Privacy Policy
Last updated: May 11, 2026
1. Administrator
The data controller is Paweł Kaczmarek, with registered address: ul. Anny Leskiej-Daab 6/14, 60-408 Poznań, Poland.
Contact for privacy matters: pawel.dev.kaczmarek@gmail.com.
The same email address is also used as the single contact point for users, authorities, and notices regarding allegedly illegal content.
2. What Data We Process
- Account data (for example email address and login credentials).
- Report content you create and publish (including text and photos).
- Technical and security data (for example request logs, and security events).
- Session and browser storage data required for security and core website functionality.
3. Purposes and Legal Bases
- To provide your account and report features (GDPR Article 6(1)(b), performance of a contract).
- To send essential transactional emails, including welcome and password reset emails (GDPR Article 6(1)(b), performance of a contract).
- To secure the service, prevent abuse, and protect service integrity (GDPR Article 6(1)(f), legitimate interest).
- To comply with legal obligations when applicable (GDPR Article 6(1)(c), legal obligation).
4. Reports, Photos, and Third-Party Rights
You are responsible for content you upload and publish. By uploading photos, you confirm that you have the legal right to use and publish them. If photos include other persons, you confirm that you have obtained all required permissions or consents.
Do not upload content that infringes third-party rights or violates the law. The Administrator may remove or block content after receiving a valid rights infringement report.
5. Cookies and Browser Storage
The Administrator currently uses only essential technologies required to keep the website secure and functional. The Administrator does not use analytics or marketing cookies at this time.
- Essential session and security cookies used by the backend for login session and CSRF protection.
- Essential preference cookie
br_localeto remember your language choice (pl-PLoren-US). localStoragekeybr-essential-cookies-notice-v1to remember that you acknowledged the essential cookies notice.sessionStoragekeybr_report_create_draft_v1:{userId}:…to keep an in-progress report draft in the current browser session.
6. Data Recipients and Processors
- OVHcloud (Warsaw, Poland) for hosting infrastructure and domain services.
- Backblaze S3 (eu-central-003) for storing uploaded media files.
- Brevo for transactional email delivery (welcome and password reset), including data required for delivery and security of the email flow (for example your email address, username, and message technical metadata).
For these providers, the Administrator relies on data processing terms made available by OVHcloud, Brevo, and Backblaze under their applicable service agreements.
7. International Data Transfers
The Administrator configures media storage in the Backblaze eu-central-003 region. Brevo states that its core infrastructure is located in the EU. However, depending on support and subprocessor operations, personal data may in specific cases be processed outside the EEA.
Where such transfers occur, they are covered by safeguards under GDPR Chapter V (for example, an adequacy decision, Standard Contractual Clauses, or another valid transfer mechanism). You can request more details about the transfer mechanism applicable to your data by contacting us at pawel.dev.kaczmarek@gmail.com.
8. Data Retention
- Your account data is stored while your account is active.
- If you delete your account, your reports and uploaded photos are removed immediately as part of the account deletion flow.
- Session draft data in
sessionStorageexists only in your current browser session. - Security logs are retained for 7 days.
- Backups are created daily and retained for 24 hours.
- Data removed from live systems may still exist in backups for up to 24 hours and is permanently removed as those backups expire.
9. Your Rights
You have the right to request access, rectification, deletion, restriction, objection, and data portability, where applicable under GDPR.
You can lodge a complaint with a supervisory authority, including the President of the Polish Personal Data Protection Office (UODO).
The Administrator does not use automated decision-making, including profiling, that produces legal or similarly significant effects.
10. Additional GDPR Information
Providing account data is necessary to create and maintain your account and to use core service features. If required data is not provided, the Administrator may be unable to provide account-related services.
To exercise your GDPR rights, contact: pawel.dev.kaczmarek@gmail.com.
No Data Protection Officer has been appointed.
11. Changes to This Policy
The Administrator may update this Privacy Policy from time to time. For material changes, the Administrator provides prior notice in the service or by email before the changes take effect, and also updates the "Last updated" date on this page.
