processing related to accounting services

The Data Controller engages the following entity as a data processor:

Fin-S Könyvelőiroda Korlátolt Felelősségű Társaság

Company registration number: 13-09-134900
Tax number: 13999395-2-13
Registered office: 2142 Nagytarcsa, Vadrózsa utca 11., Hungary
E-mail: office@fins.hu
Website: http://fins.hu as the accountant of the Data Controller's economic activity. The data processing concerns the data managed on accounting documents. Duration of the data processing: at most until the document retention obligation arising from the accounting law is fulfilled.

22.6. Data processing related to sales and customer success processes

The Data Controller engages the following entity as a data processor:

ActiveCampaign, LLC

Registered office: 1 North Dearborn Street, 5th floor, Chicago, IL 60602, USA
Website: https://activecampaign.com as the marketing and sales process automation system used by the Data Controller. Categories of data concerned by the processing: the User's name, e-mail address, telephone number, designation of the service package; in case of subscription additionally: billing address, price of the service package, duration of the subscription, payment method, date of subscription, date and schedule of payment, coupon code and discount amount in case of coupon redemption; data of the represented business. Purpose of the data processing: ensuring the operation of the electronic enquiry management system. The data transfer to the United States takes place on the basis of the Standard Contractual Clauses (SCCs).

22.7. Data processing related to Google API applications

Scope of data subjects: Users who consent to the system accessing their data through Google APIs.

The Data Controller engages Google Ireland Ltd. (see point 21.5) as a data processor. The legal basis for the data processing is voluntary consent under Article 6(1)(a) GDPR, which is collected from users at the first login, via the OAuth consent screen. The scope of data concerned may extend to data stored in Google services and offered for sharing by the User. The data is processed and stored only for as long as it is necessary for the services used by the User, or until the user withdraws consent.

22.8. No data processing for other purposes takes place. The Data Controller does not engage any data processors other than those specified above.

23. Automated decision-making and profiling

In the course of providing the Service, the Data Controller does not use the personal data processed by it for the purpose of automated decision-making or profiling. While automated mechanisms – including AI models – assist in the operation of the Service, these are not aimed at producing decisions that have legal effects on, or similarly significantly affect, the User, based solely on automated processing.

The output of the AI functions (Generated content) is created at the User's own request and decision, and may be freely reviewed, modified or discarded by the User through their own user interface.

24. Data protection, data security, technical and organisational measures

24.1. In the course of its data processing activities, the Data Controller ensures the security of the data, by technical and organisational measures and by internal procedural rules, ensuring the enforcement of the laws. It protects the data processed in particular against unauthorised access, alteration, transfer, disclosure, erasure or destruction, and against accidental destruction and damage, as well as against inaccessibility resulting from changes in the applied technology.

24.2. The Data Controller uses the HTTPS protocol to access the website, which encrypts and authenticates web communication. The Data Controller stores the processed data in encrypted data files, in datasets separated according to data processing purposes, to which only those employees of the Data Controller who are authorised may have access.

24.3. Specific data security measures:

SSL/TLS encryption;
encryption of the database with cryptographic procedure;
unique database and system structure;
entry audit;
transparency of user activities, logging;
security testing (ethical hacking, vulnerability assessment);
secure API channel to the data processors in the case of AI functions. 24.4. The Data Controller's IT system is protected, among other things, against IT fraud, espionage, computer viruses, spam, hacker and other attacks.

25. The User's rights related to data processing

25.1. Right to information

By reading this data processing notice, the User can be informed about the data processing at any time. At the User's request, verbal information may also be given, provided that the User's identity has been verified in another way.

25.2. Right of access

The User has the right to access the data processed about them. In the event of such a request, the Data Controller informs the User whether their personal data is being processed and provides all relevant information in connection with the specific processing. The User may request a copy of the personal data processed about them by the Data Controller, which the Data Controller provides free of charge on the first occasion.

25.3. Right to rectification

The User has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the User has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

25.4. Right to erasure

The User has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, where one of the following applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the User withdraws the consent on which the processing is based, and there is no other legal ground for the processing;
the User objects to the processing, and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the Data Controller is subject. The Data Controller is not obliged to delete, even at the User's request, data necessary for the establishment, exercise or defence of legal claims.

