Thembi.ai

Privacy Policy

How we handle your data and protect your privacy.

Privacy Policy — Thembi S.r.l. (Thembi.ai)

Last updated: 26 September 2025

Scope and controller

  • Controller: Thembi S.r.l. — Corso Ventidue Marzo 12, 20135 Milano — C.F. 14207690968.
  • Coverage: This Policy covers personal data collected and processed via the website, SaaS platform, APIs, demos, trial accounts, marketing activities, events and support for users located in the EU and elsewhere.

Principles and legal basis

  • We process personal data lawfully, fairly and transparently; for specified purposes; limited to what is necessary; accurate; stored only as long as required; and secured appropriately.
  • Lawful bases used include: performance of contract, legitimate interests (platform improvement, fraud prevention, analytics, security), consent (where explicitly requested), and compliance with legal obligations.

Data we collect and purposes

  • Account and identity data: name, job title, organisation, business email and phone — to create and manage user accounts, provide the service, billing, and support.
  • Authentication data: hashed passwords, 2FA tokens — for secure access.
  • Contact & commercial data: billing address, VAT, purchase history — invoicing and tax compliance.
  • Usage, telemetry & logs: feature usage, IP, device, timestamps, error logs — product improvement, diagnostics, security.
  • Content and inputs: datasets, documents, prompts, analyses, and outputs that customers upload or generate on the platform — processed to deliver the service and stored/retained per contractual settings.
  • Communications: support tickets, meeting notes, emails — customer service and dispute resolution.
  • Marketing & events: newsletter subscriptions, event registration — marketing where consented or under legitimate interest with opt-out.

Special categories and training data

  • We do not intentionally request or process special category personal data (sensitive data). If such data is provided, we will process only with explicit consent or where strictly necessary and permitted by law.
  • For AI models and transparency obligations, relevant summaries and documentation on training data will be provided in line with applicable EU requirements for certain AI systems and model providers.

Recipients and international transfers

  • Internal recipients: authorised Thembi employees, contractors, data processors acting under contract.
  • External processors: cloud hosting providers, payment processors, analytics vendors, email platforms, security services. All processors are subject to Data Processing Agreements and required to meet EU GDPR standards.
  • If personal data is transferred outside the EEA, we rely on EU Standard Contractual Clauses, adequacy decisions, or other legally recognised safeguards.

Retention

  • Account data: retained for the active period of the account plus 7 years for accounting and legal compliance unless otherwise agreed. Shorter retention applies where legally required. Backups are securely deleted after restoration windows.
  • Logs and telemetry: retained for 6–24 months depending on type and security needs.
  • Uploaded customer content: retained per the customer contract and deletion requests; exported backups may persist for a limited period to enable restoration.

Data subject rights

  • Right to access, rectification, erasure, portability, restriction of processing, objection, and not to be subject to automated individual decision-making where applicable.
  • To exercise rights or obtain information contact info@thembi.ai or postal address above. We respond within legal timelines (usually 1 month).

Security measures

  • Industry-standard technical and organisational measures: encryption in transit (TLS) and at rest, role-based access, logging, vulnerability management, security reviews, and incident response procedures.
  • We perform regular security assessments and maintain contractual and technical safeguards with subprocessors.

Data breaches

  • In case of a personal data breach we will notify the competent Data Protection Authority and affected data subjects where required by law, and inform customers promptly if their data or service is materially affected.

Data Protection Officer and supervisory authority

  • Contact for privacy matters: info@thembi.ai.
  • Customers may contact the Italian Data Protection Authority (Garante) or the relevant EU supervisory authority for complaints.

Automated decision-making and AI transparency

  • Thembi uses automated processing and AI to generate insights and reports. We do not use fully automated profiling that produces legal or similarly significant effects on data subjects without human oversight.
  • For regulated AI systems or general-purpose model providers, we will comply with disclosure and transparency requirements applicable under EU law, including documentation and summary obligations for training data as required by forthcoming templates and rules.
  • Thembi will comply with all EU AI Act requirements that are applicable to Thembi's operations.

