WebappskiWebappski

Website Privacy Policy

For webappski.com and AI Form Copilot Marketing Website

Last Updated: January 15, 2025

Website Owner: Fundacja Rozwoju Przedsiębiorczości „Twój StartUp" (operating the organized business part: Artur Kuzmenka) ul. Żurawia 6/12, office 766 00-503 Warsaw, Poland VAT ID (EU): PL5213641211 BDO: 000460502 Email: info@webappski.com

1. Introduction

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our marketing website at webappski.com or related subdomains (the "Website").

Scope: This Privacy Policy applies ONLY to our Website (webappski.com). It does NOT apply to:

  • End users of AI Form Copilot widget on third-party websites (see "Privacy Policy for End Users")
  • Business clients using AI Form Copilot services (see "Terms of Service" and "Data Processing Agreement")

2. Data We Collect

2.1 Information You Provide

When you interact with our Website, you may provide:

Contact Form / Demo Request:

  • Name
  • Email address
  • Company name
  • Website URL
  • Message or inquiry

Account Registration:

  • Name
  • Email address
  • Company name

Newsletter Subscription (not yet active):

  • Email address
  • Name (optional)

Support Inquiries:

  • Name, email, account details
  • Technical information about your issue
  • Screenshots or attachments (if you provide them)

2.2 Automatically Collected Information

When you visit our Website, we automatically collect:

Analytics Data (via Plausible Analytics):

  • Page URLs visited
  • Referrer (website you came from)
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Country (based on IP address, IP NOT stored by analytics)
  • NO cookies set
  • NO cross-site tracking

Technical Data:

  • Timestamps of page visits
  • IP addresses are stored ONLY in server access/error logs for 90 days for security and fraud prevention purposes, but NOT used for analytics
  • Server logs (access logs for security purposes; retention see §5)
  • Error logs (if technical issues occur)

Legal basis for technical logging: Legitimate interests (GDPR Art. 6(1)(f), Recital 49 – network and information security).

Cookies:

  • Strictly Necessary Cookies: Session management, authentication (if logged in)
  • NO advertising cookies
  • NO tracking cookies

3. How We Use Your Data

3.1 Purpose

We use your data for:

  1. Provide Services:
  • Respond to contact form inquiries
  • Process account registrations
  • Manage B2B contracts (invoicing handled manually via bank transfer)
  • Provide customer support
  1. Marketing Communications:
  • Send newsletters (if you subscribed)
  • Send product updates and announcements
  • Send promotional offers (with opt-out option)
  1. Analytics & Improvements:
  • Understand how visitors use our Website
  • Improve Website design and user experience
  • Identify technical issues
  1. Legal Compliance:
  • Comply with tax and accounting requirements
  • Respond to legal requests (court orders, subpoenas)
  • Prevent fraud and abuse

3.2 Legal Basis (GDPR Article 6)

  • Consent (Article 6(1)(a)): Newsletter subscriptions, optional cookies
  • Contract (Article 6(1)(b)): Account management, billing, customer support
  • Legitimate Interests (Article 6(1)(f)): Analytics (Plausible – cookie-less, no consent required), security logging (IP, timestamps), fraud prevention
  • Legal Obligation (Article 6(1)(c)): Tax records, legal requests

Note: Plausible Analytics does NOT require consent under GDPR/ePrivacy because it does NOT use cookies, does NOT store IP addresses, and does NOT perform cross-site tracking (Recital 30 – anonymous data).

4. Data Sharing & Third Parties

4.1 Service Providers (Data Processors)

We share your data with trusted third-party service providers:

Provider Purpose Data Shared Privacy Policy
Plausible Analytics Website analytics Page views, referrer, browser, country (NOT IP) Plausible Privacy
Google Cloud (Firebase) Infrastructure (hosting, database) processed in EU regions (europe-central2 / eur3) Account data, server logs (IP, timestamps), error logs Google Cloud Privacy
Email Service Transactional emails only (account notifications, password reset) - NO marketing emails yet Email address, name TBD when email service is implemented

All service providers:

  • Bound by contracts requiring GDPR compliance
  • Use data only as instructed by us
  • Data processed in EU regions (no international transfers to non-EU countries)

4.2 Legal Disclosures

We may disclose your data if required by law:

  • Court orders or subpoenas
  • Law enforcement requests
  • Protection of our rights or safety
  • Fraud investigations

4.3 Business Transfers

If we are acquired or merge with another company:

  • Your data may be transferred to the new owner
  • You will be notified as soon as reasonably practicable (confidentiality requirements may delay notification)
  • New owner must honor this Privacy Policy or obtain your consent for changes

4.4 No Sale of Data

We do NOT sell your personal data to third parties for marketing purposes.

