Privacy Notice

Privacy Notice

Last updated: 16 June 2026

This Privacy Notice (the “Notice”) explains how backstreamAI processes personal data when you visit this website (the “Website”), contact us, arrange a consultation, or use our services.

Our data processing complies with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), applicable Hungarian data protection law, and — where applicable to the data subject — certain U.S. state privacy laws (e.g. California’s CCPA/CPRA).

Please read this Notice carefully. If you have any questions about any of its points, you can reach us using the contact details below.

backstreamAI

Registered seat: Kemenes utca 6, 1114 Budapest, Hungary

contact@backstreamai.com

https://backstreamai.com

Contents

  • 1. The data controller
  • 2. Definitions
  • 3. What data we process, for what purpose and on what legal basis
  • 4. Cookies and similar technologies
  • 5. Recipients and processors
  • 6. Transfers to third countries
  • 7. Data security
  • 8. Your rights (EU / GDPR)
  • 9. Remedies and complaints
  • 10. Rights of U.S. residents (CCPA/CPRA and other state laws)
  • 11. Children’s data
  • 12. Changes to this Notice
  • 13. Governing legislation

1. The data controller

The controller of your data (the “Controller” or “we”):

  • Name: backstreamAI
  • Email: contact@backstreamai.com
  • Registered seat: Kemenes utca 6, 1114 Budapest, Hungary
  • Website: https://backstreamai.com

Data Protection Officer (DPO): under Article 37 GDPR the Controller is not required to appoint a DPO and has not appointed one. For data protection matters you can contact us at contact@backstreamai.com.

2. Definitions

  • Personal data: any information relating to an identified or identifiable natural person.
  • Data subject: the natural person whose personal data we process.
  • Processing: any operation performed on personal data (e.g. collection, storage, use, transfer, deletion).
  • Controller: the party that determines the purposes and means of the processing.
  • Processor: the party that processes personal data on behalf of the Controller.
  • Consent: the data subject’s freely given, specific, informed and unambiguous indication of their wishes.
  • Special category data: data requiring enhanced protection under Article 9 GDPR (e.g. health data). We do not process such data on a systemic basis.

3. What data we process, for what purpose and on what legal basis

The following sets out each processing activity, the scope of the data processed, the legal basis (Article 6 GDPR) and the retention period.

a) Contact (contact form / email)

  • Data processed: name, email address, (optionally) company name, the content of your message.
  • Purpose: responding to your enquiry, keeping in touch.
  • Legal basis: the data subject’s consent [Article 6(1)(a) GDPR], or legitimate interest in responding to your enquiry [Article 6(1)(f)].
  • Retention: up to 1 year after the enquiry is closed, or until consent is withdrawn.

b) Arranging a consultation (booking / intro call)

  • Data processed: name, email address, (optionally) phone number, company name, the time of the meeting, and any other information you provide.
  • Purpose: arranging and holding the consultation.
  • Legal basis: pre-contractual steps or performance of a contract [Article 6(1)(b) GDPR].
  • Retention: up to 1 year after the consultation, or for the duration of the client relationship.

c) Contracting and service provision

  • Data processed: contact and billing details, contractual data.
  • Purpose: concluding and performing the contract, keeping in touch, invoicing.
  • Legal basis: performance of a contract [Article 6(1)(b) GDPR] and compliance with a legal obligation [Article 6(1)(c)].
  • Retention: accounting documents are kept for 8 years pursuant to Section 169 of Act C of 2000 on Accounting.

d) Newsletter / marketing (if you opt in)

  • Data processed: name, email address.
  • Purpose: sending newsletters and marketing messages.
  • Legal basis: the data subject’s explicit, voluntary consent [Article 6(1)(a) GDPR], which can be withdrawn free of charge at any time (unsubscribe).
  • Retention: until consent is withdrawn.

e) Operating and logging the Website

  • Data processed: IP address, browser and device data, technical logs of the visit.
  • Purpose: secure and proper operation of the Website, prevention of abuse.
  • Legal basis: the Controller’s legitimate interest [Article 6(1)(f) GDPR].
  • Retention: up to 12 months, or until a security incident has been investigated.

