Back to home

Privacy Policy

Last updated: July 15, 2026

This Privacy Policy explains how MeteorIT d.o.o. Beograd ("MeteorIT", "we") processes personal data on the Integral platform, available at sphere.meteorit.rs (the "Platform").

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Serbian Law on Personal Data Protection (ZZPL).

1. Data controller

MeteorIT d.o.o. Beograd, Radavačka 24, 11070 Beograd (Novi Beograd), Serbia. Registration number (MB): 22049178. Tax ID (PIB): 114630015. Contact: ai@meteorit.rs.

For business data that your organization brings onto the Platform or connects to it, MeteorIT acts as a data processor on behalf of your organization, which remains the data controller for that content.

2. Data we process

  • Account data — name, e-mail address, login credentials, workspace membership, roles and language preference.
  • Workspace content — conversations with the assistant, uploaded files and documents, workflows, drafts, dashboards and feedback you submit.
  • Connected systems — authorization tokens for the systems your workspace connects (for example e-mail, ticketing or file storage), stored encrypted. Business data from those systems is read on demand to answer a specific request and is not copied into permanent Platform storage.
  • Usage and technical data — sign-in events, usage and cost metrics per workspace and user, application logs, and basic browser and device information.

3. How we use data

  • To provide and operate the Platform and generate assistant responses.
  • To enforce workspace access rules — each user sees only the data their role and permissions allow.
  • To provide support and communicate about the service (for example invitations and password resets).
  • To secure the service, prevent abuse and diagnose technical problems.
  • To measure usage and enforce agreed cost limits.

4. AI processing

To generate a response, the content of your request — together with the relevant data retrieved from connected systems — is sent to the AI model provider(s) configured for your workspace.

Model providers process this data solely to provide the service. Under our agreements with them, they do not use your data to train their models.

5. Google user data

If your workspace connects Google services (such as Gmail or Google Drive), Integral accesses Google user data only with your explicit consent, through Google’s OAuth sign-in, and only within the scopes you approve.

That data is used solely to provide the features you request — answering your questions, generating reports and running the workflows you approve. It is read on demand and is not copied into permanent Platform storage. We do not sell Google user data, do not use it for advertising, and do not allow humans to read it except with your permission, for security purposes, or where required by law. You can revoke Integral’s access at any time in the Platform’s connector settings or at myaccount.google.com/permissions.

Integral’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Legal bases

  • Performance of a contract — providing the Platform to your organization.
  • Legitimate interest — securing the service, preventing abuse and improving the Platform.
  • Consent — where required, which you may withdraw at any time.
  • Legal obligations — where processing is required by applicable law.

7. Sub-processors and international transfers

We use a limited number of service providers to operate the Platform:

  • Hosting and database infrastructure (for example Vercel and Supabase).
  • Transactional e-mail delivery (for example Resend).
  • The AI model providers configured for your workspace.

All sub-processors are bound by data processing agreements. Where data is transferred outside Serbia or the European Economic Area, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

We never sell or rent personal data.

8. Data retention

  • Account data — for the duration of your account and the contract with your organization.
  • Workspace content — until deleted within the workspace, or upon termination of the contract with your organization.
  • Logs and technical data — for a limited period necessary for security and operations.

9. Security

We apply industry-standard measures to protect data: encryption in transit and at rest, storage of access tokens in a dedicated secrets vault, role-based access control and monitoring.

No method of transmission or storage is completely secure, but we continuously work to protect your data using current good practice.

10. Your rights

Under the GDPR and the ZZPL you have the right to access, correct and delete your personal data, restrict or object to processing, receive your data in a portable format, and withdraw consent at any time.

To exercise these rights, contact us at ai@meteorit.rs. You also have the right to lodge a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection (www.poverenik.rs) or your local supervisory authority in the EU.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes are published on this page with an updated date.

12. Contact

For any questions about this Privacy Policy or how we handle data, write to ai@meteorit.rs.