5. Data Retention

Data Type Retention Period
Contact form inquiries 2 years from submission
Account data (active) Duration of account
Account data (deleted) 30 days after deletion request
Newsletter subscriptions Until you unsubscribe + 30 days
Invoicing/contract records 7 years (tax/accounting requirements)
Analytics data (Plausible) 2 years (aggregate, no IP)
Server logs (IP, timestamps, errors) 90 days

After retention period, data is permanently deleted.

6. Your Rights (GDPR)

As a data subject in the European Union, you have the following rights:

6.1 Right to Access (Article 15)

You can request a copy of your personal data we hold.

How: Email info@webappski.com with subject "GDPR Access Request"

6.2 Right to Rectification (Article 16)

You can request correction of inaccurate data.

How: Email info@webappski.com or update your account settings

6.3 Right to Erasure (Article 17 - "Right to be Forgotten")

You can request deletion of your data.

How: Email info@webappski.com with subject "GDPR Deletion Request"

Exceptions: We may retain data if legally required (e.g., tax records for 7 years)

6.4 Right to Restrict Processing (Article 18)

You can request we limit how we use your data.

How: Email info@webappski.com with subject "GDPR Restriction Request"

6.5 Right to Data Portability (Article 20)

You can receive your data in machine-readable format (JSON, CSV).

How: Email info@webappski.com with subject "GDPR Portability Request"

6.6 Right to Object (Article 21)

You can object to:

  • Direct marketing (unsubscribe link in emails)
  • Processing based on legitimate interests
  • Automated decision-making (we do NOT use automated decisions)

6.7 Right to Withdraw Consent (Article 7(3))

For consent-based processing (newsletter, cookies):

  • Newsletter: Click unsubscribe link in any email
  • Cookies: Adjust cookie settings in our cookie banner

6.8 Right to Lodge a Complaint

You can file a complaint with your data protection authority:

Poland: Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl

Your Country: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en

Response Time: We will respond to your requests within 30 days (may extend to 60 days for complex requests). We will inform you of any extension within the first 30 days, along with reasons for the delay.

7. International Data Transfers

Data Location:

  • EU Processing: All data is processed within the European Union
  • Google Cloud (Firebase): Data processed in EU regions (europe-central2 / eur3)
  • Plausible Analytics: Data processed in EU (Germany)
  • NO transfers to non-EU countries

Additional Safeguards:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Access controls
  • Data minimization
  • Regular security audits

8. Security Measures

We implement industry-standard security measures:

Technical Measures:

  • Encryption: HTTPS (TLS 1.2+) for all website traffic
  • Secure hosting: Google Cloud Platform with DDoS protection
  • Access control: Multi-factor authentication for admin accounts
  • Regular updates: Security patches applied promptly

Organizational Measures:

  • Staff training: GDPR awareness training for all staff
  • Data minimization: Collect only necessary data
  • Access limitation: Data accessible only to authorized personnel
  • Incident response plan: 72-hour breach notification to authorities (GDPR Article 33)

Limitations: No security is 100% perfect. We cannot guarantee absolute security, but we use commercially reasonable efforts.

9. Cookies Policy

9.1 What Are Cookies?

Cookies are small text files stored on your device by websites you visit.

9.2 Cookies We Use

Strictly Necessary Cookies:

  • Session cookie: Keeps you logged in (if you have an account)
  • Security cookie: Prevents CSRF attacks
  • Duration: Session (deleted when you close browser)
  • No consent required (necessary for service)

Analytics (via Plausible):

  • NO cookies set by Plausible Analytics
  • Plausible is cookie-less, privacy-first analytics
  • Complies with GDPR, CCPA, PECR without consent banner

9.3 Third-Party Cookies

We do NOT use third-party tracking cookies (Google Analytics, Facebook Pixel, etc.).

9.4 Cookie Management

Browser Settings: You can block cookies via browser settings:

  • Chrome: Settings > Privacy > Cookies
  • Firefox: Settings > Privacy > Cookies
  • Safari: Preferences > Privacy > Cookies

Note: Blocking strictly necessary cookies may break Website functionality (e.g., cannot log in).

