Privacy Policy

Effective Date: October 16, 2025

1. Data Controller

2. What Personal Data We Collect

We collect the following categories of personal data:

Basic Information:

• Email address
• Website URL you want analyzed
• Registration date and time

Payment Information:

• Payment history ($29 one-time payment)
• Stripe Customer ID (no credit card details stored)
• Payment status and timestamps

Technical Data:

• IP address (for security and fraud prevention)
• Browser type and version
• Email delivery and open status
• Report download logs

Website Analysis Data:

• Screenshots of your website (desktop, tablet, mobile)
• DOM structure and code samples from analyzed pages
• Accessibility issues found during analysis
• Generated PDF reports

3. Purpose and Legal Basis for Processing

Purpose	Legal Basis
Website accessibility analysis	Contract performance
Payment processing	Contract performance
Delivery of reports via email	Contract performance
Customer support and complaints	Contract performance
Fraud prevention and security	Legitimate interest
Service improvement	Legitimate interest
Satisfaction surveys	Legitimate interest
Tax and accounting obligations	Legal obligation

4. Data Recipients and Third-Party Services

We share your personal data with the following third-party service providers:

5. Data Transfers Outside EU/EEA

Some of our service providers may process data in countries outside the European Union. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for specific countries
• Privacy Shield framework where applicable

6. Data Retention Periods

• Accounting documents: 10 years (legal requirement)
• Payment records: 10 years for tax purposes
• Accessibility reports and screenshots: 90 days after delivery
• Email logs: 6 months
• Technical logs: 6 months
• Survey responses: 2 years

After these periods, data is securely deleted from our systems.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at michal@mkurri.cz. We will respond within 30 days.

8. Data Security Measures

We implement industry-standard security measures to protect your data:

• SSL/TLS encryption for all data transmission
• Encrypted password storage using bcrypt
• Regular security audits and updates
• Access controls and authentication
• Automated backups with encryption
• Firewall protection and intrusion detection
• Secure deletion procedures for expired data

9. Stripe and Payment Data

10. Cookies

Our use of cookies is described in our Cookie Policy.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Automated Decision-Making

Our accessibility analysis uses AI algorithms to identify issues. However, you are not subject to decisions based solely on automated processing that produce legal or similarly significant effects.

13. Data Breach Notification

In case of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

14. Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection authority:

15. Changes to This Privacy Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email at least 30 days before they take effect.

16. Contact Us

For any privacy-related questions or requests:

• Email: michal@mkurri.cz
• Website: audit.michalku.com