Account

Privacy Policy

Tartalomjegyzék

Effective: October 10, 2025
Issued by: Infinite AD Ltd.

Registered Office: 1026 Budapest, Pasaréti út 122–124., Hungary
Company Registration Number: 01-09-412791
Tax Number: HU32222632
Email: hello@infinite.tools
Website: https://infinite.tools

1. Purpose and Scope of this Policy

This Policy describes how Infinite AD Ltd. (hereinafter: “Data Controller” or “Company”) processes the personal data of natural persons during the use of the online services under the Infinite∞Tools brand — Infinite∞Ad, Infinite∞Creator, and Infinite∞Buzz.

The purpose of this Policy is to provide transparency on:

  • what data we collect,
  • for what purpose and legal basis we process it,
  • the rights of data subjects, and
  • how we ensure data security.

 

This Policy applies to all data processing activities conducted by the Data Controller on the https://infinite.tools website and its subdomains.

2. Data Controller's Details

Name: Infinite AD Ltd.
Registered Office: 1026 Budapest, Pasaréti út 122–124., Hungary
Email: hello@infinite.tools
Website: https://infinite.tools
Data Protection Officer: David Lencses

3. Definitions of Terms

The terms used in this Policy correspond to the definitions used in the GDPR.

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data (e.g., collection, storage, erasure).
  • Data Processor: A person or organization acting on behalf of the Data Controller.
  • Data Subject: The natural person whose personal data is being processed.
  • GDPR: Regulation (EU) 2016/679.

4. Principles of Data Processing

The Data Controller processes data in accordance with the following principles:

  • Lawfulness and Transparency: All data processing is performed on a valid legal basis.
  • Purpose Limitation: Data is always used for specific, predetermined purposes.
  • Data Minimization: We only collect data that is necessary.
  • Accuracy: We strive to keep data up-to-date.
  • Storage Limitation: We only process data for as long as it is necessary.
  • Security: We implement all technical and organizational measures to ensure the protection of the data.

 

The Data Controller does not use profiling or automated decision-making without the explicit consent of the data subject.

5. Purposes and Legal Bases of Data Processing by Product

5.1. Infinite∞Ad An AI-based ad management system that enables the automatic creation, management, and optimization of Meta (Facebook, Instagram) advertisements.

  • Data Processed: Name, email address, company name, password, billing information, ad account identifiers (via Meta API).

  • Legal Basis: Performance of a contract (GDPR Art. 6(1)(b)), Legal obligation (for billing: GDPR Art. 6(1)(c)), Legitimate interest (for communication, account management: GDPR Art. 6(1)(f)).

  • Storage Period: For the duration of the contract, and thereafter for 8 years in the case of billing data.

5.2. Infinite∞Creator An AI-powered content generation service that creates text or visual content for social media use.

  • Data Processed: Name, email address, company name, password, metadata of generated content (e.g., date, language).

  • Legal Basis: Performance of a contract (GDPR Art. 6(1)(b)), Consent (for anonymized data used for AI training: GDPR Art. 6(1)(a)).

  • Storage Period: Until the user account is deleted, or until consent is withdrawn.

5.3. Infinite∞Buzz An AI-based comment moderation and community management system that recognizes, analyzes, and categorizes user comments.

  • Data Processed: Contact details provided by the user, Text of social media comments (temporarily stored during the moderation process), Analytical metadata (timestamp, language, platform).

  • Legal Basis: Legitimate interest (for moderation and feedback management), Performance of a contract, Consent (for anonymized data used for AI training).

  • Storage Period: Until the moderation process is complete, for a maximum of 90 days.

6. Contact and Customer Support Communication

Data subjects may contact the Data Controller via the contact form on the Website or by email at hello@infinite.tools.

  • Data Processed: Name, email address, the content of the message, timestamp.

  • Purpose: To respond to inquiries, handle requests for offers, and provide customer support.

  • Legal Basis: The Data Controller’s legitimate interest (GDPR Art. 6(1)(f)) — to respond to the data subject’s request and maintain contact.

  • Storage Period: 180 days from the resolution of the matter, or until the data subject objects.

7. Online Appointment Booking and Demo Requests

Data subjects have the opportunity to request an online consultation or a demo of the Infinite∞Tools services via the Website.

  • Data Processed: Name, email address, booked time slot, subject of interest.

  • Purpose: To register the appointment booking, send notifications, and organize the service demonstration.

  • Legal Basis: Taking steps at the request of the data subject prior to entering into a contract (GDPR Art. 6(1)(b)).

  • Storage Period: 180 days following the scheduled meeting.

8. Cookie and Analytics Data Management

The https://infinite.tools website uses cookies to ensure proper functionality, and for statistical and marketing purposes.

Cookie Types:

  • Necessary Cookies: Essential for the operation of the Website (Legal basis: Legitimate interest).

