Last updated on June 30, 2026
Privacy Policy
Welcome to Macaly.
1. INTRODUCTION
1.1 Who we are.We are LANGTAIL.COM s.r.o., ID No. 198 68 987, with its registered seat at Záhřebská 562/41, Vinohrady, 120 00 Prague 2, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 393016 ("we", "us" or "our"). We operate the website available at macaly.com (the "Platform") and provide the related services, applications, software, features, AI-powered tools and integrations accessible through the Platform (collectively, the "Services").
1.2 What we do. Macaly provides an AI-powered coding and website/application development platform that enables users to create, manage, modify and deploy code, websites, applications and related content. The Services may include generative AI functionality, AI agents, automated workflows, AI-generated content and integrations with third-party services selected or authorised by users.
1.3 Purpose of this Privacy Policy.This Privacy Policy ("Privacy Policy") explains how we collect, use, disclose, store and otherwise process personal data relating to users of the Platform and the Services ("you"). It is intended to provide you with clear information about how we process your personal data when you use our Services. This Privacy Policy should be read together with our Terms of Service, Data Processing Agreement (where applicable), the cookie information available through our Cookie Preferences centre, and, where applicable, our AI Transparency Notice or other documentation made available by us. Unless otherwise defined in this Privacy Policy, capitalised terms used in this Privacy Policy have the meanings given to them in the Terms of Service.
1.4 When this Privacy Policy applies. This Privacy Policy applies to personal data processed by us when:
- you visit the Platform;
- you create or use a Macaly account;
- you use the Services, including AI-powered features;
- you connect or use third-party integrations through the Services;
- you communicate with us or request support;
- you subscribe to marketing communications; or
- you otherwise interact with us.
1.5 Scope of this Privacy Policy. This Privacy Policy applies only to the processing of personal data carried out by us. It does not apply to the processing of personal data carried out by third-party services, platforms or integrations that you choose to connect to or use through the Services. Such third-party providers process personal data in accordance with their own privacy policies and terms, and we encourage you to review those documents before using their services.
1.6 Children's Privacy. Our Services are intended for individuals who are at least 18 years of age. We do not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not use the Services or provide us with any personal data. If we become aware that we have collected personal data from a person under the age of 18 without the required parental or legal guardian consent (where such consent is required under applicable law), we will take reasonable steps to delete such personal data without undue delay.
1.7 Regulation.We process your personal data in accordance with the applicable laws, in particular, the Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").
2. WHO PROCESSES YOUR DATA
2.1 Data controller. The controller of your personal data is:
LANGTAIL.COM s.r.o.
ID No. 198 68 987,
registered office: Záhřebská 562/41, Vinohrady, 120 00 Prague 2, Czech Republic,
registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 393016
2.2 Contact details: If you have any questions regarding this Privacy Policy, our privacy practices, the processing of your personal data, or if you wish to exercise any of your rights under applicable data protection laws, you may contact us at:
E-mail: privacy@macaly.com or support@macaly.com
We will respond to your request without undue delay and, where required by applicable law, within the time limits prescribed by the GDPR or other applicable data protection laws.
3. CATEGORIES OF PERSONAL DATA WE PROCESS
Depending on how you use the Services, we may collect and process the following categories of personal data:
3.1 Account Information. Personal data you provide when creating, managing or using your account, including:
- first and last name;
- email address;
- username;
- account credentials and authentication information;
- profile information; and
- any other information you voluntarily provide when creating or managing your account.
3.2. Billing and Transaction Information. Information necessary to provide paid Services, including:
- billing address;
- payment-related information;
- subscription details;
- invoices; and
- transaction history.
Please note: Payment card details are processed directly by our third-party payment service providers and are not stored or processed by us.
3.3. AI Interaction Data. Information generated when you use AI-powered features of the Services, including:
- prompts and instructions submitted to the Services;
- AI-generated responses and outputs;
- Generated Content;
- feedback relating to AI-generated outputs; and
- information necessary to provide, secure and maintain AI-powered functionality.
