Privacy Policy

Last update: October 7, 2025

Contractor	JSC AI Textura 404599136 Georgia, Tbilisi, Saburtalo District, Gamsakhurdia Avenue, No34, adjacent territory

Data Protection Officer (DPO): The Contractor appoints a Data Protection Officer to whom you can address questions regarding the processing of personal data and compliance with the GDPR and the law of Georgia. DPO contacts: _____ What is this Policy about? This Policy sets out how the Contractor processes your personal data and ensures their security and confidentiality. Resources – electronic resources, including social networks, services, platforms, messengers, the Contractor’s channels registered in its name, the website. From this Policy you will learn what personal data the Contractor receives and how it uses them. The Contractor processes your personal data in accordance with the requirements of the Law of Georgia “On Personal Data Protection” and other regulatory legal acts in the field of protection and processing of personal data, as well as international standards and acts. When processing personal data, the Contractor adheres to the principles of lawfulness, fairness, transparency, processing data without harming data dignity, purpose limitation, data minimization, authenticity and accuracy of data, storage limitation, and data security. The Contractor additionally adheres to the following principles of personal data processing: – storage limitation – data are stored no longer than necessary for the purposes of processing; – integrity and confidentiality – technical and organizational measures are taken to protect against unauthorized or unlawful access, destruction or alteration of data; – accountability – the Contractor maintains internal documentation confirming compliance with the requirements of the law and this Policy. What are personal data? Personal data are any information about a person (personal data subject) by which they can be identified. The Contractor processes only those personal data that are listed in the Policy and that characterize you as a user of the Resources. You may give consent to the processing of personal data when using the Resources, filling out feedback forms on the Resources and in other ways provided for by the Policy. Confidentiality commitment: The Contractor undertakes to:

keep your data intact and safe;
not use your data unlawfully;
provide you with complete information regarding the use and processing of your personal data.

On what basis does the Contractor process personal data? The Contractor processes personal data on the following legal grounds:

Consent of the personal data subject (subparagraph (a) of Article 5 of the Law of Georgia “On Personal Data Protection”) – applies to the processing of data provided when using the Resources, filling out feedback forms, subscribing to mailings, publishing reviews, using cookies and other similar cases.
Provision of services (subparagraph (z) of Article 5 of the Law of Georgia “On Personal Data Protection”) – applies to the processing of data necessary to provide services to the User.
Fulfillment of obligations imposed by the legislation of Georgia (subparagraph (v) of Article 5 of the Law of Georgia “On Personal Data Protection”) – applies to the processing of personal data necessary to comply with legal requirements, including tax accounting, financial reporting, compliance with orders of state authorities.
Protection of the Contractor’s legitimate interests (subparagraph (d) of Article 5 of the Law of Georgia “On Personal Data Protection”) – applies to the processing of data to ensure website security, prevent fraud, protect the Contractor’s rights in the event of disputes, as well as when transferring data to third parties to provide necessary services (for example, payment services).

What rights do you have? Along with the Contractor’s commitment to confidentiality, your privacy is ensured by the Law of Georgia “On Personal Data Protection”. According to this law, you can request information from us regarding the use of your personal data. You can obtain the following information:

what information is processed about you;
the purpose of processing your data;
the legal basis for data processing;
how the data were processed;
where these data are transferred;
whether the provision of data is mandatory or voluntary, and if mandatory – the legal consequences of refusal.

At any time when the Contractor has your personal data, you may exercise the following rights:

Right to information	You can request from the Contractor information about the processing of your personal data, including what data are processed, for what purpose, on what legal basis, how they are collected, to whom they are transferred and on what grounds
Right of access	You have the right to request a copy of the personal data that the Contractor has
Right to rectification, updating, supplementation	You can ask the Contractor to correct, update or supplement inaccurate or incomplete personal data
Right to blocking, deletion and destruction of personal data	You can request the deletion of data that the Contractor has about you if they are incomplete, inaccurate, outdated or collected in violation of the law, except where the Contractor is obliged by law to retain such data
Right to withdraw consent	You may withdraw your consent to data processing at any time
Right to lodge a complaint	If you believe that the Contractor processes your personal data in violation of legal requirements or otherwise violates your rights, you have the right to file a complaint with the Personal Data Protection Service or in court
Right to data portability	You have the right to receive your personal data in a structured, machine-readable format and transfer them to another operator
Right to restriction of processing	You have the right to request temporary restriction of data processing
Right to object	You may object at any time to the processing of your data for direct marketing purposes

