Privacy Policy

The data controller responsible for your personal data is:

Em.Skoulikaris LLC is a Wyoming, USA limited liability company that operates the LogbookOS platform and all its Clusters (subdomains). For questions about this Privacy Policy or how we handle your data, contact us at privacy@logbookos.com.

2.1 We act as data controller when we process your account information, billing details, and usage metrics for the purpose of providing and improving the LogbookOS service. In this capacity, we determine the purposes and means of processing.

2.2 We act as data processor when we process Content that you upload, create, or generate on the Platform on your behalf. In this capacity, you are the data controller and we process your data solely based on your documented instructions and the terms of our Data Processing Agreement.

2.3 Data Processing Agreement. For B2B customers who require a formal DPA under GDPR Article 28, a DPA is available at logbookos.com/dpa. The DPA sets out the specific data processing instructions, security measures, and sub-processor obligations.

We collect and process the following categories of personal data:

3.1 Account & Identity Data

• Email address (required — used for authentication, account identification, and all platform communications; this is the single source of truth for your identity on the Platform)
• Display name or username (optional)

3.2 Business Profile Data (B2B customers)

If you use the Platform for business purposes and wish to receive invoices with reverse charge or VAT handling, you are required to provide accurate and complete business information. By submitting this data, you represent and warrant that it is truthful and current. This includes:

• Business name and legal entity type
• Business address
• EU VAT identification number
• Billing contact details

You are responsible for keeping this information up to date. Inaccurate business information may result in incorrect tax treatment, for which Em.Skoulikaris LLC bears no liability.

3.3 Billing & Transaction Data

• Usage Pack purchase history
• Invoice records and payment confirmations
• Payment method details (processed and stored by our payment processors — we do not store full card numbers)

3.4 Usage & Metering Data

• Project Unit allocation and consumption records
• Platform Access Time usage logs
• AI Compute consumption logs
• Feature usage patterns and session activity
• Usage Account status and pool balances

3.5 Technical & Device Data

• IP address
• Browser type and version
• Operating system
• Device identifiers
• Referring URLs and page interaction data
• Timestamps and time zone settings

3.6 Content Data (Processor Role)

• Documents, text, and files you upload to the Platform
• Content you create or generate using Platform tools
• Inputs submitted to AI-powered features (prompts, documents, queries)
• AI-generated outputs produced on your behalf

3.7 Communication Data

• Support requests and correspondence
• Feedback and survey responses

4.1 Service delivery

• Creating and managing your account
• Authenticating your identity via email verification
• Processing Usage Pack purchases and activating your Project Units
• Tracking your Project Unit allocation and consumption across both pools (Platform Access Time and AI Compute)
• Delivering AI-powered features and processing your Content

4.2 Billing & compliance

• Processing payments through our payment providers (Stripe and Lemon Squeezy)
• Generating and delivering invoices
• Validating EU VAT numbers via the VIES system (for B2B customers)
• Complying with tax, accounting, and regulatory obligations

4.3 Communication

• Sending transactional notifications (purchase confirmations, unit expiration alerts, service updates)
• Responding to support requests
• Sending service-related announcements (maintenance notices, policy changes, security alerts)

4.4 Platform improvement

• Analysing usage patterns to improve Platform features and performance
• Monitoring system health and diagnosing technical issues
• Conducting internal analytics (aggregated and anonymised where possible)

4.5 Security & fraud prevention

• Detecting and preventing fraudulent activity, abuse, or violations of the Acceptable Use Policy
• Maintaining platform security and integrity
• Enforcing our Terms of Service

Under GDPR Article 6(1), we rely on the following legal bases for processing your personal data:

5.2 Legitimate interest assessment. Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You may request details of our legitimate interest assessments by contacting us at privacy@logbookos.com.

6.1 How AI features process your data. When you use AI-powered features on the Platform, the content you submit (prompts, documents, and related inputs) is transmitted to our third-party AI providers via their respective APIs for processing. The AI provider generates an output which is returned to you through the Platform.

6.2 AI provider data commitments. We select AI providers that offer enterprise-grade API agreements under which:

• Customer inputs and outputs are not used to train the provider’s general-purpose models
• Data is processed solely to generate the requested output and is not retained beyond the provider’s processing window (typically up to 30 days for abuse monitoring purposes)
• Both OpenAI and Anthropic maintain SOC 2 Type II compliance for their API services

6.3 Current AI providers:

6.4 AI metering data. We record AI usage metrics — specifically the number of Project Units consumed per operation, the model used, and timestamps — for the purpose of tracking your AI Compute pool balance. These records do not contain the content of your prompts or outputs.

