<- Back to home

Privacy Policy

Privacy Policy

Effective date: June 14, 2026

This Privacy Policy explains how DK Investments Dawid Krawczykiewicz, a sole proprietorship registered in Poland, NIP: 5552075205 (“Intrafio”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects personal data in connection with the Intrafio website, application, AI-powered workspace, software, integrations, and related services available at https://intrafio.com and associated domains or interfaces (collectively, the “Service”).

This Privacy Policy is intended for users, administrators, representatives, and business customers of Intrafio. Intrafio is primarily a B2B SaaS service.

By using the Service, creating an account, subscribing to a paid plan, connecting integrations, uploading files, or otherwise interacting with Intrafio, you acknowledge that personal data may be processed as described in this Privacy Policy.

This Privacy Policy should be read together with Intrafio’s Terms of Service and, where applicable, any Data Processing Agreement (“DPA”) entered into between Intrafio and a business customer.

1. Data Controller and Contact Details

For personal data processed in connection with operating the website, managing accounts, billing, customer communications, security, and business administration, the data controller is:

DK Investments Dawid Krawczykiewicz
NIP: 5552075205
Website: https://intrafio.com
Email: dawid@intrafio.com
Business address: Wałowa 25A/106, 80-858 Gdańsk, Poland

For personal data contained in files, documents, emails, workspace content, prompts, connected tools, and other materials submitted by a business customer or its users, Intrafio may act as a processor acting on behalf of the customer, while the customer acts as the controller. In such cases, the processing is governed by the applicable agreement with the customer, including the Terms of Service and any DPA.

2. Key Definitions

For purposes of this Privacy Policy:

  • Personal Data” means any information relating to an identified or identifiable natural person.
  • Customer Data” means files, documents, text, images, emails, metadata, prompts, outputs, calendar data, workspace configuration, automation rules, logs, and other content submitted to, uploaded to, generated in, connected to, or processed through the Service by or on behalf of a customer.
  • Workspace” means a collaborative environment within Intrafio where users store files, use AI agents, configure integrations, and manage business context.
  • Organization” means the top-level account representing a company, team, or other business entity using Intrafio.
  • User” means an individual who accesses or uses the Service under an account or organization.

3. Categories of Personal Data We Process

Depending on how you use Intrafio, we may process the following categories of data.

3.1 Account and identity data

This may include:

  • first name and last name;
  • business email address;
  • password hash;
  • organization name;
  • user role;
  • account status;
  • invitation and activation status;
  • authentication and session information;
  • user ID, organization ID, and workspace membership.

We use this data to create and manage accounts, authenticate users, administer organizations, control access, and secure the Service.

3.2 Customer and billing data

For paid subscriptions to credit packages (for example, the Starter, Growth, or Scale tiers), we may process:

  • subscription tier and credit package;
  • billing status;
  • payment status;
  • customer identifiers;
  • tax-related information;
  • invoice-related information;
  • payment provider references;
  • transaction metadata.

Payments are processed by Stripe or another authorized payment provider. Intrafio does not store full payment card numbers on its own systems.

3.3 Workspace and collaboration data

When you use the Service, we may process:

  • workspace names and descriptions;
  • user membership and roles;
  • folders and desktop structure;
  • document names, file names, metadata, and icons;
  • workspace settings;
  • automation rules;
  • connected accounts and integrations;
  • activity history and audit logs.

3.4 Uploaded files and document content

Intrafio allows users to upload files and create documents within workspaces. These may include, for example:

  • text documents;
  • PDF files;
  • images;
  • email attachments;
  • business documents;
  • files containing personal data or confidential business information.

Uploaded files and extracted document content may be processed to provide features such as file storage, preview, download, indexing, semantic search, AI chat, attribute extraction, automation, and auditability.

You and your organization are responsible for the content of files uploaded to Intrafio and for ensuring that such files may lawfully be uploaded, stored, analyzed, and processed through the Service.

Intrafio does not control, verify, endorse, or assume responsibility for the legality, accuracy, completeness, quality, ownership, confidentiality, or appropriateness of files and content uploaded by users.

3.5 AI prompts, outputs, and agent activity

When using AI features, we may process:

  • user prompts and chat messages;
  • AI-generated outputs;
  • tool calls and tool results;
  • document excerpts and retrieved context;
  • semantic search queries;
  • extracted attributes;
  • automation instructions;
  • scheduled AI task prompts;
  • agent activity logs;
  • technical traces and execution metadata.

This data is processed to provide AI-powered features, generate responses, execute automations, troubleshoot issues, provide transparency, and maintain audit logs.

