Privacy Policy

Last updated: September 2, 2025

1. Data Controller

The controller of your personal data is Digital by Default Łukasz Sipa, with registered office at ul. Żeromskiego 5/16, 26-300 Opoczno, Poland. Tax ID (NIP): 7681818164. Contact: lukasz.sipa@gmail.com, phone: +48 511-057-144.

2. Scope of Data Processing

  • Account data: first name, last name, email, password (hashed), phone number.
  • Order and billing data: email address, billing address, tax ID (for businesses), purchase details, transaction identifiers.
  • Course data: purchased courses, learning progress, access history, session tokens.
  • In-person course reservations: first name, last name, email, phone, scheduled date.
  • Newsletter: email, consent markers [optionally IP/timestamp].
  • Technical data: server logs, IP address, browser/device, cookies/LocalStorage.

3. Purposes and Legal Basis

  • Account creation and management – performance of contract (GDPR Art. 6(1)(b)).
  • Order fulfillment, payments, invoicing – contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).
  • Support and communication – our legitimate interest (Art. 6(1)(f)).
  • Newsletter/email marketing – consent (Art. 6(1)(a)), which can be withdrawn at any time.
  • Analytics/service improvement [optional] – legitimate interest (Art. 6(1)(f)).
  • Security/legal claims – legitimate interest (Art. 6(1)(f)).

4. Data Recipients

  • Hosting/CDN: OVH, Cloudflare.
  • Payments: Przelewy24.
  • Email/newsletter: Twilio SendGrid.
  • Media storage: Cloudflare R2.
  • Analytics/monitoring [optional]: Google Analytics.
  • Accounting firms, legal advisors, public authorities – when required by law.

In case of data transfers outside the EEA, we apply appropriate safeguards (EU standard contractual clauses and supplementary measures).

5. Retention Period

  • Account and course data – for the duration of the contract and up to 6 months after its termination.
  • Accounting documentation – 5 tax years.
  • Newsletter – until consent withdrawal or end of mailing.
  • Technical logs – up to 90 days.
  • Data for legal claims – until expiration of limitation periods.

6. Your Rights

You have the right to access your data, rectification, erasure, restriction of processing, data portability, objection (when processing is based on Art. 6(1)(f)), and withdrawal of consent. You may lodge a complaint with the supervisory authority (in Poland: UODO; in the US: applicable state authorities).

7. Automated Decision-Making

We do not make decisions producing legal effects solely through automated means. Basic segmentation for content personalization may occur.

8. Data Provision Requirement

Providing data is voluntary but necessary for registration, placing orders, or receiving the newsletter.

9. Security

We employ encryption (TLS/HTTPS), access control, regular updates, password hashing. Access is granted only to authorized individuals/entities.

10. GDPR Contact

Email: lukasz.sipa@gmail.com, correspondence address: ul. Panoramy 7/2, 05-090 Falenty Nowe, Poland. Data Protection Officer: Łukasz Sipa.

11. Policy Changes

The policy may change. We will inform you of significant changes on the site or by email.