Skip to content

Privacy policy

Last updated: 27 August 2025

Eloquent is a product of Savvy.codes B.V., a Dutch software company that focuses on secure, smart, and future-oriented digital solutions. This privacy policy explains how we handle your data when you use Eloquent.

At Eloquent, the security and privacy of your data are central. We have carefully designed our infrastructure and processes to meet the highest standards of information security, including the General Data Protection Regulation (GDPR) and the ISO/IEC 27001:2022 standard.

1. Who is responsible for processing your data?

Savvy.codes B.V.
The Netherlands

Email: [email protected]

Savvy.codes B.V. is the controller for the processing of personal data within Eloquent.

2. What data do we process?

When you use Eloquent, we may process the following data:

  • Account data: name, email address, and login details (if applicable).
  • Usage data: logs, settings, preferences, and interactions within Eloquent.
  • Input data: the questions, documents, and information you provide when using AI functionalities.
  • Technical data: IP address, browser type, device information, and usage statistics (anonymized where possible).

We do not process sensitive personal data unless you actively provide it within the application.

3. Purposes and legal bases

We process your personal data only when a legal basis applies. The main purposes are:

  • Service delivery: enabling you to use Eloquent.
  • Security: protecting accounts, systems, and data.
  • Maintenance & improvements: optimizing Eloquent and fixing technical issues.
  • Research & development: improving AI functionalities, only based on anonymized or aggregated data.

The applicable legal bases under the GDPR are:

  • Performance of a contract (Art. 6(1)(b)).
  • Compliance with legal obligations (Art. 6(1)(c)).
  • Legitimate interests, such as securing and improving our services (Art. 6(1)(f)).

4. Hosting and infrastructure

Eloquent is fully hosted on servers located in the Netherlands, managed by Savvy.codes B.V. This ensures that all data remains within the European Economic Area (EEA) and is processed in compliance with the GDPR.

5. ISO 27001 certification

Savvy.codes is ISO/IEC 27001:2022 certified. This means all processes related to Eloquent—from access control to data storage—are systematically and demonstrably secured.

6. Use of external AI models

To provide advanced AI functionalities, Eloquent integrates with external AI models via APIs. When you use these features, your input data may be temporarily processed by the respective provider.

  • OpenAI (ChatGPT): input may be stored for up to 30 days, unless a zero data retention agreement is in place.

  • Anthropic (Claude): input and output are retained for a maximum of 30 days, unless otherwise agreed.

  • Google (Gemini): retention can be set to 3, 18, or 36 months, or disabled. Even when disabled, conversations may be stored for up to 72 hours for safety and abuse prevention.

  • Mistral: data remains available as long as a Knowledge Connection is active. Once disabled, the associated data is scheduled for immediate deletion.

Where possible, we sign data processing agreements with these providers and configure settings to maximize user privacy.

7. Storage of user data

All user data and conversations within Eloquent are stored on the Dutch servers of Savvy.codes B.V. This ensures full control and secure processing in line with our ISO 27001 certification.

We do not retain data longer than necessary for the purposes described, unless legally required to do so.

8. Sharing of data with third parties

We only share personal data when strictly necessary, for example:

  • With IT suppliers and hosting partners who support our services.
  • With external AI providers (as described above), only when you use those functionalities.

In all cases, we establish processing agreements with third parties to safeguard your privacy.

9. Data security

We take appropriate technical and organizational measures to protect your data from misuse, loss, unauthorized access, or unlawful processing. Examples include:

  • Role-based access control.
  • Encrypted communications (TLS).
  • Regular vulnerability scans and updates.
  • Logging and monitoring.

10. Your rights

Under the GDPR, you have the following rights:

  • Right of access: to know what data we process about you.
  • Right to rectification: to correct inaccurate data.
  • Right to erasure: to request deletion of your data.
  • Right to restriction: to temporarily restrict processing.
  • Right to data portability: to receive your data in a structured format.
  • Right to object: to object to specific types of processing.

You can exercise these rights by contacting us at [email protected]. We will respond within 30 days.

11. Complaints

If you believe we are not handling your data correctly, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via www.autoriteitpersoonsgegevens.nl.

12. Changes to this policy

We may update this privacy policy from time to time. Updates will always be published on this page with a new effective date.

Contact

Do you have any questions or would you like to exercise your rights?

Please contact us at: [email protected]