Privacy Policy

Last updated: 14 June 2026

1. Controller

The personal data controller is RSYS Remigiusz Petrykowski, address: ul. Gabriela Narutowicza 34/26, 33-100 Tarnow, Poland, business identifiers: NIP: 9492082622, REGON: 544644667, email: info@rsys.pl, phone: +48 720 941 778.

2. Data we process

We may process account data, email address, hashed password, login/session data, saved repositories, report access history, billing identifiers, Stripe customer/subscription references, support messages, technical logs, security events, cookie preferences, and report usage metadata.

3. Purposes and legal bases

Account and loginPerformance of contract and security.

Subscriptions and paymentsPerformance of contract, accounting obligations, and Stripe payment processing.

Security logsLegitimate interest in protecting the platform and users.

SupportPerformance of contract or legitimate interest in responding to requests.

Language preferencesConsent or requested preference. Changing the site language enables preference storage so the choice can be remembered.

Optional analytics or marketing cookiesConsent. These are not selected by default and may be enabled during account creation or later in cookie settings.

4. Recipients

Data may be shared with hosting providers, database and infrastructure providers, Stripe for payments and billing, email/support providers, professional advisors, and public authorities where legally required.

5. Stripe

Payments and subscription management are processed through Stripe. We store Stripe identifiers and payment status, but we do not store full payment card numbers on our servers.

6. Retention

Account data is kept while the account exists. Billing and invoice-related data is kept for required accounting and limitation periods. Security logs are kept for a limited operational period unless needed to investigate abuse. Cookie preferences are kept for up to 12 months unless changed earlier.

7. Your rights

Depending on applicable law, you may request access, rectification, deletion, restriction, portability, objection to processing, and withdrawal of consent where processing is based on consent. You may also lodge a complaint with the competent supervisory authority.

Because the controller is established in Poland, the competent supervisory authority is the President of the Personal Data Protection Office (Prezes Urzedu Ochrony Danych Osobowych, UODO), unless another EU supervisory authority is competent under applicable law.

8. International transfers

Some providers may process data outside the European Economic Area. Where required, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

9. What this means in practice

For usersYou can ask what data we hold, request correction or deletion where legally available, object to certain processing, withdraw cookie consent, and complain to a supervisory authority.

For the platformWe may keep data needed for security, fraud prevention, billing, tax/accounting records, legal claims, and service operation where the law allows or requires it.

For paymentsStripe processes payment data. We store billing status and identifiers needed to provide access, but not full card numbers.

10. Automated decisions

Repository risk scores are generated automatically for report presentation. They do not by themselves produce legal effects concerning users. Account billing access is determined from subscription and access-grant status.

11. Contact

Privacy requests: info@rsys.pl.