Privacy Policy, GDPR and Cookie Information

What data is collected, how, and what for?

When you create an account and/or choose a plan, you provide us with personal information: email address, name, billing address. If you decide to "Sign in with Google", we will use your email address associated with your Google account to create your account in OsomChat (no other data from Google will be accessed or used). We use this information to provide you with the Service. We also use the billing information for legal obligations (like issuing invoices or paying taxes). In rare occasions, we may also use the email address to contact you regarding your account. 

If you pay for your use of the Service with credit card, Stripe temporarily stores your credit card information. It's encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as it's necessary to complete it. After completion, it is permanently deleted.

We use your information for the purpose of our legitimate business interests (such as providing and improving the Service), if those legitimate interests are not overridden by your rights or interests.

Data transfers and automated decision-making

To operate efficiently, we use various online services. While we use these services, certain information will be transferred to these services, sometimes in different jurisdictions and data protection laws than yours. We use the following services with data transfer based on Privacy Shield Agreement:
- Stripe (US): credit card processing

We may also transfer data to the following third parties, which store data in the European Union: InFakt, Heroku (a subsidiary of Salesforce). We will share data with these third parties only to the extent necessary to perform services offered by these third parties (accounting, handling payments).

We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: respond to legal process or to government requests; enforce our agreements, terms and policies; prevent, investigate, and address fraud and other illegal activity, security, or technical issues; protect the rights, property, and safety of our customers or others.

No automated decision-making is performed in connection with the Service.

Data retention

We collect and retain personal data in an identifiable format for the amount of time necessary to meet your request (providing the Service) or fulfill our legal obligations, but no longer than 10 years.

Cookies

Cookies are small text files saved on your computer or mobile device by a web browser. We use one cookie with session identifier.

If you want to change which cookies are saved, you can do it on a per-website basis and block/delete all or some of them. 

Your rights

If you live in the European Economic Area (EEA), UK, and Switzerland, you have a right to:
- access a copy of your personal information
- information about the processing of your data
- object to processing that is likely to cause or is causing damage or distress
- prevent processing for direct marketing
- transfer your data to a third party
- object to decisions being taken by automated means and to be profiled
- have inaccurate personal data rectified, blocked, erased or destroyed (in certain circumstances)
- claim compensation for damages caused by a security breach, but we encourage you to first contact us with any questions or concerns.

Under the CCPA, California residents have additional rights to: 
- request personal information about to be deleted, subject to several exceptions
- opt-out of the sale of personal information. 

We do not “sell” personal information as defined by the CCPA and have not done so in the past 12 months. 
  
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. 

Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.

Security

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your information against loss, misuse, unauthorized access, disclosure, and alteration. 

Contact

Keyshorts Sebastian Kończak company is your data administrator.

If you have general questions about our Privacy Policy and practices or questions about your personal data, you may contact us at [email protected]

If you live in the European Economic Area (EEA) and Switzerland, you have the right to lodge a complaint with the supervisory authority for data protection in your country, should you find that we did not appropriately address your question or concern.

You can also reach us by mail at Keyshorts, Gdańska 141/125, 90-536 Łódź, Poland.