Privacy & Data Protection
Privacy Policy
Last updated: February 2026
1. Data Controller
The data controller is Tradeco Krzysztof Cichy, with its registered office at os. Tysiąclecia 71/51, 61-255 Poznań, Poland, NIP (VAT ID): PL7822918532, contact email: hello@stripdo.com (hereinafter: "Controller").
2. Purposes and Legal Bases for Processing
We process personal data for the following purposes:
| Purpose | Scope of Data | Legal Basis | Retention Period |
|---|---|---|---|
| Account creation | Name, email, password, NIP/VAT ID, company details | Art. 6(1)(b) GDPR (contract) | Duration of the contract |
| Providing the Stripe integration & invoicing service | Transaction data, API keys, invoice details | Art. 6(1)(b) and (f) GDPR | Duration of the contract |
| Issuing invoices | Billing data | Art. 6(1)(c) GDPR (legal obligation) | As required by law (e.g. 5 years) |
| Communication & support | Email, correspondence content | Art. 6(1)(f) GDPR (legitimate interest) | Up to 3 years for evidentiary purposes |
| Marketing (if consent given) | Email, preferences | Art. 6(1)(a) GDPR (consent) | Until consent is withdrawn |
3. Data Recipients & Third-Party Tools
Personal data may be shared with trusted third parties that provide services essential to operating Stripdo and analysing its usage. These include:
- Stripe, Inc. (USA) — online payment processing
- Clerk, Inc. (USA) — authentication and user management
- Supabase, Inc. (USA) — database and backend infrastructure
- Vercel, Inc. (USA) — hosting and deployment
- Resend, Inc. (USA) — transactional email delivery
- Accounting office — for bookkeeping and tax compliance
- DataFast (datafa.st) — privacy-friendly website analytics (consent-based)
Where data is transferred outside the EEA (e.g. to the USA), we rely on Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework, as applicable.
4. Your Rights
Under the GDPR you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Object to processing
- Data portability
- Lodge a complaint with a supervisory authority (in Poland: Prezes UODO — Urząd Ochrony Danych Osobowych)
To exercise any of these rights, contact us at hello@stripdo.com.
5. Consent & Withdrawal
Where we process data based on your consent (e.g. marketing emails), you may withdraw that consent at any time by emailing hello@stripdo.com. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
6. Obligation to Provide Data
Providing personal data is voluntary but necessary to enter into and perform the contract (account creation, service delivery). Failure to provide the required data means you will not be able to use the service.
7. Cookies
Our website uses cookies to ensure proper functionality and, with your consent, to analyse traffic. When you first visit our site, a cookie banner asks you to accept or reject non-essential cookies. Your choice is stored in your browser's local storage and persists across sessions.
Strictly Necessary
These cookies are essential for the website to function and cannot be disabled. They are set by our authentication provider (Clerk) and include:
- __clerk_db_jwt, __session, __client_uat — authentication session management
Analytics (consent-based)
We use DataFast (datafa.st) for privacy-friendly website analytics. The DataFast script is only loaded after you explicitly consent via the cookie banner. If you reject analytics cookies, no analytics data is collected.
You can change your cookie preferences at any time using the "Cookie Settings" link in the website footer.
8. Security Measures
We take appropriate technical and organisational measures to protect your data, including SSL/TLS encryption, access controls, secure password hashing, and regular security monitoring.
9. Changes to This Policy
We reserve the right to update this Privacy Policy. The current version is always available at https://stripdo.com/privacy.
Last updated: February 2026