Procedure for exercising data subject rights Data subject requests (DSR) may be sent in free form to privacy@aitextura.com or via the feedback form on the Site. The Contractor must provide a response within 1 month from the date of receipt of the request. This period may be extended by a further 2 months in the case of complexity or a large number of requests, of which the subject will be notified. If the Contractor does not fulfill the request, it must notify the subject of the reasons for refusal within 1 month. A data subject located in the EU has the right to lodge a complaint with the national supervisory authority for data protection (Supervisory Authority). How does the Contractor process personal data? The Contractor processes personal data both using digital technologies (using automatic and semi-automatic means) and manually (using non-automatic means). In doing so, the Contractor is limited to the following actions:

collection
recording
systematization
accumulation
storage
clarification (updating, changing)
extraction
use
transfer (provision, access)
blocking
deletion
destruction of personal data

For what purposes does the Contractor process your personal data?

Personal data subject	Purpose of processing	Data processed	Processing period	Destruction procedure
Website visitors, users of the Resources	Ensuring proper operation of the website, Resources, analytics, protection against attacks	IP address, location data, device and browser type, cookies	no more than 3 years after the last interaction	deletion from the Contractor’s database
Users who have consented to promotional mailings	Distribution of informational and promotional materials	Name, e-mail, phone number, messenger IDs (if provided)	no more than 3 years after the user’s last interaction or until consent is withdrawn	deletion from the Contractor’s database
Users who have submitted requests or messages	Contacting the user at their request	Name, e-mail, phone number, message content	up to 2 years from the date the inquiry is closed	deletion from the Contractor’s database
Users who have made a return/claim	Processing returns, legal reporting	Full name, e-mail, phone number, bank details	5 years (retention period for accounting and tax documents)	deletion from the Contractor’s database
Users wishing to receive services/using the Contractor’s services	Preparation, conclusion and performance of the contract (offer)	Full name, e-mail, phone number	5 years after completion of contractual obligations	deletion from the Contractor’s database
Users who have consented to the publication of reviews	Publication of reviews on the Contractor’s resources	Name, e-mail, phone number, messenger IDs (if provided), photo/video	until the purpose is achieved or consent to processing is withdrawn	deletion from the Contractor’s database

What are cookies? The Site uses cookies—small text files that are stored in the user’s browser when visiting the site. Cookies make it possible to recognize the user’s device, ensure the proper functioning of the site and improve the functionality of services. Which cookies do we use The Contractor may use the following categories of cookies and similar technologies:

Strictly necessary — ensure the basic operation of the Resources, security, routing, load balancing, authorization and login.
Functional — remember your choices and settings (for example, interface language, region), improving usability.
Analytics and performance — help analyze user behavior, collect statistics on the use of the Resources, identify errors and improve their performance.
Marketing and targeting — used to personalize advertising, measure its effectiveness and limit frequency of display.
Social plugins — provide integration with social networks and the ability to share content.

Legal basis for processing Functional cookies are processed on the basis of the Contractor’s legitimate interests (ensuring the technical availability of the site). Analytics and marketing cookies are processed on the basis of the personal data subject’s consent, expressed by placing the appropriate mark (checkbox) or continuing to use the site with the cookie banner activated. Consent management On your first visit to the site or when using the Resources, you will be offered a cookie management banner where you can:

accept all cookies;
reject all except necessary;
choose individual categories of cookies.

