Privacy Policy

Effective as of February 24, 2026

1. Data Controller

The controller of your personal data is:
- Business name: PawlicaWeb Mateusz Pawlica
- Address: ul. Rolna 37/18, 43-100 Tychy, Poland
- Tax ID (NIP): 6472568432
- Email: [email protected]
- Phone: +47 572 645 250
(the "Controller"). The Controller is a sole proprietorship registered in Poland, European Union.
For data protection inquiries, you may contact the Controller at [email protected].

2. Data We Collect, Purposes, and Legal Bases

We process your personal data for the following purposes:

Purpose	Data collected	Legal basis (GDPR)	Retention period
Order fulfillment and delivery of Digital Content	Email address, country, IP address	Art. 6(1)(b) — performance of a contract	Until contract completion, then as required by tax law (5 years from end of fiscal year)
Invoice generation	Full name or company name, Tax ID, address	Art. 6(1)(c) — legal obligation (tax regulations)	5 years from end of fiscal year
Contact form correspondence	Name, email address, message content	Art. 6(1)(f) — legitimate interest (responding to inquiries)	Until correspondence ends, then 1 year
Account authentication (magic link)	Email address	Art. 6(1)(b) — performance of a contract	Session: 30 days; login link: 15 minutes
Website analytics (Google Analytics)	Anonymized traffic data, cookies	Art. 6(1)(a) — consent	Until consent is withdrawn; GA data: 26 months
Remarketing and conversion tracking (Meta Pixel)	Anonymized activity data, cookies	Art. 6(1)(a) — consent	Until consent is withdrawn; Meta data: 180 days
Establishing, exercising, or defending legal claims	Order-related data	Art. 6(1)(f) — legitimate interest	6 years (general statute of limitations)

3. Third-Party Service Providers

Your personal data may be shared with the following categories of recipients:

Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) — for payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
Resend, Inc. (USA) — for sending transactional emails (purchase confirmations, download links, login links).
Google LLC (USA) — for website analytics via Google Analytics, only with your consent.
Meta Platforms Ireland Ltd (Ireland) / Meta Platforms, Inc. (USA) — for conversion tracking and remarketing via Meta Pixel, only with your consent.
Cloudflare, Inc. (USA) — for website hosting, content delivery (CDN), and file storage (Cloudflare R2).
Accounting, legal, and hosting service providers — to the extent necessary for business operations.

4. International Data Transfers

Because we use service providers based in the United States (Stripe, Resend, Google, Cloudflare, Meta), your personal data may be transferred to the USA.
These transfers are made on the basis of the European Commission's adequacy decision under the EU-US Data Privacy Framework, or on the basis of Standard Contractual Clauses adopted by the European Commission (Art. 46(2)(c) GDPR).

5. Your Rights Under GDPR

If the GDPR applies to you (e.g., you reside in the EU/EEA), you have the following rights:

Right of access — to obtain confirmation of whether your data is being processed and to receive a copy (Art. 15 GDPR).
Right to rectification — to have inaccurate data corrected (Art. 16 GDPR).
Right to erasure — "right to be forgotten" (Art. 17 GDPR).
Right to restriction of processing (Art. 18 GDPR).
Right to data portability — to receive your data in a structured, commonly used format (Art. 20 GDPR).
Right to object to processing based on legitimate interest (Art. 21 GDPR).
Right to withdraw consent at any time — without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).

To exercise any of these rights, contact us at [email protected].

You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for the Controller is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland — uodo.gov.pl.

6. Your Rights Under US State Privacy Laws

If you are a resident of California or another US state with applicable privacy legislation (such as the CCPA/CPRA, Virginia CDPA, Colorado CPA, or Connecticut CTDPA), you may have additional rights, including:

Right to know — what personal information we collect, use, disclose, and sell or share.
Right to delete — request the deletion of your personal information, subject to certain exceptions.
Right to opt-out of sale — we do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising purposes without your consent.
Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, email us at [email protected]. We will respond to verifiable consumer requests within 45 days.

7. Cookies and Tracking Technologies

The Website uses cookies — small text files stored on your device — and similar technologies.

The following cookies and storage mechanisms are used on the Website:

Name	Type	Purpose	Retention
`session`	httpOnly cookie	Maintaining your login session	30 days
`cookie-consent`	localStorage	Remembering your cookie consent preference	Indefinite (until cleared by user)
`_ga`, `_ga_*`	Cookie (Google Analytics)	Website traffic analytics (visitor statistics)	26 months (only after consent)
`_fbp`	Cookie (Meta Pixel)	Browser identification for remarketing and conversion tracking	90 days (only after consent)
`_fbc`	Cookie (Meta Pixel)	Storing the ad click parameter (fbclid)	90 days (only after consent)

Analytics cookies (Google Analytics) and marketing cookies (Meta Pixel) are only set after you give consent via the cookie banner displayed on your first visit.
You can change your cookie settings at any time in your browser, including blocking cookies or deleting existing ones.
You can withdraw consent for analytics and marketing cookies by clearing site data in your browser settings.

8. Data Provision

Providing your email address and selecting your country is required to place an Order. Without this information, we cannot process your purchase.
Providing invoice details (name, Tax ID, address) is optional — only required if you request an invoice.
Consenting to analytics and marketing cookies is entirely voluntary and does not affect your ability to use the Website or make purchases.

9. Automated Decision-Making

The Controller does not make automated decisions (including profiling) within the meaning of Art. 22 GDPR that produce legal effects concerning you or similarly significantly affect you.

10. Children's Privacy

The Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at [email protected] so we can delete it.

11. Changes to This Privacy Policy

The Controller reserves the right to update this Privacy Policy. Changes will be posted on this page with a revised effective date. We encourage you to review this page periodically.

12. Contact

For questions about this Privacy Policy or to exercise your data protection rights, please contact us:

Email: [email protected]
Phone: +47 572 645 250
Mail: PawlicaWeb Mateusz Pawlica, ul. Rolna 37/18, 43-100 Tychy, Poland