3.4. Customer Data. When you use the Services, you or your Authorised Users may upload, submit, generate or otherwise make available Customer Data through the Platform.
Customer Data may include commercial, business, technical or proprietary information, including files, documents, source code, repositories, websites, applications, databases, configurations and other content processed through the Services. Customer Data may also include personal data where such personal data is contained within the information submitted to the Services.
Customer Data may be provided directly by you or your Authorised Users, or indirectly through Connected Third-Party Services or other integrations authorised by you. We process such Customer Data solely in accordance with your instructions, our Terms of Service, our Data Processing Agreement (where applicable) and this Privacy Policy.
3.5. Connected Third-Party Service Data. Where you connect one or more Connected Third-Party Services to the Platform, we may process personal data obtained from those services to the extent authorised by you.
Depending on the Connected Third-Party Service and the permissions granted by you, this may include personal data obtained from productivity tools, communication platforms, developer tools, CRM systems, cloud storage providers, payment service providers and other third-party applications.
The categories of personal data processed depend on the Connected Third-Party Service, the permissions granted by you and the functionality you choose to use.
3.6. Technical, Usage and Device Information. We automatically collect certain technical information relating to your use of the Services, including:
- IP address;
- browser type and version;
- operating system;
- device identifiers;
- log files;
- timestamps;
- pages visited;
- interactions with the Services;
- performance and diagnostic information; and
- similar usage and telemetry data.
3.7. Support Communications. Information you provide when communicating with us, including:
- support requests;
- correspondence;
- feedback;
- bug reports;
- attachments; and
- any other information you voluntarily provide to us.
3.8. Security Information. Information processed for fraud prevention, security monitoring and compliance purposes, including:
- authentication logs;
- security events;
- audit logs;
- access history;
- API usage logs; and
- information relating to security incidents.
4. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
4.1 Overview. We process personal data only where we have a valid legal basis under applicable data protection laws and only for the purposes described below. Where we process any personal data on behalf of our Customers as a processor, the legal basis for such processing is determined by the relevant Customer acting as controller.
| Purpose of processing | Categories of personal data | Legal basis |
|---|---|---|
| Provision and operation of the Services | Account Information, Customer Data, AI Interaction Data, Connected Third-Party Service Data, Technical, Usage and Device Information | Performance of a contract |
| Account registration and administration | Account Information | Performance of a contract |
| AI-powered functionality | AI Interaction Data, Customer Data, Connected Third-Party Service Data | Performance of a contract |
| Subscription management and payment processing | Account Information, Billing and Transaction Information | Performance of a contract and compliance with legal obligations |
| Customer support, troubleshooting and debugging | Account Information, Support Communications, AI Interaction Data, Customer Data, Technical, Usage and Device Information | Performance of a contract and our legitimate interests in providing customer support and maintaining the reliability of the Services |
| Security, fraud prevention and protection of the Services | Security Information, Technical, Usage and Device Information, Account Information | Our legitimate interests and, where applicable, compliance with legal obligations |
| Compliance with legal obligations | Any category of personal data where necessary | Compliance with legal obligations |
| Marketing communications | Account Information and contact details | Your consent where required by applicable law, or our legitimate interests where permitted by applicable law |
4.2 Current use of information submitted to the Services. We currently process prompts, instructions, Generated Content, Customer Data and other information submitted to the Services solely for the purpose of providing, operating, maintaining, securing and supporting the Services, including generating applications, storing projects, troubleshooting, debugging and resolving operational issues. We do not currently use such information to train AI models or to improve our AI-powered functionality using such information.