You can withdraw your consent at any time via the “Cookie settings” section, which is available at the bottom of the site or in the Platform interface. Cookie retention period Session cookies are valid only during the current browser session and are deleted after it is closed. Persistent cookies are stored on your device for a certain period (usually from 1 day to 13 months), unless otherwise required by law or their purpose. Similar technologies (localStorage, SDK, etc.) may be stored for comparable periods or until they are deleted by the user. Third-party cookies We may use third-party services (for example, analytics systems, payment providers, advertising networks) that set their own cookies. Such parties process data either on behalf of the Contractor or as independent operators under their own privacy policies. The list of third-party cookies used and their descriptions may be published in a separate cookie register on the site or in the consent banner. If cookies or data collected with their help are transferred to countries that do not provide a recognized level of data protection, the Contractor applies appropriate safeguards, including the conclusion of Standard Contractual Clauses or the use of Binding Corporate Rules. Managing cookies The user has the right to disable cookies in the browser settings. This may affect the correct display of certain elements of the site and limit access to the functionality of the personal account. Transfer of personal data to third parties The Operator may transfer personal data to third parties to the extent necessary to achieve the purposes specified in this Policy. Such transfer is carried out only in cases provided for by law or if it is necessary to provide services to the user. The Operator uses the services of third parties who process personal data on its behalf, on the basis of concluded confidentiality and data processing agreements. This is permissible if such parties:

provide adequate data protection,
do not use them for their own purposes,
act strictly within the scope of the assignment.

Such recipients may include:

payment solution providers — for accepting payments;
providers of CRM systems and platforms for email and push mailings;
hosting providers and persons providing technical support for the site;
persons ensuring the legal protection of the Operator or third parties in case of violation of their rights or threat of violation of their rights, including violation of laws or regulatory documents;
persons providing users with access to the Resources;

The Operator does not receive or store payment data (card number, CVV code, etc.). The transfer of such data is carried out directly to the relevant payment provider in compliance with PCI DSS and other standards. In the event of disputes, threats of violation of rights or legitimate interests of the Operator or third parties, personal data may be transferred to lawyers, representatives, judicial and law enforcement authorities – within the procedure established by law. The transfer of personal data is possible upon request and in cases explicitly provided for by the legislation of Georgia – for example, upon requests from tax authorities, the police, the court and other state authorities. Transfer of data outside Georgia and the EU Personal data may be transferred outside Georgia to countries that ensure an adequate level of data protection recognized by the legislation of the EU or Georgia. In the case of transferring data to countries that do not ensure an adequate level of protection, the Contractor applies measures provided for by international standards (for example, the conclusion of Standard Contractual Clauses, the use of Binding Corporate Rules). How does the Contractor ensure the security of personal data? The Contractor protects personal data that it stores from disclosure, complete or partial loss, as well as unauthorized access by third parties. To this end, the Contractor uses all necessary technical and organizational measures to ensure security and confidentiality, and constantly updates them taking into account the latest technical developments. If a personal data breach occurs, the Contractor:

analyzes the incident and assesses the risks to the personal data subject,
in the event of a personal data breach that may create a high risk to the rights and freedoms of subjects, notifies not only the supervisory authority within 72 hours, but also the data subjects without undue delay,
if necessary, notifies the personal data subject if the breach creates a significant risk of violating their rights.

What does the Contractor not verify? The Contractor cannot verify and therefore relies on you that you:

have reached the age of 14
have provided your own accurate personal data

How to contact the Contractor? For any questions regarding the processing of personal data, you can contact the Contractor at privacy@aitextura.com. When contacting, please indicate your name and contact details for feedback. The Contractor will respond to your request no later than 10 business days from the date of its receipt. Changes to the Policy The Contractor may update the terms of the Policy on the basis of the following:

Changes in legislation
Introduction of new technologies or methods of processing personal data
Changes in the structure or business processes of the Contractor
Introduction of new products or services that require updating approaches to data processing
Feedback from users or changes in the privacy policies of the Contractor’s partners

The Contractor will send notices of changes to the Policy if such changes are material, using available means.

Terms and policies

Legal agreements

Consents