Privacy Policy
Last updated: 9 February 2026
Retora ("we", "us", "our") provides an AI-powered message testing and analysis platform for professionals. This Privacy Policy explains how we collect, use, store, and protect personal data when you use Retora.
We process personal data in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR)
- Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information
- other applicable EU and national data protection laws
1. Data controller
The data controller is:
SpeakerHub Ltd.Rumbach Sebestyén utca 12
1075 Budapest
Hungary
Registered in Hungary
Email: admin@retora.ai
2. Scope of this policy
This policy applies to:
- registered users of the Retora platform
- visitors to Retora's website where accounts are created or managed
- B2B users acting on behalf of an organisation
Retora is not available without an account. Anonymous use is not supported.
3. Categories of personal data processed
3.1 Account and usage data
- name, email address, organisation
- login credentials and authentication data
- subscription tier and billing status
- usage logs, timestamps, and feature interactions
3.2 User-submitted content
- text inputs, prompts, and messages
- uploaded documents, such as PDFs or position papers
- follow-up questions and persona interactions
3.3 Personal data included in content
At launch, Retora is not designed to require personal data about real individuals.
However, users may choose to include personal data in their inputs.
Future features may allow:
- structured input about real persons, such as public profiles or professional roles
- persona creation based on user-supplied attributes
Users are responsible for ensuring they have a lawful basis to provide such data.
Retora does not require the submission of special category data under GDPR Article 9.
4. Purposes and legal bases of processing
We process personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| account creation and access | contract (GDPR Art. 6(1)(b)) |
| platform operation and feature delivery | contract |
| storage of conversations and uploads | contract |
| security, abuse prevention, and system integrity | legitimate interest (Art. 6(1)(f)) |
| legal compliance and dispute handling | legal obligation (Art. 6(1)(c)) |
| B2B or public-sector arrangements | contract or public task |
Retora does not rely on consent as its primary legal basis for core processing.
5. AI processing and training
- User content is processed by AI systems to provide feedback and analysis.
- By default, user content is not used to train or improve AI models beyond what is necessary to deliver the service.
- Users cannot request model training or fine-tuning on their data through the standard platform.
Exceptions may apply:
- under bilateral B2B agreements
- under specific contracts with public administrations
- where explicitly agreed in writing
Where applicable, users may opt out of secondary processing permitted by law.
6. Data storage and retention
6.1 Standard retention
- user content and interactions are stored for 12 months
- users may delete content at any time
6.2 Deletion process
- when a user deletes content, it is marked for deletion
- data may be retained for up to 30 days for security, legal, or system integrity reasons
- after this period, data is permanently deleted unless legally required otherwise
6.3 Paid and B2B users
- extended retention may apply, typically up to 12 months or longer, depending on the contract
- custom retention schedules may be agreed in writing
7. Data sharing and processors
We do not sell personal data.
We may share data with:
- cloud infrastructure providers
- analytics and security service providers
- professional advisors where legally required
All processors act under data processing agreements compliant with GDPR Article 28.
8. International data transfers
- Retora uses Google Cloud infrastructure.
- We make reasonable efforts to store data on EU-based servers.
- Where data is transferred outside the EU or EEA, we rely on:
- adequacy decisions, or
- standard contractual clauses approved by the European Commission
9. User rights
Users have the right to:
- access their personal data
- correct inaccurate data
- request deletion
- restrict or object to processing where applicable
- data portability where technically feasible
Requests can be sent to: admin@retora.ai
Users may also lodge a complaint with:
- the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), or
- their local EU supervisory authority
10. Security measures
We apply appropriate technical and organisational measures, including:
- access controls and authentication
- encrypted data transmission
- role-based internal access
- monitoring and logging
No system is fully risk-free, but we take reasonable steps to protect data against unauthorised access, loss, or misuse.
11. Children
Retora is intended for professional users.
It is not directed at children under 16, and we do not knowingly process their data.
12. Changes to this policy
We may update this Privacy Policy to reflect:
- legal changes
- new features
- infrastructure changes
Material changes will be communicated through the platform or by email.