3.6 Email integration data

If you connect an email account, Intrafio may process data from that account, depending on the integration and permissions granted, including:

  • email account address;
  • sender and recipient information;
  • subject lines;
  • message dates and headers;
  • email body text or cleaned HTML;
  • attachment metadata;
  • attachment content where requested or required by automation;
  • provider identifiers and synchronization metadata.

Email data is processed to provide email-related workspace context, triggers, automations, attachment handling, and AI assistance.

3.7 Calendar data

If you use workspace calendar or scheduled AI tasks, we may process:

  • calendar names and settings;
  • event titles, descriptions, times, recurrence rules, and metadata;
  • scheduled AI task prompts and execution results;
  • task run status and logs.

3.8 Integration credentials and configuration

If you connect integrations such as email accounts, MCP servers, or external tools, we may process:

  • OAuth tokens;
  • refresh tokens;
  • IMAP/SMTP credentials;
  • API keys;
  • headers;
  • environment variables;
  • endpoint URLs;
  • integration configuration and status.

Sensitive credentials are encrypted where technically appropriate and are used only as needed to provide the configured integration.

3.9 Technical, device, and usage data

We may process technical data such as:

  • IP address;
  • browser and device information;
  • operating system;
  • timestamps;
  • logs;
  • error reports;
  • request metadata;
  • usage patterns;
  • security events.

We use this data to operate, secure, maintain, troubleshoot, and improve the Service.

3.10 Communications data

If you contact us, we may process:

  • your name;
  • email address;
  • organization;
  • message content;
  • support requests;
  • feedback;
  • sales inquiries;
  • administrative communications.

4. How We Collect Personal Data

We collect personal data:

  1. directly from you when you register, configure an account, upload content, use AI features, contact us, or subscribe to a paid plan;
  2. from administrators or other users who invite you to an organization or workspace;
  3. from files, emails, calendars, and integrations you or your organization connect to the Service;
  4. from payment processors such as Stripe;
  5. automatically through logs, cookies, analytics, and technical systems;
  6. from third-party services where you authorize or configure such connections.

5. Purposes of Processing

We process personal data for the following purposes:

  • creating and managing accounts;
  • authenticating users and securing access;
  • administering organizations, users, roles, and workspaces;
  • providing file storage, document preview, search, and download functionality;
  • indexing documents for semantic search and AI retrieval;
  • extracting structured information from documents;
  • providing AI agents, chat, automation, and scheduled AI tasks;
  • processing email, calendar, and integration data where configured;
  • executing automation rules and workspace triggers;
  • logging AI activity and maintaining audit trails;
  • processing subscriptions, billing, invoices, taxes, and payments;
  • preventing fraud, abuse, unauthorized access, and security incidents;
  • monitoring service performance and reliability;
  • providing support and responding to inquiries;
  • improving, maintaining, and developing the Service;
  • complying with legal, tax, accounting, and regulatory obligations;
  • enforcing Terms of Service and other agreements.

6. Legal Bases for Processing

Where the General Data Protection Regulation (“GDPR”) or similar law applies, we rely on one or more of the following legal bases:

6.1 Performance of a contract

We process data where necessary to provide the Service, create accounts, manage subscriptions, authenticate users, process billing, provide support, and fulfill contractual obligations.

6.2 Legitimate interests

We may process data based on legitimate interests, including:

  • securing the Service;
  • preventing fraud and abuse;
  • maintaining logs and audit trails;
  • improving product quality;
  • analyzing business usage;
  • communicating with business customers;
  • enforcing legal terms;
  • protecting Intrafio, customers, users, and third parties.

6.3 Legal obligations

We process data where necessary to comply with legal, accounting, tax, regulatory, or governmental obligations.

6.4 Consent

We may rely on consent where required, such as for certain cookies, marketing communications, optional integrations, or specific processing activities. Consent may be withdrawn where applicable.

6.5 Processing on behalf of customers

Where Intrafio processes Customer Data on behalf of a business customer, the customer is responsible for determining the legal basis for processing. Intrafio processes such data according to the customer’s instructions, the Terms of Service, and any applicable DPA.

7. Use of OpenAI and AI Model Providers

Intrafio uses third-party AI model providers, including OpenAI, to deliver core AI-powered features of the Service.

When you use AI features, Customer Data may be transmitted to and processed by OpenAI or other model providers. This may include:

  • prompts and chat messages;
  • uploaded files and extracted document text;
  • document metadata;
  • document chunks used for semantic search and retrieval;
  • email content and attachment metadata;
  • calendar context and scheduled task instructions;
  • automation rules;
  • tool-call context;
  • AI outputs and technical metadata necessary to operate the Service.