10. Children's Privacy

Age Restriction: Our Website is NOT intended for children under 16 years old (or lower age set by your country's law, but no lower than 13 years).

  • We do NOT knowingly collect data from children under the applicable age limit
  • If you are under the applicable age limit, DO NOT use our Website or provide personal data
  • Parents: If you believe your child provided data, contact us immediately at info@webappski.com for deletion

11. Marketing Communications

11.1 Newsletter

Currently not active. Newsletter functionality will be implemented in the future. When available:

  • We will send product updates, blog posts, and promotional offers
  • You will be able to unsubscribe anytime (link in every email)
  • Email open/click tracking will require your explicit opt-in consent during subscription

11.2 Transactional Emails

If you have an account:

  • We send transactional emails (account creation, password reset, billing)
  • You CANNOT opt-out of transactional emails (necessary for service)

11.3 Promotional Emails

If you are an existing customer:

  • We may send promotional emails about our Services (legitimate interest)
  • You can opt-out anytime

11.4 Do Not Track

We respect "Do Not Track" (DNT) browser signals as a courtesy:

  • If DNT enabled, we do NOT use optional cookies
  • Plausible Analytics is cookie-less by default and respects user privacy regardless of DNT settings
  • Note: DNT is not a legally binding standard in the EU

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Notification:

  • Material changes (new processing purposes, new data categories, new recipients): Email notification to registered users + explicit consent required where legally mandated
  • Minor changes (clarifications, contact details, formatting): Updated "Last Updated" date at top

Effective Date: Changes effective immediately upon posting.

Your Consent: For minor changes, continued use of Website after notification = acceptance. For material changes affecting your rights, we will seek your explicit consent where required by law.

13. Contact Information

For Privacy Inquiries: Email: info@webappski.com Subject: "Privacy Inquiry - Website"

For GDPR Requests: Email: info@webappski.com Subject: "GDPR Request - [Type: Access/Deletion/etc.]"

Postal Address: Fundacja Rozwoju Przedsiębiorczości „Twój StartUp" (Artur Kuzmenka) ul. Żurawia 6/12, office 766 00-503 Warsaw, Poland

Data Protection Authority (Poland): Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl

14. California Privacy Rights (CCPA)

Applicability: This section applies only if we meet CCPA thresholds (25,000+ California residents/year or 50%+ revenue from data sales). As of the Last Updated date, we are not subject to CCPA requirements but provide this information for transparency.

If you are a California resident (US), you may have additional rights under CCPA:

14.1 Right to Know

You can request disclosure of:

  • Categories of personal information collected
  • Sources of personal information
  • Business purpose for collection
  • Third parties with whom we share data

14.2 Right to Delete

You can request deletion of your personal information (same as GDPR Right to Erasure).

14.3 Right to Opt-Out of Sale or Sharing (CPRA)

We do NOT sell or share your personal information for cross-context behavioral advertising or other purposes. No opt-out required.

14.4 Non-Discrimination

We will NOT discriminate against you for exercising CCPA rights (same prices, same service quality).

To Exercise CCPA Rights: Email: info@webappski.com Subject: "CCPA Request - [Type]"

Response Time: 45 days (may extend to 90 days for complex requests)

APPENDIX: Data Processing Record (GDPR Article 30)

Controller: Fundacja Rozwoju Przedsiębiorczości „Twój StartUp" (operating the organized business part: Artur Kuzmenka) Contact: info@webappski.com DPO: Not appointed (Article 37 GDPR does not require DPO for our current scale of operations. We will appoint a DPO if our processing activities meet the criteria under Article 37(1)(b) or (c).)

Categories of Data Subjects:

  • Website visitors
  • Newsletter subscribers
  • Account holders (business clients)
  • Support inquiries

Categories of Personal Data:

  • Identification data: Name, email
  • Commercial data: Company name, billing address
  • Technical data: Browser, device, page views (no IP)

Categories of Recipients:

  • Plausible Analytics (analytics – EU)
  • Google Cloud (hosting – EU regions)
  • Email provider (transactional emails only – TBD)

Transfers to Third Countries:

  • NONE – All data processing occurs within the European Union

Retention Periods:

  • See Section 5 (Data Retention)

Security Measures:

  • See Section 8 (Security Measures)

BY USING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

Last Updated: January 15, 2025 Version: 1.0