Minors

  • Our services are intended for professionals; we do not knowingly collect data from minors. If discovered, we will remove it promptly.

Changes and effective date

  • This Policy may be updated; we will publish the date of last revision and notify registered customers of material changes.

Cookies Policy — Thembi.ai

Last updated: 26 September 2025

What are cookies

  • Cookies and similar technologies are small text files stored on a device to remember preferences, enable functionality, and collect analytics.

Types of cookies we use

  • Strictly necessary: required for core platform functionality and security (no consent required).
  • Functional: store language or display preferences to improve user experience.
  • Performance & analytics: collect aggregated usage data to measure and improve the service. We use aggregated analytics to improve platform performance.
  • Marketing: used to personalise communications and measure campaign effectiveness (consent required).

Consent and management

  • On first visit, users see a cookie banner explaining categories and can give granular consent for non-essential cookies. Consent is stored and can be withdrawn any time. Refusing non-essential cookies does not prevent access to the site or essential platform functionality.

Third-party cookies

  • We may permit third-party providers (analytics, marketing) to place cookies; their use is governed by their privacy terms. Examples include analytics and ad platforms. Users must consult the consent tool to view and manage third-party cookies.

Cookie retention and examples

  • Session cookies: deleted when the browser closes.
  • Persistent cookies: last from a few days to several years depending on purpose. Specific cookie names, purposes and retention periods are listed in the Cookie Declaration accessible from the footer of the site.

How to change browser settings

  • Users can withdraw or manage cookie preferences using the cookie banner or their browser settings. Browser controls allow blocking or deleting cookies; instructions are available via browser help pages.

More information

  • To exercise cookie-related choices or request detailed cookie declarations contact info@thembi.ai.

Legal Disclaimer and Terms of Use (Website & SaaS summary)

Last updated: 26 September 2025

Scope

  • These statements apply to information, materials, tools and services provided at the Thembi.ai website and platform. They are a summary; full Terms of Service and Subscription Agreement govern the contractual relationship with paying customers.

No professional advice warranty

  • Content, analyses and outputs provided by Thembi.ai are informational and for analytical support only. They do not constitute legal, regulatory, tax, medical or other professional advice. Users must not rely solely on platform outputs for regulatory decisions without independent verification.

Accuracy and availability

  • We aim to provide accurate and timely information but do not guarantee completeness or suitability for a particular purpose. The platform is provided as is and as available. Thembi does not warrant uninterrupted or error-free access.

Limitation of liability

  • To the fullest extent permitted by law, Thembi S.r.l. and its affiliates are not liable for indirect, incidental, consequential or special damages, lost profits or loss of data arising out of use or inability to use the service. For direct damages, Thembi’s aggregate liability is limited to fees paid by the customer in the 12 months preceding the claim, except where stricter limits apply by mandatory law.

Intellectual property

  • All platform software, content, reports, models and documentation are the intellectual property of Thembi or its licensors. Customers are granted a limited, non-exclusive, non-transferable licence to use outputs as set out in the applicable agreement. Users must not copy, redistribute or create derivative products outside the licence.

User content and rights

  • Customers retain ownership of their uploaded content and grant Thembi a limited licence to process, host and display such content for service delivery, improvement and lawful business purposes as defined in customer agreements. Thembi will not claim ownership of customer data.

Third-party links and services

  • Thembi may link to or integrate third-party services. We are not responsible for third-party content or practices. Users should review third-party terms and privacy policies.

Governing law and jurisdiction

  • Thembi S.r.l. is an Italian company. These policies are governed by Italian law and applicable EU law.
  • The English version prevails for interpretation. The exclusive jurisdiction for disputes lies with the courts of Milan, Italy, unless mandatory consumer protection laws provide otherwise.

Contact and notices

  • Privacy, cookie and legal enquiries: info@thembi.ai.
  • Postal contact: Thembi S.r.l., Corso Ventidue Marzo 12, 20135 Milano.