4. Cookies and similar technologies

Cookies are small text files that your browser stores on your device when you visit a website. Similar technologies include local storage (localStorage) and pixels.

The Website stores your language preference in your browser’s local storage (localStorage, the “backstream-language” key) so it appears in your chosen language next time. This is strictly necessary for the Website to function and is not used for tracking.

Cookie categories

  • Strictly necessary cookies: required for the basic operation of the Website (e.g. language setting, security). Their legal basis is legitimate interest and they may be used without consent.
  • Settings / preference cookies: store your convenience settings (e.g. language).
  • Statistical / analytics cookies: we use Google Analytics (Google LLC) and Microsoft Clarity (Microsoft Corporation) to measure traffic and usage. They are placed only with prior consent.
  • Marketing cookies: we currently do not use marketing cookies. If we introduce them in the future, they will likewise be placed only with prior consent.

Consent and managing cookies

We place non-essential (analytics) cookies only with your prior, explicit consent, via the cookie banner shown when the Website loads, in line with electronic communications (ePrivacy) rules. You can change or withdraw your consent at any time: delete the “backstreamai-cookie-consent” setting stored in your browser (or clear your browser’s cookies) and the cookie banner will reappear. You can also manage, restrict or delete cookies in your browser settings. Please note that disabling strictly necessary cookies may cause certain Website features to malfunction.

Cookies and stored data we use

  • Google Analytics (Google LLC): _ga, _ga_*, _gid – measuring traffic and usage; lifetime up to 2 years (_gid: 24 hours). With consent only.
  • Microsoft Clarity (Microsoft Corporation): _clck, _clsk, CLID, ANONCHK, MR, MUID, SM – anonymous behaviour analysis (heatmaps, session replay); lifetime up to 1 year. With consent only.
  • backstream-language (local storage / localStorage): remembers the selected language; stays in your browser until you delete it.
  • backstreamai-cookie-consent (local storage / localStorage): stores your cookie consent.

5. Recipients and processors

We treat your personal data confidentially. Only those of our staff who need it to perform their duties, and who are bound by a duty of confidentiality, have access to your data.

To provide the service we rely on trusted processors who act on our instructions, under contractual and data protection guarantees. The categories of processors currently used:

  • Hosting and infrastructure provider: Google (Firebase Hosting / Firebase App Hosting) – Google LLC (USA) / Google Ireland Ltd.
  • Database: Google (Cloud Firestore) – Google LLC (USA) / Google Ireland Ltd.
  • Web analytics: Google Analytics – Google LLC (USA), and Microsoft Clarity – Microsoft Corporation (USA).
  • Email delivery: Resend (Resend, Inc., USA) – delivering messages sent from the contact form.

We may disclose data on the basis of a legal obligation in the event of a request from an authority or court.

6. Transfers to third countries

Some of our providers (e.g. hosting, analytics, email delivery) are based outside the European Economic Area (EEA), for example in the United States. Where a transfer to a third country takes place, we carry it out only with the appropriate safeguards under Chapter V GDPR, in particular:

  • on the basis of a European Commission adequacy decision (e.g. the EU–US Data Privacy Framework, where the provider is certified), or
  • by applying the Standard Contractual Clauses (SCCs) adopted by the European Commission, with supplementary measures where necessary.

You can request information about the safeguards applied and a copy of them at contact@backstreamai.com.

7. Data security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, transfer, disclosure, deletion or destruction (e.g. encrypted connection / HTTPS, access restriction, regular backups).

Please note that data transmission over the internet is never entirely risk-free; we strive for the highest level of protection we can provide.

