OTSPulse Privacy Policy
Last updated: 28.06.2026
1. Data Controller
The controller of your personal data is Kamil Półkośnik, operating under unregistered business activity in Poland, correspondence address: Kołłątaja 75/61, 15-774 Białystok, Poland. For GDPR-related requests, contact us through the contact form.
2. What data we process
- Account data: username, email address, avatar (optional), password (stored hashed).
- OAuth login data: if you sign in via Google — the identifier, email, name and avatar provided by the provider.
- Published content: servers you add, reviews, wiki entries, questions and answers.
- Technical data: IP address, browser type, operating system, session data.
- Analytics data: clicks, time on page, navigation paths (anonymous / pseudonymous).
- Payment data: stored exclusively by the payment processor (Stripe). We only keep the transaction ID, amount and date.
- Invoice data: first name, last name, address, tax ID (optional) — only if you tick the "I want a receipt" box at checkout.
3. Purposes and legal basis
| Purpose | Legal basis | Retention |
|---|---|---|
| Providing the service (Account, Site) | GDPR Art. 6(1)(b) — contract | Until account deletion |
| Payment processing and accounting | GDPR Art. 6(1)(c) — legal obligation | 5 years (tax law) |
| Own marketing (newsletter, if you subscribe) | GDPR Art. 6(1)(a) — consent | Until consent is withdrawn |
| Analytics and service improvement | GDPR Art. 6(1)(f) — legitimate interest | 26 months |
| Complaints and contact handling | GDPR Art. 6(1)(b) and (f) | 3 years from case closure |
| Defending against legal claims | GDPR Art. 6(1)(f) | Until the limitation period expires |
4. Data recipients (processors)
Your data may be entrusted to the following entities:
- Lovable Cloud / Supabase — database hosting and authentication (EU/US, Standard Contractual Clauses).
- Cloudflare — CDN and DDoS protection (US, SCC).
- Mailgun (via Lovable Emails) — transactional email delivery from the domain
notify.otspulse.com. - Stripe — payment processing (US, PCI DSS certified).
- Google — OAuth login, if you use it.
5. Cookies and similar technologies
- Essential cookies (always on): login session, language preferences, cart — the service won't work without them. Basis: GDPR Art. 6(1)(f).
- Analytics cookies (require consent): help us understand how you use the site. You can enable/disable them in the cookie banner at the bottom of the page.
- Advertising cookies: we don't use them.
6. Your rights
You have the right to:
- access your data (GDPR Art. 15);
- rectify your data (Art. 16);
- erase your data — "right to be forgotten" (Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing (Art. 21);
- withdraw consent at any time (Art. 7(3));
- lodge a complaint with the President of the Polish Personal Data Protection Office (uodo.gov.pl) or your local EU supervisory authority.
To exercise any of these rights, please use the contact form. We respond within 30 days.
7. Security
We apply technical and organizational measures appropriate to the risk: TLS encryption, hashed passwords (bcrypt), database-level Row-Level Security, and two-factor authentication for the admin account.
8. Transfers outside the EEA
Some of our processors (Cloudflare, Stripe) may process data in the US. Transfers are based on Standard Contractual Clauses (SCC) approved by the European Commission.
9. Minimum age
The service is available to users who are at least 16 years old. We do not knowingly collect data from younger individuals.
10. Policy changes
We will inform you about material changes to this Policy by email or via an announcement on the service at least 14 days in advance. The current version is always available at otspulse.com/privacy.