4.3 Potential future product improvement. Our Terms of Service provide that, in certain circumstances relating to free subscription plans, we may have contractual rights to use certain Generated Content and Customer Data for the purpose of improving the Services. As of the effective date of this Privacy Policy, we do not carry out such processing. If our processing activities change in the future, we will implement appropriate safeguards designed to minimise the use of identifiable personal data, comply with applicable data protection laws, update this Privacy Policy and, where required, obtain any necessary consents or rely on another appropriate legal basis before commencing such processing.
5. AI-POWERED FUNCTIONALITY
5.1 AI-powered features. The Services include AI-powered functionality that enables users to generate, modify, analyse and manage code, websites, applications and other content using artificial intelligence. Where applicable, AI-generated outputs may include technical information intended to support identification of AI-generated content in accordance with applicable law.
5.2 Personal data processed by AI. When you use AI-powered features, we may process personal data contained in your prompts, instructions, Customer Data and other information submitted to the Services, as well as personal data contained in AI-generated responses and Generated Content.
5.3 Purpose of processing. We process such information for the purpose of providing, operating, maintaining, securing and supporting the AI-powered functionality made available through the Services, in accordance with this Privacy Policy, our Terms of Service and, where applicable, our Data Processing Agreement.
5.4 Use of AI service providers. Where necessary to provide the Services, including AI-powered features and AI-assisted customer support, prompts, instructions, Customer Data, support communications and other information submitted to the Services may be processed by carefully selected third-party AI model and service providers and other technology providers engaged by us, subject to appropriate contractual, technical and organisational safeguards.
5.5 Customer responsibilities. You are responsible for ensuring that you have all necessary rights, permissions and legal bases to submit personal data, Customer Data and other information to the Services and to authorise the processing of such information through AI-powered functionality.
5.6 Sensitive personal data. We recommend that you do not submit special categories of personal data (sensitive personal data) or other highly confidential information to the AI-powered functionality unless such processing is necessary for your intended use of the Services and you have implemented appropriate safeguards.
5.7 AI interactions with Connected Third-Party Services. Where you authorise AI-powered functionality to interact with Connected Third-Party Services, such functionality may access, retrieve, create, modify, delete or otherwise process information within those Connected Third-Party Services in accordance with the permissions granted by you. The scope of such processing depends on the integrations you enable, the permissions you grant and the functionality you choose to use.
5.8 Further information. For more information about the AI-powered functionality available through the Services, please refer to our Terms of Service and, where applicable, our AI Transparency Notice.
6. HOW WE SHARE YOUR PERSONAL DATA
6.1 General principle. We do not sell your personal data. We only share your personal data where it is necessary to provide the Services, comply with our legal obligations, protect our legitimate interests or where you have instructed or authorised us to do so.
6.2 Within Macaly. Your personal data may be accessed by our employees, contractors and authorised personnel who require such access to perform their duties and provide the Services. All such persons are subject to appropriate confidentiality obligations.
6.3 Service providers and subprocessors. We may share your personal data with carefully selected third-party service providers who assist us in providing, operating, maintaining and securing the Services, including cloud hosting providers, AI service providers, payment service providers, customer support providers, analytics providers, communication providers and other technology providers.
Where such providers process personal data on our behalf, they do so pursuant to appropriate contractual arrangements and applicable data protection laws.
A current list of our subprocessors is available in our Data Processing Agreement or otherwise made available through our website.
6.4 Connected Third-Party Services. Where you choose to connect Connected Third-Party Services to the Platform, personal data may be exchanged between the Services and such Connected Third-Party Services in accordance with your instructions, the permissions granted by you and the functionality you choose to use. We do not control how such Connected Third-Party Services process personal data once it has been transmitted to them.
6.5 Corporate transactions. We may disclose or transfer personal data in connection with an actual or proposed merger, acquisition, financing, reorganisation, sale of assets or other corporate transaction. Where required by applicable law, we will notify you of such transfer.