8. Your rights (EU / GDPR)

Under the GDPR you have the following rights in relation to your personal data:

  • Right of access: you can ask whether we process your data and, if so, request a copy of it.
  • Right to rectification: you can request correction of inaccurate data and completion of incomplete data.
  • Right to erasure (“right to be forgotten”): under certain conditions you can request deletion of your data.
  • Right to restriction of processing: in certain cases you can request that processing be restricted.
  • Right to data portability: you can request data processed automatically on the basis of consent or a contract in a structured, machine-readable format.
  • Right to object: you can object to processing based on legitimate interest, and at any time to direct marketing.
  • Withdrawal of consent: you can withdraw consent given for consent-based processing at any time, free of charge (this does not affect the lawfulness of processing before withdrawal).
  • Automated decision-making: we do not make decisions based solely on automated processing that produce legal effects concerning you.

You can exercise your rights at contact@backstreamai.com. We respond to your request without undue delay, and within 1 month at the latest (this may be extended by 2 months in justified cases). Information is provided free of charge.

9. Remedies and complaints

If you feel that our data processing infringes your rights, please contact us first at contact@backstreamai.com — we will try to resolve the issue quickly.

You may also lodge a complaint with the supervisory authority:

  • Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
  • Address: Falk Miksa utca 9-11, 1055 Budapest, Hungary
  • Mailing address: 1363 Budapest, Pf. 9.
  • Phone: +36 (1) 391-1400
  • Email: ugyfelszolgalat@naih.hu
  • Website: www.naih.hu

In the event of an infringement of your rights you may also turn to a court; proceedings may be brought before the court competent for your place of residence or stay.

10. Rights of U.S. residents (CCPA/CPRA and other state laws)

This section applies to data subjects who reside in a U.S. state that has a comprehensive privacy law — in particular California (CCPA, as amended by the CPRA), as well as Virginia, Colorado, Connecticut, Utah, Texas and other states.

Categories of personal information collected (CCPA)

  • Identifiers (e.g. name, email address, phone number, IP address).
  • Customer records information (e.g. company name, billing contact details).
  • Commercial information (e.g. services used).
  • Internet/network activity (e.g. interaction with the Website, where we use analytics).
  • Professional / employment-related information (e.g. job title, company).

The source of the data is primarily directly from you (forms, email, booking), and automatically through use of the Website. We process the data for the purposes described in Section 3 of this Notice.

We do not sell or “share” personal information

We do not sell and do not “share” your personal information within the meaning of the CCPA/CPRA, and we have not done so in the past 12 months.

Sensitive personal information

We do not collect or use sensitive personal information under the CPRA beyond the permitted purposes necessary for operation.

Consumer rights

  • Right to know: you can request what personal information we collected, from what source, for what purpose, and with whom we shared it.
  • Right to delete: you can request deletion of the personal information collected about you (subject to statutory exceptions).
  • Right to correct: you can request correction of inaccurate data.
  • Right to opt out of sale/sharing: since we do not sell or share data, this currently does not apply.
  • Right to limit the use of sensitive information.
  • Right to non-discrimination: you will not be discriminated against for exercising your rights.
  • In certain states (e.g. Virginia, Colorado, Connecticut) you have a right to appeal if a request is denied.

How to exercise your rights

You can submit your request at contact@backstreamai.com. We verify your identity in a reasonable manner. An authorized agent may also act on your behalf with appropriate proof. We respond to the request within the time limit set by the applicable law (typically 45 days).

11. Children’s data

The Website and our services are not directed at children under 16 (or under 13 in the U.S.), and we do not knowingly collect personal data from them. If we become aware that we hold such data, we delete it.

12. Changes to this Notice

We may update this Notice from time to time (e.g. due to legislative changes or a new service). The version in force at any given time is available on the Website, with the “Last updated” date above. We will provide appropriate notice of material changes.

13. Governing legislation

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.).
  • Act C of 2000 on Accounting.
  • Act CVIII of 2001 on Electronic Commerce Services (E-commerce Act).
  • Act C of 2003 on Electronic Communications (in respect of cookies / ePrivacy).
  • California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other U.S. state privacy laws.
We will update this Notice promptly if our infrastructure changes, a new processor is added, or the relevant legal framework is amended.

Cookies & analytics

We use essential cookies and anonymized analytics to keep the site running and improve your experience.

Privacy & cookies