OTSPulse Privacy Policy

Last updated: 28.06.2026

1. Data Controller

The controller of your personal data is Kamil Półkośnik, operating under unregistered business activity in Poland, correspondence address: Kołłątaja 75/61, 15-774 Białystok, Poland. For GDPR-related requests, contact us through the contact form.

2. What data we process

  • Account data: username, email address, avatar (optional), password (stored hashed).
  • OAuth login data: if you sign in via Google — the identifier, email, name and avatar provided by the provider.
  • Published content: servers you add, reviews, wiki entries, questions and answers.
  • Technical data: IP address, browser type, operating system, session data.
  • Analytics data: clicks, time on page, navigation paths (anonymous / pseudonymous).
  • Payment data: stored exclusively by the payment processor (Stripe). We only keep the transaction ID, amount and date.
  • Invoice data: first name, last name, address, tax ID (optional) — only if you tick the "I want a receipt" box at checkout.

3. Purposes and legal basis

PurposeLegal basisRetention
Providing the service (Account, Site)GDPR Art. 6(1)(b) — contractUntil account deletion
Payment processing and accountingGDPR Art. 6(1)(c) — legal obligation5 years (tax law)
Own marketing (newsletter, if you subscribe)GDPR Art. 6(1)(a) — consentUntil consent is withdrawn
Analytics and service improvementGDPR Art. 6(1)(f) — legitimate interest26 months
Complaints and contact handlingGDPR Art. 6(1)(b) and (f)3 years from case closure
Defending against legal claimsGDPR Art. 6(1)(f)Until the limitation period expires

4. Data recipients (processors)

Your data may be entrusted to the following entities:

  • Lovable Cloud / Supabase — database hosting and authentication (EU/US, Standard Contractual Clauses).
  • Cloudflare — CDN and DDoS protection (US, SCC).
  • Mailgun (via Lovable Emails) — transactional email delivery from the domain notify.otspulse.com.
  • Stripe — payment processing (US, PCI DSS certified).
  • Google — OAuth login, if you use it.

5. Cookies and similar technologies

  1. Essential cookies (always on): login session, language preferences, cart — the service won't work without them. Basis: GDPR Art. 6(1)(f).
  2. Analytics cookies (require consent): help us understand how you use the site. You can enable/disable them in the cookie banner at the bottom of the page.
  3. Advertising cookies: we don't use them.

6. Your rights

You have the right to:

  • access your data (GDPR Art. 15);
  • rectify your data (Art. 16);
  • erase your data — "right to be forgotten" (Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing (Art. 21);
  • withdraw consent at any time (Art. 7(3));
  • lodge a complaint with the President of the Polish Personal Data Protection Office (uodo.gov.pl) or your local EU supervisory authority.

To exercise any of these rights, please use the contact form. We respond within 30 days.

7. Security

We apply technical and organizational measures appropriate to the risk: TLS encryption, hashed passwords (bcrypt), database-level Row-Level Security, and two-factor authentication for the admin account.

8. Transfers outside the EEA

Some of our processors (Cloudflare, Stripe) may process data in the US. Transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission.

9. Minimum age

The service is available to users who are at least 16 years old. We do not knowingly collect data from younger individuals.

10. Policy changes

We will inform you about material changes to this Policy by email or via an announcement on the service at least 14 days in advance. The current version is always available at otspulse.com/privacy.