← Back

Privacy Policy

Last updated: 19 June 2026

1. Controller

The data controller is Dominik Ficek, Czech Republic (dominik.ficek@email.cz).

2. Data we collect

  • Account data — name and e-mail address you provide on sign-up, stored in our database to authenticate you.
  • Session data — short-lived session tokens stored in cookies to keep you signed in.
  • Purchase status — whether you have completed a purchase, received from our payment processor (Paddle) via webhook. No card details are stored by us.
  • Usage & technical data — anonymous aggregated page-view counts collected by Cloudflare Web Analytics (cookieless, no cross-site tracking, no personal data stored).

3. Legal basis (GDPR)

  • Account and session data: performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the service.
  • Purchase status: performance of a contract — necessary to grant licensed access to the desktop application.
  • Anonymous analytics: legitimate interests (Art. 6(1)(f) GDPR) — understanding overall traffic; no individual is identified.

4. Data processors and third parties

  • Cloudflare, Inc. — hosting (Cloudflare Workers), database proxy (Hyperdrive), and cookieless analytics. Data may be processed in the US; Cloudflare participates in the EU–US Data Privacy Framework.
  • Neon, Inc. — managed PostgreSQL database where account data is stored (hosted in AWS us-east-1).
  • Resend, Inc. — transactional e-mail delivery (verification and password-reset e-mails only).
  • Paddle.com Market Limited — Merchant of Record for payments. Paddle collects and processes payment and billing data under their own privacy policy; we receive only a purchase-status signal.

We do not sell personal data to third parties and do not share it for advertising purposes.

5. Data retention

Account data is retained for as long as your account is active. You may request deletion at any time (see §6). After deletion, data is removed from live systems within 30 days; backups are purged on their normal rotation schedule.

6. Your rights

Under GDPR you have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Lodge a complaint with a supervisory authority — in the Czech Republic that is the Úřad pro ochranu osobních údajů (ÚOOÚ), www.uoou.cz.

To exercise any of these rights, e-mail dominik.ficek@email.cz. We will respond within 30 days.

7. Cookies

We use only strictly necessary session cookies set by our authentication system. These cookies do not track you across other websites and are deleted when your session expires or you sign out. No consent banner is required for strictly necessary cookies under the ePrivacy Directive.

8. Changes to this policy

If we make material changes, we will update the date at the top of this page. Continued use of the service after a change constitutes acceptance.

9. Contact

dominik.ficek@email.cz