25.5. Right to restriction of processing

At the User's request, the Data Controller restricts processing where:

the User contests the accuracy of the personal data;
the processing is unlawful and the User opposes the erasure of the data and requests the restriction of their use instead;
the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
the User has objected to processing.

25.6. Right to data portability

The User has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit these data to another data controller without hindrance from the Data Controller to whom the personal data have been provided, where the processing is based on consent or on a contract, and the processing is carried out by automated means.

This expressly extends to the Prompts and Generated content regulated in Chapter 9, which the User may export through their user account.

25.7. Right to object

The User has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on legitimate interests. In this case, the Data Controller may further process the personal data only if it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims.

25.8. Right to withdraw consent

Where processing is based on the User's consent, the User has the right to withdraw their consent at any time. The withdrawal does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

26. Handling of the User's requests

26.1. The information and measures referred to in Chapter 25 shall be provided by the Data Controller free of charge. Where requests from a User are manifestly unfounded or excessive – in particular because of their repetitive character – the Data Controller may charge a reasonable fee or refuse to act on the request.

26.2. The Data Controller, without undue delay and in any event within one month of receipt of the request, informs the User on the action taken on the request, including the provision of copies of the data. Where necessary, this period may be extended by two further months.

26.3. If the Data Controller does not take action on the request of the User, it informs the User without undue delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with the supervisory authority specified in point 27.2.

26.4. The User may submit requests by post to the Data Controller's address at 2600 Vác, Deákvári fasor 35. fsz. 4., Hungary, or by e-mail to info@contenttrail.com. The Data Controller considers a request sent by e-mail authentic only if it is sent from the User's e-mail address registered with the Data Controller.

27. Legal remedies

27.1. With any complaints regarding the processing of the personal data of data subjects, please contact the Data Controller in the first instance:

Wiredsign Zrt.

E-mail: info@contenttrail.com
Postal address: 2600 Vác, Deákvári fasor 35. fsz. 4., Hungary Data Protection Officer: Dr. Balázs Cserepka
Postal address: 2643 Diósjenő, Dózsa György út 28/b., Hungary
E-mail: dpo@eszerzodes.hu 27.2. Data subjects may exercise their rights before a court, and may turn to the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Postal address: 1363 Budapest, Pf. 9., Hungary
Telephone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/ If the judicial route is chosen, the lawsuit – at the choice of the data subject User – may also be initiated before the court of the data subject's place of residence or stay.

27.3. Compensation and damages

If the Data Controller causes damage to another person through the unlawful processing of the data subject's data or through the breach of the requirements of data security, it is obliged to compensate it. If the Data Controller violates the personality rights of the data subject in this way, the data subject may claim damages from the Data Controller. The Data Controller is exempt from liability for damage caused and from the obligation to pay damages if it proves that the damage or the violation of the data subject's personality rights was caused by an unavoidable cause outside the scope of data processing.

28. Closing

Please be advised that this document is a summary notice containing the main information on data processing. Its purpose is to give you an understandable, transparent information about the processing of personal data, its circumstances and the User's rights.

If you have any questions or comments regarding this data processing notice or the processing of personal data, or the interpretation of the legal provisions, please do not hesitate to contact our Data Protection Officer at dpo@eszerzodes.hu.

20 May 2026

Wiredsign Zrt.

29. Glossary – definitions

What is data processing?

Any operation or set of operations performed on personal data or on sets of personal data (e.g. collection, recording, storage, use, erasure, but also consultation).

What qualifies as personal data?

Any information relating to an identified or identifiable natural person. It may be any information that can be linked to a given person, by which the person can – directly or indirectly – be identified.

Who is the data controller and who is the data processor?

The data controller is the (natural or legal) person who determines the purposes and means of the processing of personal data. The data processor is the entity that processes personal data on behalf of the data controller (e.g. AI service provider, accountant, hosting provider).

What is the legal basis for processing?

Personal data may be processed if (non-exhaustively):

the data subject has given consent to the processing of their personal data for one or more specific purposes [Article 6(1)(a) GDPR];
processing is necessary for the performance of a contract to which the data subject is party [Article 6(1)(b) GDPR];
processing is necessary for compliance with a legal obligation to which the data controller is subject [Article 6(1)(c) GDPR];
processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party [Article 6(1)(f) GDPR].

Back to homepage