Privacy Policy

This Privacy Policy ("Policy") describes how Smart Inkler ("Company", "we", "us", or "our") collects, uses, stores, and shares personal data in connection with the Smart Inkler website ("Website"), desktop application, and related services (collectively, the "Service").

This Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") and other applicable data protection legislation. Please read this Policy carefully. By using the Service, you acknowledge that you have read and understood this Policy.

1. Data Controller

The data controller responsible for the processing of your personal data is:

• Name: Smart Inkler
• Email: [email protected]
• Website: smartinkler.com

Where required by applicable law, we will appoint a Data Protection Officer (DPO) or designated privacy contact. Until such appointment, all data protection enquiries should be directed to the email above.

2. Personal Data We Collect

2.1 Account and Registration Data

• Full name
• Email address
• Password (stored as a cryptographic hash — never in plain text)
• Account creation date and last login timestamp

2.2 Billing and Payment Data

• Billing name and address
• VAT number (where applicable)
• Payment method details — these are processed and tokenised directly by our payment processor (Stripe, Inc.) and are not stored on our servers in unmasked form
• Transaction history and invoice records

2.3 Usage and Technical Data

• Application usage statistics and feature interaction data
• Error reports and crash logs
• Device information: operating system, application version, hardware identifiers
• IP address and approximate geographic location (country/region level)
• Browser type and version (for Website visitors)

2.4 Communications Data

• Contents of support requests and correspondence you send us
• Email marketing preferences and consent records

We do not intentionally collect special categories of personal data (such as data concerning health, racial or ethnic origin, or religious beliefs) and ask that you do not submit such data to us.

3. Purposes and Legal Bases for Processing

We process personal data only where we have a valid legal basis under Article 6 GDPR:

• Account creation and management — Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Necessary to create and maintain your account and provide access to the Service.
• Subscription billing and invoicing — Legal basis: performance of a contract (Art. 6(1)(b)) and compliance with a legal obligation (Art. 6(1)(c)), including accounting and tax retention requirements.
• Customer support — Legal basis: legitimate interests (Art. 6(1)(f)). We have a legitimate interest in resolving technical and service issues effectively.
• Service improvement and analytics — Legal basis: legitimate interests (Art. 6(1)(f)). We have a legitimate interest in understanding how the Service is used in order to improve it, provided this does not override your fundamental rights.
• Security and fraud prevention — Legal basis: legitimate interests (Art. 6(1)(f)) and, where applicable, compliance with legal obligations (Art. 6(1)(c)).
• Marketing and promotional communications — Legal basis: consent (Art. 6(1)(a)). We will only send marketing emails where you have explicitly opted in. You may withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting us at [email protected].
• Compliance with legal obligations — Legal basis: legal obligation (Art. 6(1)(c)), including cooperation with competent authorities where required by law.

4. Data Retention

• Account data: Retained for the duration of your account. Upon account deletion, personal data is anonymised or deleted within 30 days, except where retention is required by law.
• Billing and invoice data: Retained for 8 years from the date of the relevant transaction, as required by Hungarian and EU accounting legislation.
• Usage and technical data: Retained for up to 24 months in aggregated or pseudonymised form for analytics purposes.
• Support correspondence: Retained for up to 3 years from the date of resolution.
• Consent records (marketing): Retained for as long as necessary to demonstrate compliance with consent obligations.

5. Recipients and Data Transfers

5.1 Third-Party Processors

We engage trusted third-party service providers who process personal data on our behalf under data processing agreements:

• Stripe, Inc. — Payment processing. Stripe is certified under PCI DSS. For details see stripe.com/privacy.
• Hosting and infrastructure provider — Server hosting, data storage, and content delivery.
• Email service provider — Transactional and marketing email delivery.
• Analytics provider — Aggregated usage analytics (where applicable).

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

5.2 International Transfers

Some of our third-party processors may be located outside the European Economic Area (EEA). Where personal data is transferred to countries not deemed adequate by the European Commission, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) adopted pursuant to Article 46 GDPR. You may request a copy of the applicable safeguards by contacting us at [email protected].

5.3 Legal Disclosures

We may disclose your personal data to competent public authorities, courts, or law enforcement agencies where required to do so by applicable law or to protect the rights, property, or safety of the Company, its users, or the public.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies. We use the following categories of cookies:

• Strictly necessary cookies: Required for the Website to function (e.g., session management, authentication). These cannot be disabled.
• Functional cookies: Remember your preferences and settings to improve your experience.
• Analytics cookies: Help us understand how visitors interact with the Website in aggregate (e.g., page views, navigation paths). Used only with your consent.
• Marketing cookies: Used to deliver relevant advertising and track campaign effectiveness. Used only with your explicit consent.

You can manage or withdraw your consent for non-essential cookies at any time via your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of the Website.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Transport Layer Security (TLS/HTTPS) for all data in transit
• Cryptographic hashing of passwords (bcrypt or equivalent)
• Encryption of sensitive data at rest
• Role-based access controls limiting internal access to personal data
• Regular security assessments and penetration testing
• Automated backups with integrity verification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

8. Automated Decision-Making and Profiling

We do not make decisions about you based solely on automated processing (including profiling) that produce legal or similarly significant effects, as described in Article 22 GDPR. If this changes in the future, we will update this Policy and provide you with the necessary information and rights.

9. Children’s Data

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will take steps to delete such data promptly.

10. Your Rights as a Data Subject

Under GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15): Obtain confirmation of whether we process your data and receive a copy of it.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
• Right to restriction of processing (Art. 18): Request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes at any time.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit a written request to [email protected]. We will respond within one (1) month of receipt of your request. In complex or numerous cases, we may extend this period by a further two months with prior notice. We may request proof of identity before processing your request.

You also have the right to lodge a complaint with the competent supervisory authority. In Hungary, this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH):

• Website: naih.hu
• Address: 1055 Budapest, Falk Miksa utca 9–11.
• Email: [email protected]

If you are habitually resident in another EU Member State, you may also lodge a complaint with the supervisory authority of that Member State.

11. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data processing practices, legal requirements, or the Service. Material changes will be communicated by posting the updated Policy on this page with a revised effective date and, where required by law, by notifying you by email or via the Service at least 30 days in advance.

Continued use of the Service after the effective date of any changes constitutes your acknowledgement of the updated Policy.

12. Contact

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

• Email: [email protected]

We will endeavour to respond to all privacy enquiries within ten (10) business days.