6.6 Legal compliance and protection of rights. We may disclose personal data where we believe, in good faith, that such disclosure is necessary to:
- comply with applicable laws, regulations, court orders or requests from public authorities;
- establish, exercise or defend legal claims;
- protect our rights, property or security, or those of our customers, users or third parties;
- investigate, prevent or address fraud, security incidents or technical issues; or
- enforce our Terms of Service or other legal agreements.
6.7 Your instructions. We may also share personal data where you instruct or authorise us to do so through your use of the Services, including through Connected Third-Party Services, AI-powered functionality or other features made available by the Platform.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
7.1 Transfers outside the EEA. As part of providing the Services, your personal data may be transferred to, accessed from or processed in the United States, the United Kingdom or Switzerland by our carefully selected subprocessors, AI providers and other technology providers where this is necessary to provide the Services.
7.2 Transfer safeguards.Where personal data is transferred from the EEA to the United States, the United Kingdom or Switzerland we implement appropriate safeguards in accordance with applicable data protection laws. Depending on the relevant recipient and the applicable legal framework, these safeguards may include, in particular, the European Commission's Standard Contractual Clauses ("SCCs"), the EU-U.S. Data Privacy Framework ("DPF"), where applicable, or other lawful transfer mechanisms.
7.3 Our service providers. We carefully select our subprocessors, AI providers and other technology providers and require them to implement appropriate technical, organisational and contractual measures designed to protect personal data and comply with applicable data protection laws.
7.4 Further information. Information about our subprocessors and the applicable international transfer safeguards is available in our Data Processing Agreement or may be obtained by contacting us using the contact details set out in this Privacy Policy.
8. HOW LONG WE RETAIN YOUR PERSONAL DATA
8.1 General principle. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, enforce our legal rights and agreements, or as otherwise required or permitted by applicable law.
8.2 Retention periods. Depending on the category of personal data, we generally retain personal data as follows:
| Category of personal data | Retention period |
|---|---|
| Account Information | For the duration of your account and for as long as necessary following account deletion to comply with legal obligations, resolve disputes or enforce our legal rights. |
| Billing and Transaction Information | For the period required under applicable accounting and tax legislation (currently up to 10 years under Czech law). |
| AI Interaction Data | For as long as necessary to provide the AI-powered functionality and the Services, unless deleted earlier or retention is required by applicable law. |
| Customer Data | For the duration of the Services and thereafter in accordance with the applicable Terms of Service, the Data Processing Agreement, your instructions and applicable law. |
| Connected Third-Party Service Data | For as long as the relevant Connected Third-Party Service remains connected to the Platform or until you revoke the relevant permissions or request deletion, unless a longer retention period is required by applicable law. |
| Technical, Usage and Device Information | For as long as reasonably necessary for security, diagnostics, analytics and improvement of the Services. |
| Support Communications | For the duration necessary to resolve your request and for a reasonable period thereafter to establish, exercise or defend legal claims. |
| Security Information | For as long as reasonably necessary to detect, investigate and prevent fraud, security incidents or unauthorised access, or as otherwise required by applicable law. |
8.3 Deletion or anonymisation. Once the applicable retention period expires or the relevant processing purpose no longer exists, we will securely delete or anonymise your personal data, unless we are required or permitted to retain it under applicable law.
8.4 Customer Data processed on behalf of Customers. Where we process Customer Data on behalf of a Customer as a processor, we retain and delete such Customer Data in accordance with the Customer's instructions, our Data Processing Agreement, the Terms of Service and applicable law.
9. WHEN WE ACT AS A CONTROLLER AND WHEN WE ACT AS A PROCESSOR
9.1 When we act as a Controller. We act as the controller of personal data where we determine the purposes and means of processing personal data for our own business purposes. This includes, for example, processing personal data relating to:
- visitors of the Platform;
- account registration and administration;
- billing and payment administration;
- customer support;
- security and fraud prevention;
- legal and regulatory compliance;
- marketing communications; and
- the operation, maintenance and improvement of the Services.
