autocontent.hu
← Back to home

Privacy Policy

Effective from January 1, 2026. Last updated: May 2026.

Data Controller:
Name: Gábor Jurgovszki, sole proprietor
Phone: +36 30 286 7246
E-mail: info@autocontent.hu
Website: https://autocontent.hu

1. Introduction

Gábor Jurgovszki, sole proprietor (hereinafter: Data Controller) operates the SaaS service available under the autocontent.hu domain. The Data Controller is committed to the protection of users' personal data and processes such data under the following terms — with particular regard to Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) and applicable Hungarian regulations (in particular Act CXII of 2011 — the Hungarian Information Act).

2. What data do we process?

Data categoryPurposeLegal basis (Article 6 GDPR)Retention
Name, e-mail address, password (encrypted) User account management, login (1)(b) performance of contract Until account deletion
Google account ID, profile picture URL (in case of Google login) OAuth login, account identification (1)(b) performance of contract Until account deletion
IP address, browser identifier, time of last login Security audit, abuse prevention (1)(f) legitimate interest (security) 12 months
Generated content, uploaded images, topics Operation of the Service, custom content storage (1)(b) performance of contract Until account deletion
Credit transactions, payment data Invoicing, financial records (1)(c) legal obligation (accounting) 8 years (Hungarian Accounting Act)
Error logs, performance data Improving service quality (1)(f) legitimate interest 30 days

3. Data processors (third parties)

The Data Controller may rely on various technology partners to operate the Service. The specific partner constellation may change continuously during the development, optimisation and quality improvement of the Service. The listed partners process the data transferred to them in accordance with their own privacy policies and access them only to the extent necessary.

3.1 Identity and login providers

  • Google LLC (USA) — OAuth login (name, e-mail, profile picture). Privacy

3.2 AI language models and content generation providers

For AI operations — article generation, text refinement, embedding, structure analysis, research, translation, image metadata extraction, summarisation, etc. — we may use any of the providers listed below. The specific task and model selection may dynamically vary based on performance, cost and quality considerations; we are not bound to any single provider and may switch to another partner at any time in order to improve the quality of the Service:

  • OpenAI (USA)
  • Anthropic (USA)
  • Google LLC — Gemini (USA)
  • Mistral AI (France)
  • Meta Platforms — Llama models (USA)
  • xAI (USA)
  • Cohere (Canada)
  • Perplexity AI (USA)
  • Groq (USA)
  • Together AI (USA)
  • DeepSeek (People's Republic of China — only for non-sensitive tasks, with explicit User consent)
  • Amazon Web Services — Bedrock (USA)
  • Microsoft Azure — Azure OpenAI (USA / EU)
  • Hugging Face (USA / France)
  • Replicate (USA)

The prompt provided by the User and the response returned by the AI provider are handled in accordance with that provider's own storage and retention policy. The Data Controller endeavours, where possible, to choose partners that do not use user data for their own model training.

3.3 Visual and image providers

  • Stock image providers — including Magnific, Freepik, Shutterstock, Adobe Stock, Unsplash, Pexels, etc. (image search queries, metadata of image downloads)
  • AI image generation providers — including OpenAI DALL·E, Stability AI, Midjourney, Black Forest Labs Flux, Google Imagen, Ideogram, etc.

3.4 Search and research APIs

  • Web search APIs — including SerpAPI, Bing Search API, Brave Search API, Google Programmable Search, ScraperAPI, etc. (only the search queries are forwarded for topic research)

3.5 Hosting, CDN and infrastructure providers

  • Cloud hosting and object storage — including Cloudflare R2, Amazon S3, Google Cloud Storage, Microsoft Azure Blob, Backblaze B2, etc.
  • CDN and edge providers — including Cloudflare, AWS CloudFront, Fastly, etc.
  • Application hosting partners (EU or Hungarian servers) — running the Service

3.6 E-mail and notification providers

  • SMTP and transactional e-mail providers — including own SMTP server, Postmark, AWS SES, SendGrid, Resend, Mailgun, etc. (registration confirmation, password reminder, 2FA codes)

3.7 Payment and invoicing providers (future)

  • Online payment and invoicing providers — an updated list of data processors will be made available when payment channels are introduced

The above lists are indicative; the partner constellation actually used by the Service may change during the development cycle. The User may at any time request up-to-date information at info@autocontent.hu regarding which partners specifically process their data.

4. Cookies and session management

The Service uses only the cookies strictly necessary for operation (technical cookies):

  • autocontent_session — managing the logged-in session
  • XSRF-TOKEN — protection against CSRF attacks

The Service does not use marketing or tracking cookies. Third-party tracking (Google Analytics, Facebook Pixel, etc.) is currently not active.

5. Rights of the data subject (Articles 15–22 GDPR)

The User (data subject) has the following rights:

  • Right of access — may request information on the data we process about them
  • Right to rectification — correction of inaccurate data
  • Right to erasure ("right to be forgotten") — upon account deletion, personal data are deleted within 30 days (except where the Hungarian Accounting Act requires 8-year retention)
  • Right to restriction — in certain cases, processing may be suspended upon request
  • Right to data portability — data may be requested in a machine-readable format
  • Right to object — to processing based on legitimate interest

Rights can be exercised at info@autocontent.hu. The Data Controller will respond to the request within 30 days.

6. Data security

The Data Controller applies the following technical and organisational measures:

  • HTTPS encryption for all data traffic
  • Passwords hashed using bcrypt (never stored in plain text)
  • External API keys protected with envelope encryption (AES-256-GCM)
  • Two-factor authentication (2FA) support
  • Regular security audits and software updates
  • Organised backup and recovery plan

7. Data transfers to third countries

Some data processors (Google, AI providers) are based outside the European Economic Area. Data transfers take place under appropriate safeguards as set out in Article 46 GDPR (Standard Contractual Clauses — SCC).

8. Automated decision-making

The Service includes AI-based content generation features. These features generate content in response to User requests — they do not make automated decisions concerning the rights or legal status of the User.

9. Right to lodge a complaint (NAIH)

If the User considers that the processing of personal data violates the law, they may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information:

NAIH
Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, P.O.B. 9.
Phone: +36 1 391 1400
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu

10. Modification of this notice

The Data Controller reserves the right to modify this Privacy Policy. Users will be notified of changes by e-mail or through an in-Service notification. Changes take effect 15 days after notification.

11. Contact

For any questions related to data protection, please contact us:

Gábor Jurgovszki, sole proprietor
E-mail: info@autocontent.hu
Phone: +36 30 286 7246