Summary: RiskAIX collects only what is necessary to provide the service. We do not sell your data. We do not share it with advertisers. You can request deletion at any time by emailing [email protected].
1. Who We Are
Diamond Properties Investments SRL, registered in Romania (CUI 50535310), operates the RiskAIX platform at riskaix.com — an AI-powered property risk intelligence service covering Romania, Greece, Bulgaria, Cyprus and other countries.
For all privacy matters, contact: [email protected]
2. Data We Collect
2.1 Data you provide directly
- Email address — when you sign up, subscribe, or contact us
- Payment information — processed by LemonSqueezy (we never see or store card numbers)
- Property addresses — entered when you perform a risk check
2.2 Data collected automatically
- IP address — used for rate limiting (max 2 free checks/day) and fraud prevention; stored in Cloudflare KV for 24 hours, then deleted automatically
- Usage logs — Cloudflare Workers analytics (anonymous, aggregated)
- Cached geocode results — address → coordinates mapping stored for 30 days to improve performance
2.3 Data we do NOT collect
- We do not use tracking cookies or advertising pixels
- We do not build behavioral profiles
- We do not collect biometric data
- We do not access your device contacts, camera, or microphone
3. How We Use Your Data
- Property addresses — queried against government registries (AMCCRS, ANCPI, USGS, etc.) to generate risk reports. Not stored permanently after the check completes.
- Email address — to deliver your account, reports, and service communications. We do not send marketing emails without your explicit consent.
- IP address — rate limiting only. Automatically deleted after 24 hours.
- Payment data — processed entirely by LemonSqueezy. We receive only subscription status and tier information.
4. Legal Basis (GDPR)
We process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)) — to provide the service you subscribed to
- Legitimate interests (Art. 6(1)(f)) — fraud prevention, rate limiting, security
- Consent (Art. 6(1)(a)) — for any marketing communications (opt-in only)
5. Data Sharing
We share data only where strictly necessary:
We do not sell, rent, or share your personal data with third parties for marketing purposes.
6. Data Retention
- IP-based rate limit data — 24 hours (automatic KV expiration)
- Geocode cache — 30 days (address → coordinates, no personal data)
- Solar cache — no personal data, location-based only
- Account data (email, subscription) — retained while your account is active + 90 days after deletion request
- Property watch list — deleted immediately when you remove a watch or close your account
7. Your Rights (GDPR)
As an EU/EEA resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — at any time for consent-based processing
To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
8. Cookies
RiskAIX does not use tracking or advertising cookies. We use only:
- Cloudflare security cookies — strictly necessary for DDoS protection and bot detection (no consent required)
- Session preferences — language selection stored in browser localStorage (no server transmission)
9. Security
We implement industry-standard security measures:
- HTTPS enforced on all connections (HSTS)
- Payment processing via PCI-compliant LemonSqueezy (we never handle card data)
- Webhook signatures validated with HMAC-SHA256
- Rate limiting prevents data scraping
- Cloudflare DDoS and bot protection
10. International Transfers
Your data may be processed in the United States (Cloudflare, Anthropic, LemonSqueezy). These transfers are covered by Standard Contractual Clauses (SCCs) or adequacy decisions under GDPR.
11. Children's Privacy
RiskAIX is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact [email protected].
12. Changes to This Policy
We may update this policy as our service evolves. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last updated" date at the top indicates the current version.