9.2 When we act as a Processor. Where you or your Authorised Users submit the Customer Data to the Services that contains personal data, we generally process such personal data on your behalf and in accordance with your instructions. In such cases, you act as the controller (or, where applicable, another processor) and we act as your processor or sub-processor, as applicable.
9.3 Customer responsibilities. You are responsible for ensuring that you have a valid legal basis to provide Customer Data and personal data to the Services, including personal data obtained through Connected Third-Party Services. You are also responsible for providing any notices and obtaining any consents required under applicable data protection laws.
9.4 Our Data Processing Agreement.Where we process personal data on behalf of our Customers as a processor, such processing is governed by our Data Processing Agreement, which forms part of our contractual framework and sets out the parties' respective rights and obligations regarding the processing of personal data.
10. AUTOMATED DECISION-MAKING
10.1 No solely automated decision-making. While the Services use artificial intelligence to generate, analyse and modify content, Macaly does not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR.
10.2 Customer control. The AI-powered functionality provided through the Services is intended to assist Customers and their Authorised Users. Customers remain responsible for reviewing, verifying and deciding whether and how to use AI-generated outputs, Generated Content and actions performed through the Services. Customers retain control over the use of the Services, including any Connected Third-Party Services and AI-powered workflows they choose to enable.
10.3 Customer responsibility. Where Customers use the Services to support their own decision-making processes or business operations, they remain solely responsible for any decisions made based on the outputs generated by the Services and for ensuring compliance with applicable legal and regulatory requirements.
11. YOUR PRIVACY RIGHTS
11.1 Your rights. Subject to applicable data protection laws, you may have the following rights regarding your personal data:
- Right of access. You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to request access to such personal data and related information.
- Right to rectification. You have the right to request that inaccurate or incomplete personal data be corrected or updated.
- Right to erasure. You have the right to request the deletion of your personal data in certain circumstances, for example where the personal data is no longer necessary for the purposes for which it was collected or where you validly object to the processing.
- Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in the circumstances prescribed by applicable data protection laws.
- Right to data portability. Where applicable, you have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and to request that it be transmitted to another controller where technically feasible.
- Right to object. You have the right to object to the processing of your personal data where such processing is based on our legitimate interests or is carried out for direct marketing purposes.
- Right to withdraw consent. Where we rely on your consent as the legal basis for processing, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
- Right not to be subject to automated individual decision-making. Subject to the conditions set out in applicable data protection laws, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to lodge a complaint. If you believe that we have processed your personal data in breach of applicable data protection laws, you have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, or with another competent supervisory authority in accordance with applicable law.
11.2 How to exercise your rights. You may exercise your rights at any time by contacting us using the contact details provided in this Privacy Policy. We may request additional information where necessary to verify your identity before responding to your request. We will respond to your request without undue delay and, where required by applicable law, within the time limits prescribed by applicable data protection laws.
12. SECURITY OF PERSONAL DATA
12.1 Our commitment to security. We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, taking into account the nature of the personal data processed, the risks involved and the state of the art.
12.2 Security measures. Depending on the nature of the processing, these measures may include:
- encryption of data in transit and, where appropriate, at rest;
- secure authentication and access controls;
- role-based access management based on the principle of least privilege;
- secure storage and management of API credentials, authentication tokens and credentials used to access Connected Third-Party Services;
- logging and monitoring of access to the Services and Connected Third-Party Services where applicable;
- regular security updates and vulnerability management;
- incident detection and response procedures; and
- contractual, technical and organisational safeguards when engaging third-party service providers.
12.3 Customer responsibilities. You are responsible for maintaining the confidentiality of your account credentials, ensuring that only your Authorised Users have access to the Services, and appropriately managing permissions granted to Connected Third-Party Services. You should regularly review connected accounts, permissions and integrations and promptly revoke access that is no longer required.
12.4 No method of transmission is completely secure. While we strive to protect your personal data using industry-standard security measures, no method of transmission over the Internet or electronic storage is completely secure. Accordingly, we cannot guarantee absolute security of your personal data.