  • Statistical Cookies: Assist in the development of the site (Legal basis: Consent).

  • Marketing Cookies: Used to display relevant advertisements based on visitor behavior (Legal basis: Consent).

Data subjects may grant or withdraw their consent regarding the management of cookies via the cookie panel displayed on the Website. Cookies can also be deleted at any time through the browser’s settings.

9. Panaszkezelés és jogérvényesítés

Az Adatkezelő lehetőséget biztosít a szolgáltatással kapcsolatos panaszok benyújtására e-mailben.

Kezelt adatok:

  • név, e-mail cím, panasz szövege, a szolgáltatás típusa, időpont, válaszadás dokumentálása.

Jogalap:

Jogi kötelezettség teljesítése (fogyasztóvédelmi törvény, GDPR 6. cikk (1) c)).

Adatkezelési idő:

A panasz megválaszolásától számított 5 év.

10. Data Processors

Billingo Technologies Zrt.

  • Address: 1133 Budapest, Árbóc u. 6., Hungary
  • Purpose: Online invoicing
  • Data Processed: Billing name, address, tax number

 

Stripe Payments Europe Ltd.

  • Address: 1 Grand Canal Street, Dublin 2, Ireland
  • Purpose: Online payment processing
  • Data Processed: Name, billing data, transaction identifier

 

Google Ireland Ltd.

  • Address: Gordon House, Barrow Street, Dublin 4, Ireland
  • Purpose: Cloud hosting, analytics
  • Data Processed: IP address, browsing data

 

Meta Platforms Ireland Ltd.

  • Address: 4 Grand Canal Square, Dublin 2, Ireland
  • Purpose: API access for the Infinite Ad and Buzz systems
  • Data Processed: Meta account identifier, advertising and comment data

Data Processors shall act exclusively based on the instructions of the Data Controller.

11. Data Transfer and Third Countries

The Data Controller primarily processes and stores data within the territory of the European Union. If data processing occurs outside the EU (e.g., Stripe, Meta), the Data Controller only works with partners who provide GDPR-compliant safeguards, such as those based on Standard Contractual Clauses approved by the European Commission.

12. Rights of Data Subjects

Data subjects are entitled to the following rights concerning the processing of their personal data:

  • Right of Access – to request information about the data being processed.
  • Right to Rectification – to request the correction of inaccurate data.
  • Right to Erasure (‘Right to be Forgotten’) – to request the deletion of data if the purpose of processing has ceased.
  • Right to Restriction of Processing – to request the temporary suspension of data processing.
  • Right to Data Portability – to request the transfer of data to another data controller.
  • Right to Object – to object to data processing based on legitimate interest.
  • Right to Withdraw Consent – to withdraw consent at any time.

 

The Data Controller accepts such requests via email at hello@infinite.tools and will respond within a maximum of 30 days.

13. Data Security

The Data Controller ensures the protection of personal data through technical and organizational measures, including:

  • Encrypted data transmission (HTTPS, SSL);
  • Secure password storage;
  • Regular security backups;
  • Access restricted by authorization levels;
  • External and internal IT audits.

 

The Company’s employees sign confidentiality agreements and only access personal data to the extent necessary for data processing.

14. Handling of Personal Data Breaches

The Data Controller informs data subjects that, despite carefully implemented data security measures, a personal data breach affecting the confidentiality, integrity, or availability of personal data may still occur.

A personal data breach may include, for example:

  • unauthorized access to personal data,
  • loss or destruction of data,
  • accidental disclosure,
  • a malicious IT attack.

 

If such an event occurs, the Data Controller will:

  • report the breach within 72 hours to the National Authority for Data Protection and Freedom of Information (NAIH),
  • document the incident and the measures taken,
  • if the breach is likely to result in a high risk to the rights of data subjects, directly inform the data subjects as well.

 

Such high risk is considered particularly likely if the breach:

  • involves sensitive (special category) data,
  • results in unauthorized access to financial data, passwords, or identifiers,
  • may expose data subjects to identity theft, fraud, or reputational damage.

 

The Data Controller records all breaches in an internal register and strives to prevent future occurrences with the measures taken.

15. Legal Remedies

If the data subject believes that the data processing does not comply with legal requirements, they may turn to the following authority:

National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9–11., Hungary Mailing Address: 1363 Budapest, Pf. 9., Hungary Email: ugyfelszolgalat@naih.hu Web:https://www.naih.hu

Furthermore, the data subject may also turn to the court (specifically, the regional court, törvényszék) competent according to their place of residence or stay.

16. Final Provision

This Privacy Policy is effective as of October 10, 2025, and is valid until revoked or until a new version is published. The Data Controller reserves the right to modify this Policy and will duly inform data subjects of such changes on the Website.