Privacy Policy

1. Data Controller

The data controller is:

TANDOORIA Spółka z ograniczoną odpowiedzialnością NIP: 6772520369 KRS: 0001148378 REGON: 54061609400000 Address: ul. Wielicka 42 lok. B3, 30-552 Kraków, Poland

(hereinafter referred to as the "Company" or "Controller").

For inquiries regarding personal data protection, you can contact us at:[email protected]

---

2. Legal Basis for Processing Personal Data

The Company processes personal data in accordance with the requirements of European Union legislation, in particular the General Data Protection Regulation (GDPR).

The legal bases for processing are:

• Article 6(1)(b) GDPR — performance of a contract or actions prior to entering into a contract

• Article 6(1)(c) GDPR — compliance with legal obligations (including accounting and tax obligations)

• Article 6(1)(f) GDPR — legitimate interest of the Controller (ensuring security, improving service)

• Article 6(1)(a) GDPR — user consent (for example, for marketing communications)

---

3. What Personal Data We Collect

3.1. Account Data

• name or nickname

• email address

• password (in encrypted form)

3.2. Billing Data

When subscribing or requesting an invoice, the following may be collected:

• first and last name or company name

• address

• country and postal code

• email

• phone number

• tax identification number (if applicable)

This data is processed for the purpose of fulfilling the contract and complying with legal obligations under Polish tax law.

3.3. Payment Data

Payments are processed through the payment provider Stripe. The Company does not store full credit card details. Stripe processes payment data in accordance with its own privacy policy and acts as a separate processor or data controller.

3.4. Interaction Data

• chat messages

• incident analyses, and queries to the AI assistant

• technical logs and service usage history

3.5. Technical Data

• IP address

• device type

• browser and operating system

• cookies

---

4. Purpose of Processing Personal Data

Personal data is processed for the purpose of:

• providing access to service functionality

• processing payments and invoicing

• ensuring platform security

• improving service quality

• fulfilling legal obligations

• sending marketing communications (with consent)

---

5. Transfer of Personal Data to Third Parties

The Company may transfer personal data to:

• payment providers

• hosting providers

• analytics service providers

• legal and accounting consultants

The transfer is based on data processing agreements (DPA) or other legal grounds.

---

6. Transfer of Data Outside the European Union

If personal data is transferred outside the EU, the Company applies appropriate safeguards in accordance with GDPR, including:

• standard contractual clauses (SCC)

• other mechanisms provided for by EU legislation

---

7. Data Retention Period

Personal data is retained:

• for the duration of the account existence

• for the time necessary to fulfill accounting and tax obligations

• until consent is withdrawn (in the case of marketing communications)

---

8. User Rights

The user has the right to:

• access their personal data

• request correction of their data

• request deletion (“right to be forgotten” — to request deletion of your personal data, please contact our support team at [email protected] or use the delete option in your account settings)

• request restriction of processing

• obtain data in a structured format (right to data portability)

• file a complaint with the Polish supervisory authority — Urząd Ochrony Danych Osobowych (UODO)

---

9. Data Security

The Company implements appropriate technical and organizational measures to protect personal data, including:

• encryption of data transmission

• access restrictions

• access control to information systems

However, no system can guarantee absolute security.

---

10. Data Processing Using Artificial Intelligence

User messages and other interactions may be processed by artificial intelligence algorithms to provide service functionality. Detailed conditions are specified in the "AI Data Processing" document.

---

11. Use of Cookies

The use of cookies is governed by a separate "Cookie Policy".