6.5 Your responsibility. You are responsible for ensuring that any personal data of third parties that you submit to AI-powered features is processed under a lawful basis in accordance with applicable data protection law. Do not submit sensitive personal data (GDPR Article 9 special categories) to AI features unless you have a specific legal basis and have assessed the risks.

6.6 Provider changes. We may add, remove, or replace AI providers to improve the service or manage costs. If we add a new AI provider that materially changes how your data is processed, we will update this section and the sub-processor list at least 14 days before the change takes effect and notify you via email or in-platform announcement.

7.1 LogbookOS operates multiple independent service environments (“Clusters”) accessible via subdomains (e.g., work.logbookos.com, edu.logbookos.com, diy.logbookos.gr). Each Cluster maintains its own independent database, authentication system, and usage ledger.

7.2 Complete data isolation. Your personal data and Content within one Cluster is fully isolated from other Clusters. Data is not shared, merged, copied, or accessible across Clusters. If you register for multiple Clusters, each registration is treated as a separate and independent account.

7.3 Shared elements. The only elements shared across Clusters are: the legal entity (Em.Skoulikaris LLC), the payment processing accounts (Stripe and Lemon Squeezy), the brand identity, and this Privacy Policy. No customer data, Content, or usage records are shared.

9.1 Em.Skoulikaris LLC is based in the United States. Our primary infrastructure providers (Render, Cloudflare) and key sub-processors (Stripe, Lemon Squeezy, OpenAI, Anthropic, Mercury) are also based in the United States. This means that your personal data is transferred to and processed in the United States.

9.2 Transfer safeguards. For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States, we rely on the following legal mechanisms as permitted under GDPR Chapter V:

• EU-U.S. Data Privacy Framework (DPF): Where a sub-processor is certified under the EU-U.S. Data Privacy Framework, we rely on that certification as providing adequate protection. As of the date of this Policy, Stripe, Cloudflare, OpenAI, and Anthropic participate in the DPF.
• Standard Contractual Clauses (SCCs): Where the DPF does not apply, we enter into the European Commission’s Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) with the relevant sub-processor as the legal basis for the transfer.

9.3 You may request a copy of the transfer safeguards we have in place by contacting privacy@logbookos.com.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

10.2 When data is no longer needed, it is securely deleted or anonymised. Anonymised data (from which you can no longer be identified) may be retained indefinitely for statistical and analytical purposes.

12.1 We use cookies and similar technologies to operate the Platform, maintain your session, and remember your preferences. Our use of cookies is governed by our Cookie Policy, which provides full details on the types of cookies we use, their purposes, and how you can manage your preferences.

12.2 Essential cookies. Some cookies are strictly necessary for the Platform to function (authentication, session management, security). These cannot be disabled without breaking core functionality.

12.3 Consent for non-essential cookies. Where we use analytics or other non-essential cookies, we obtain your consent before placing them via our cookie consent banner, in accordance with the ePrivacy Directive (2002/58/EC) and applicable national laws. You may manage your cookie preferences at any time through the cookie settings accessible on the Platform.

13.1 Account registration on the LogbookOS platform requires users to be at least 18 years old. We do not knowingly collect personal data directly from individuals under 18 through the registration process.

13.2 On the EDU Cluster, dependent members (such as students under 18) may participate through an account managed by an authorised adult (educator or parent/guardian). In such cases, the authorised adult is the account holder and data controller for any personal data of minors submitted to the Platform. The adult is responsible for obtaining any required parental or guardian consent.

13.3 If we become aware that we have inadvertently collected personal data from a child without valid authorisation, we will take steps to delete that data as soon as reasonably practicable. If you believe we may hold data about a child, please contact us at privacy@logbookos.com.

14.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or sub-processor arrangements. The “Last updated” date at the top of this page indicates when the latest revision was published.

14.2 Notification of material changes. For material changes that significantly affect how we process your personal data, we will provide at least 30 days’ notice before the changes take effect, via email to the billing address on file and/or a prominent notice on the Platform.

14.3 Your continued use of the Platform after the effective date of the updated Policy constitutes acceptance of the changes. If you do not agree, you may terminate your account in accordance with the Terms of Service.

15.1 Contact us. For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data:

15.2 EU representative. Although not legally required for B2B processing at our current scale, if we appoint an EU representative under GDPR Article 27, their details will be published here and on our Contact page.

15.3 Supervisory authority complaints. If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (GDPR Article 77).

For customers based in Greece, the relevant authority is the Hellenic Data Protection Authority (HDPA): www.dpa.gr | Kifissias 1-3, 115 23, Athens, Greece | Tel: +30 210 6475600