Privacy Policy

Last updated: February 2026

Data Controller

Ben Barkai, ID No. 22073264, Prague, Czech Republic.
Email: support@promposal.app

Scope & Applicability

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit Promposal, create an account, purchase PromCoins, create digital promposals and custom invite links, or contact support. If you are in the EEA/UK, this notice complies with the GDPR/UK GDPR.

Categories of Data We Process

• Identity & contact data: Name, email address, billing address.
• Account & order data: Username, encrypted password, order history, purchased PromCoins, published invite links.
• Payment data: Payment method details processed by Stripe (we do not store full card numbers).
• Device & usage data: IP address, browser type, operating system, timestamps, and pages viewed during your session.
• Cookies & similar tech: Used per our Cookie Policy.
• No special categories: We do not intentionally collect sensitive data (e.g., health data, sexual orientation, religious beliefs).

Purposes and Legal Bases

We process personal data only where a legal basis applies:

• Performing a contract (Art. 6(1)(b) GDPR): Creating accounts, processing orders, delivering digital promposals and invite links, and providing customer support.
• Legal obligations (Art. 6(1)(c)): Tax and accounting record-keeping.
• Legitimate interests (Art. 6(1)(f)): Ensuring website security, fraud prevention, and improving user experience through aggregated analytics.
• Consent (Art. 6(1)(a)): Sending promotional emails (if you opt-in) and using non-essential cookies. You can withdraw consent at any time.

Disclosures & Recipients

We do not sell or trade your personal data. We share it only with trusted third parties as needed:

• Payment processors (Stripe).
• Hosting and website analytics providers.
• Email delivery tools (for transactional communication).
• Authorities, if required by law to protect rights, property, or safety.

International Transfers

If we transfer EEA/UK personal data to providers outside the EEA/UK, we rely on legal safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs).

Retention

• Account data: For the life of the account + 24 months.
• Orders/Invoices: For up to 10 years (statutory tax requirement).
• Usage logs: Up to 12 months.

Upon request, we will delete your personal data without undue delay, subject to legal retention requirements.

Your Rights

Under GDPR, you have the right to access, correct, delete, or restrict processing of your data. We do not perform automated decision-making or profiling as defined in GDPR Article 22. To exercise your rights, contact us at support@promposal.app.