These providers process such data to generate responses, analyze documents, extract information, classify or summarize content, plan actions, support automation, and provide related AI functionality.

According to OpenAI’s public business/API documentation, data sent to OpenAI’s API is not used to train or improve OpenAI models unless the customer explicitly opts in or enables such sharing. Intrafio does not authorize OpenAI to use Customer Data to train general-purpose models unless such use is expressly enabled, required by the relevant provider configuration, or separately agreed.

Provider practices, security measures, retention periods, regional processing, and data handling terms may depend on the specific provider, model, API, region, and configuration used at a given time.

You should not use AI-powered features with data that you are not permitted to have processed by third-party AI service providers.

8. Payment Processing Through Stripe

Intrafio uses Stripe to process payments, subscriptions, billing, and related payment operations for paid subscriptions to credit packages.

When you subscribe to a credit package, Stripe may process personal data such as:

  • name;
  • email address;
  • billing details;
  • payment method information;
  • transaction details;
  • tax information;
  • fraud prevention data;
  • payment authentication data.

Intrafio does not store full payment card details on its own systems. Stripe processes payment data according to its own privacy and security terms.

We may receive from Stripe limited information such as subscription status, invoice status, customer identifiers, transaction references, payment status, and billing metadata necessary to operate subscriptions and credit packages.

9. Hosting and Infrastructure

Intrafio is hosted on Amazon Web Services (AWS) infrastructure located in the European Union, unless otherwise stated in a separate agreement or product configuration.

AWS provides cloud infrastructure used to host application components, databases, storage, networking, security, and related systems.

Although Intrafio selects EU hosting infrastructure for the Service, certain subprocessors, support operations, security tools, AI providers, payment providers, or integration providers may involve processing outside the European Economic Area where permitted by applicable law and subject to appropriate safeguards.

10. Cookies and Similar Technologies

Intrafio may use cookies or similar technologies to operate the website and application, authenticate users, maintain sessions, remember preferences, improve security, and analyze usage.

Cookies may include:

  • essential cookies required for login and security;
  • preference cookies;
  • analytics cookies;
  • performance or diagnostic cookies.

Where required by law, we will request your consent before using non-essential cookies.

You may configure your browser to block or delete cookies. However, some parts of the Service may not function properly without essential cookies.

11. Sharing of Personal Data

We may share personal data with the following categories of recipients:

11.1 Service providers and subprocessors

We may share data with trusted providers that help us operate the Service, including:

  • cloud hosting providers such as AWS;
  • AI model providers such as OpenAI;
  • payment processors such as Stripe;
  • email delivery providers;
  • monitoring, logging, analytics, and security providers;
  • customer support or communication tools;
  • infrastructure and database providers;
  • integration providers configured by you.

These providers may process personal data only as necessary to provide services to Intrafio or as otherwise permitted by their applicable terms and law.

11.2 Within your organization

If you use Intrafio as part of an organization, administrators and authorized users may access workspace content, user information, files, AI activity, logs, and configuration data according to their roles and permissions.

11.3 Third-party integrations configured by you

When you connect external services, data may be exchanged with those services according to your configuration and the permissions granted.

11.4 Legal and compliance purposes

We may disclose personal data if required to do so by law, court order, regulatory authority, or lawful request, or where we believe disclosure is necessary to protect rights, safety, security, or legal interests.

11.5 Business transfers

If Intrafio is involved in a merger, acquisition, restructuring, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.

12. International Data Transfers

Intrafio is based in Poland and uses EU-based AWS hosting for the Service. However, some service providers, including AI providers, payment processors, support tools, security providers, or integration providers, may process data in countries outside the European Economic Area.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required, such as:

  • Standard Contractual Clauses;
  • adequacy decisions;
  • data processing agreements;
  • technical and organizational safeguards;
  • other lawful transfer mechanisms available under applicable law.

13. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support business operations.

Retention periods may vary depending on the type of data:

  • account data is generally retained while the account remains active;
  • billing and invoice data may be retained for legal, accounting, and tax purposes;
  • logs may be retained for security, audit, troubleshooting, and operational purposes;
  • Customer Data is generally retained while the relevant organization, workspace, or account remains active;
  • backups may retain data for a limited period before automatic deletion or overwrite.

When a customer deletes its organization account, Intrafio deletes the customer’s files from storage and removes the customer’s data from the database, subject to technical limitations, backup retention, legal obligations, dispute preservation, fraud prevention, and security requirements.

