EgzaBaza Privacy Policy

Data controller

The controller of personal data is the operator of EgzaBaza (Controller). GDPR-related contact: support@egzabaza.pl.

Data we process

Depending on your role, we may process name, email, authentication data, exam results, session metadata, IP address, technical logs, and billing-related information.

Purposes

We process data to provide the service, process payments (via Stripe), communicate with you, ensure security and abuse prevention, comply with legal obligations, and — where applicable — pursue legitimate interests.

Legal bases

Including GDPR Art. 6(1)(b) contract, (c) legal obligation, (f) legitimate interests (e.g. security), and (a) consent where required.

Retention

We keep data for the lifetime of your account and afterward as required by law or until claims expire, then delete or anonymize it.

Your rights

You may request access, rectification, erasure (where applicable), restriction, portability, and object to certain processing. You may lodge a complaint with your local supervisory authority.

Cookies

We use strictly necessary cookies for the service and, where permitted, analytics or marketing cookies according to your browser and consent banner settings.

Payments

Payments may be processed by Stripe under their privacy policy; we do not store full card numbers.

Changes

This document is a draft pending legal review. We will notify you of material updates.