Zróbmy To!Dołącz →

Privacy policy

In force since:

How we handle your personal data. Compliant with GDPR and the Polish Act on Providing Services by Electronic Means.

Draft document. Final text pending legal audit (planned 2026 Q2). Questions: privacy@skalujto.ai.

1. Data controller

The controller of personal data is Artur Niklewicz, Warsaw (Skalujto.ai is operated personally). Correspondence address and data-protection email: privacy@skalujto.ai.

2. Scope of processed data

We process only what you provide or what is technically required:

  • Contact form: name, email, optional company name, message body.
  • Cal.com booking: name, email, time zone, meeting note.
  • Server logs: IP address, user agent, response code — anonymised after 30 days.
  • Cookie preferences: if we use Plausible Analytics, data is aggregated without user identifiers.

3. Purpose and legal basis

We process data for a limited, clearly defined set of purposes:

  • Replying to form enquiries and further business correspondence — GDPR art. 6(1)(f) (legitimate interest).
  • Performing a contract or pre-contract steps — GDPR art. 6(1)(b).
  • Accounting and tax obligations — GDPR art. 6(1)(c).
  • Site security and abuse prevention (rate limiting, logs) — GDPR art. 6(1)(f).

4. Recipients

Data may be entrusted to processors we have data-processing agreements with: Resend (email delivery), Cal.com (bookings), Vercel (hosting), Supabase/Postgres (database). We do not sell or share data with third parties for marketing. Any transfers outside the EEA are covered by European Commission Standard Contractual Clauses.

5. Retention periods

  • Form correspondence: 24 months from last contact, unless a contract is signed.
  • Accounting data: 5 years (Polish accounting law).
  • Technical logs: 30 days, then anonymised.
  • Client project data: duration of contract + 12-month warranty.

6. Your rights

You have the full catalogue of rights under GDPR:

  • Access to your data and a copy of it.
  • Rectification of inaccurate or outdated data.
  • Erasure (right to be forgotten) — unless we are legally bound to retain.
  • Restriction of processing, e.g. while an objection is verified.
  • Portability to another controller in a machine-readable format.
  • Withdrawal of consent at any time — without affecting earlier lawful processing.
  • Objection to processing based on legitimate interest.
  • Complaint to the Polish data-protection authority (uodo.gov.pl).

7. Data-protection contact

For data-protection matters write to privacy@skalujto.ai. We reply within 30 days. At our scale a formal DPO is not required; the request is handled directly by management.