Deletion from active systems may occur before deletion from backups. Backup copies are not used for ordinary processing and are deleted or overwritten according to backup lifecycle policies.

14. Organization Account Deletion

If an authorized administrator requests deletion of an organization account, Intrafio will delete the organization’s data associated with the Service, including:

  • workspace data;
  • uploaded files stored by Intrafio;
  • documents and extracted content;
  • semantic indexes and embeddings;
  • file attributes;
  • automation rules;
  • calendar data;
  • email integration records stored by Intrafio;
  • AI activity logs;
  • user membership records associated with the organization;
  • relevant database records.

Certain information may be retained where required or permitted by law, including:

  • billing and invoice records;
  • tax and accounting records;
  • security logs;
  • records necessary to resolve disputes;
  • records necessary to prevent abuse or fraud;
  • data stored in backups until backup rotation or deletion.

Before deleting an organization, customers should export or download any data they wish to keep. Deletion may be irreversible.

15. User Responsibility for Uploaded Content

Users and their organizations are solely responsible for the content they upload, create, connect, transmit, or process through Intrafio.

This includes responsibility for:

  • legality of uploaded files and data;
  • obtaining required rights, permissions, licenses, notices, and consents;
  • ensuring that personal data is processed lawfully;
  • ensuring that confidential, regulated, or sensitive information may be processed through Intrafio and its providers;
  • preventing upload of unlawful, infringing, harmful, malicious, or unauthorized content;
  • reviewing AI outputs generated from uploaded content.

Intrafio does not own user-uploaded content and does not assume responsibility for its legality, accuracy, completeness, business suitability, or consequences of use.

Intrafio may remove, disable access to, or restrict processing of content if we reasonably believe that it violates the Terms of Service, this Privacy Policy, applicable law, third-party rights, security requirements, or acceptable use restrictions.

16. Security Measures

Intrafio implements technical and organizational measures designed to protect personal data and Customer Data.

Depending on the feature and configuration, these may include:

  • organization and workspace-level access controls;
  • authentication and authorization controls;
  • role-based permissions;
  • encryption of selected sensitive credentials;
  • secure handling of OAuth tokens, IMAP credentials, and MCP credentials;
  • logging and audit trails for AI actions;
  • monitoring and operational safeguards;
  • secure cloud hosting on AWS infrastructure in the EU;
  • limits and controls for file upload, automation, and integrations;
  • background job deduplication and retry controls.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

You are responsible for maintaining appropriate security practices, including strong passwords, access review, secure devices, careful configuration of integrations, and appropriate user permissions.

17. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal data, including the right to:

  • access your personal data;
  • correct inaccurate personal data;
  • delete personal data;
  • restrict processing;
  • object to processing;
  • receive a copy of your data in a portable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

If your data is processed by Intrafio on behalf of your organization, we may direct your request to the organization that controls the relevant data.

To exercise your rights, contact us at [privacy@intrafio.com].

We may need to verify your identity before responding to a request.

18. Children

Intrafio is intended for business users and is not directed to children.

You must not use the Service if you are under 18 years old or otherwise not legally capable of entering into binding agreements.

We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we may delete it.

19. Marketing Communications

We may send business communications, product updates, onboarding messages, service notices, billing notices, and security notices.

Where permitted by law, we may also send marketing communications about Intrafio. You may opt out of marketing communications at any time by using the unsubscribe link or contacting us.

Transactional, security, billing, and service-related communications may still be sent even if you opt out of marketing communications.

20. Automated Decision-Making

Intrafio provides AI-powered features that may analyze data, generate outputs, suggest actions, extract attributes, summarize content, and execute automations configured by users.

Intrafio does not intend for customers to use the Service to make legally or similarly significant decisions about individuals without appropriate human review, legal basis, and safeguards.

Customers are responsible for deciding whether their use of AI features involves automated decision-making under applicable law and for meeting any related legal requirements.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we will take reasonable steps to notify users, such as by email, in-app notice, or website notice.

The updated Privacy Policy will become effective on the date stated in the updated version. Continued use of the Service after the effective date means you acknowledge the updated Privacy Policy.

22. Contact

For privacy-related questions, requests, or concerns, contact:

DK Investments Dawid Krawczykiewicz
NIP: 5552075205
Website: https://intrafio.com
Email: dawid@intrafio.com
Business address: Wałowa 25A/106, 80-858 Gdańsk, Poland

If GDPR applies, you may also have the right to lodge a complaint with the competent data protection authority. In Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).