12.5 Security incidents. In the event of a personal data breach, we will take appropriate measures in accordance with applicable data protection laws, including notifying the competent supervisory authority and affected individuals where required.
13. COOKIES AND SIMILAR TECHNOLOGIES
13.1 Use of cookies. We use cookies and similar technologies (such as pixels, local storage and similar technologies) to operate the Platform, provide the Services, improve functionality, analyse usage, remember your preferences and, where applicable, support our marketing activities.
13.2 Types of cookies. We use the following categories of cookies:
- Strictly Necessary Cookies, which are essential for the operation, security and functionality of the Platform. These cookies include cookies used for authentication, account management, payment processing and storing your cookie preferences. Because these cookies are necessary for the operation of the Platform, they cannot be disabled through our cookie preference centre.
- Performance and Analytics Cookies, which help us understand how visitors and Customers interact with the Platform, analyse usage, improve performance and develop new features.
- Advertising Cookies, which help us measure the effectiveness of advertising campaigns, personalise advertisements and limit the number of times the same advertisement is displayed.
13.3 Legal basis. Strictly Necessary Cookies are processed on the basis of our legitimate interest in ensuring the proper operation, security and functionality of the Platform. Performance and Analytics Cookies and Advertising Cookies are used only with your prior consent where required by applicable law.
13.4 Managing your cookie preferences. You can accept or reject non-essential cookies or customize your cookie preferences at any time through our cookie preference centre. You may also configure your browser settings to block or delete cookies. Please note that disabling certain cookies may affect the availability or functionality of certain features of the Platform.
13.5 Third-party cookies. Some cookies are placed by carefully selected third-party providers that support the operation, authentication, payment processing, analytics and marketing of the Platform. These providers process information in accordance with their own privacy policies.
13.6 Detailed cookie information. A detailed and up-to-date list of the cookies and similar technologies used on the Platform, including their names, providers, purposes, categories and retention periods, is available in our cookie preference centre, accessible at any time through the link on the Platform. The information available through the cookie preference centre forms an integral part of this Privacy Policy.
14. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
14.1 Applicability of this Section.This section applies solely to residents of the State of California, United States, to the extent the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the "CCPA"), applies to our processing of personal information.
14.2 Collection and use of personal information. The categories of personal information we collect, the purposes for which we collect and use such information, the categories of sources from which personal information is collected, and the categories of third parties with whom we share personal information are described throughout this Privacy Policy.
14.3 No sale or sharing of personal information. We do not sell your personal information for monetary consideration. We also do not share personal information for cross-context behavioural advertising as those terms are defined under the CCPA.
14.4 Your California privacy rights. Subject to applicable law, California residents may have the right to:
- know what personal information we collect, use and disclose;
- request access to their personal information;
- request deletion of their personal information;
- request correction of inaccurate personal information;
- obtain information about our data processing practices; and
- exercise these rights without unlawful discrimination.
14.5 Exercising your rights. California residents may exercise their privacy rights by contacting us using the contact details provided in this Privacy Policy. We may request additional information to verify your identity before processing your request.
15. FINAL PROVISIONS
15.1 Updates to this Privacy Policy. We may update or amend this Privacy Policy from time to time to reflect changes in our Services, applicable laws, regulatory guidance, our data processing practices or for other legitimate business reasons.
15.2 Notification of changes. Where required by applicable law, we will notify you of any material changes to this Privacy Policy by appropriate means, such as through the Platform, by email or by another appropriate communication channel. We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.
15.3 Effective date.The "Last updated" date at the beginning of this Privacy Policy indicates when this Privacy Policy was most recently revised.
15.4 Relationship with other documents. This Privacy Policy forms part of the legal framework governing your use of the Services and should be read together with our Terms of Service, Data Processing Agreement (where applicable), and any other policies or notices made available by us, including our AI Transparency Notice.