Privacy Policy

Last updated: May 20, 2025

1. Who We Are

assetdig is operated by SKdev (NIP: 7011083312), registered at ul. Władysława Pytlasińskiego 16/13, 00-777 Warszawa, Poland (EU).

For privacy-related inquiries, contact us at legal@assetdig.com.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), profile information from OAuth providers (Google).
  • Payment data: processed securely by Stripe. We do not store full card numbers. We receive transaction confirmations, subscription status, and billing address.
  • Bank statement data: when you upload CSV bank/card statements for subscription discovery, we process transaction descriptions and amounts. Files are processed in-memory and not stored permanently unless you explicitly save discovered subscriptions.
  • Google account services: with your explicit consent, we access your connected Google services to discover subscriptions and recurring charges.
  • Usage data: pages visited, features used, device type, browser, IP address (anonymized).

3. How We Use Your Data

  • Provide and improve the assetdig service (subscription tracking, renewal alerts, spend analytics).
  • Process payments and manage your subscription.
  • Discover and categorize your software subscriptions from uploaded statements or connected accounts.
  • Send transactional emails (account verification, renewal alerts, billing receipts).
  • Analyze usage patterns to improve the product (via Google Analytics and Vercel Analytics).
  • Comply with legal obligations.

4. Legal Basis (GDPR)

We process your data based on:

  • Contract performance: to provide the service you signed up for.
  • Legitimate interest: to improve our product, prevent fraud, and ensure security.
  • Consent: for optional features like Google account integration and marketing communications.
  • Legal obligation: tax and accounting requirements.

5. Third-Party Services

We use the following third-party processors:

  • Supabase (EU region) — authentication and database hosting.
  • Stripe — payment processing (PCI DSS Level 1 certified).
  • Google Analytics — anonymized usage analytics.
  • Vercel — hosting and edge delivery.
  • Google OAuth — sign-in and account linking.

6. Data Retention

  • Account data is retained while your account is active and for 30 days after deletion request.
  • Uploaded bank statements are processed in real-time and not stored after processing completes.
  • Payment records are retained for 5 years as required by Polish tax law.
  • Analytics data is anonymized and retained for 26 months.

7. Your Rights (GDPR)

As an EU resident, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Restriction — limit how we process your data.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior processing.

To exercise these rights, email legal@assetdig.com. We respond within 30 days.

8. Cookies & Analytics

We use:

  • Essential cookies: authentication session, language preference.
  • Analytics cookies: Google Analytics (anonymized IP, 26-month retention) and Vercel Web Analytics (privacy-focused, no cookies).

We do not use advertising cookies or sell data to third parties.

9. Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Passwords hashed with bcrypt. API tokens stored as SHA-256 hashes.
  • Infrastructure hosted in EU data centers.
  • Regular security reviews and dependency audits.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

11. Contact & Complaints

Data Controller: SKdev, NIP: 7011083312
Address: ul. Władysława Pytlasińskiego 16/13, 00-777 Warszawa, Poland
Email: legal@assetdig.com

If you believe your rights have been violated, you may lodge a complaint with the Polish Data Protection Authority (UODO): uodo.gov.pl.