Privacy Policy
Effective date: March 16, 2026
We believe privacy policies should be readable, not just legally sufficient. This document explains what data we collect, why we collect it, and who else gets to see it. No surprises, no fine-print tricks.
1. Who we are
The data controller is Marcin Perłak, operating as a sole proprietor under the business name Marcin Perłak Mroomy, ul. Zamknięta 10 lok. 1.5, 30-554 Kraków, Poland, NIP: 2220668250.
If you have any questions about your data, reach out at [email protected]. You will hear back from a real person — not a bot, not a form letter.
2. What data we collect and why
We only collect what we genuinely need to deliver the product and keep the lights on. Here is the full list:
2.1 When you buy Straktur
Your name, email address, and payment details are collected by our payment processor, Stripe, at checkout. We need this to process your payment, deliver the product, and issue a receipt.
- Legal basis: performance of a contract (Article 6(1)(b) GDPR) and compliance with tax/accounting obligations (Article 6(1)(c) GDPR).
- Retention: transaction records are kept for the period required by Polish tax law (currently 5 years from the end of the tax year in which the transaction occurred).
2.2 When you email us
If you write to us — whether it’s a question, a complaint, or just to say hi — we store your email and the content of the conversation for as long as needed to resolve it, and then for any applicable statutory limitation period.
- Legal basis: our legitimate interest in communicating with customers (Article 6(1)(f) GDPR).
2.3 When you browse the website
We use Simple Analytics to understand how people find and use the website. Simple Analytics does not use cookies, does not track you across sites, and does not collect personal data. It tells us things like which pages are popular and which countries our visitors come from — nothing more.
- Legal basis: no personal data is processed, so GDPR does not apply to this service. No cookie consent is required.
3. Who we share data with
We do not sell your data. We do not run ads. We share data only with the service providers listed below, and only to the extent necessary for them to do their job:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Name, email, payment details | USA (EU SCCs in place) |
| Simple Analytics | Privacy-friendly website analytics | No personal data | EU (Netherlands) |
| Slack | Internal payment notifications | Order reference, email (internal use only) | USA (EU SCCs in place) |
Where data is transferred outside the European Economic Area, we rely on the EU Standard Contractual Clauses (SCCs) as the transfer mechanism, in accordance with Article 46(2)(c) GDPR.
4. Cookies
We keep it simple: the Website does not use tracking cookies or advertising cookies. Stripe may set strictly necessary cookies during the checkout process to prevent fraud. These are exempt from consent requirements under the ePrivacy Directive.
5. Your rights
Under the GDPR, you have the right to:
- Access your data — ask us what we have, and we will tell you.
- Rectify your data — if something is wrong, let us know and we will fix it.
- Erase your data — ask us to delete it, and we will, unless we are legally required to keep it (e.g. tax records).
- Restrict processing — you can ask us to pause processing in certain situations.
- Data portability — receive your data in a structured, commonly used format.
- Object to processing based on legitimate interest.
To exercise any of these rights, email [email protected]. We will respond within 30 days (or sooner — we try to be quick).
If you believe we are handling your data incorrectly, you have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, uodo.gov.pl), ul. Stawki 2, 00-193 Warszawa.
6. Data security
We use HTTPS across the entire Website. Payment data is handled entirely by Stripe and never touches our servers. Access to customer data is limited to the business owner.
7. Children
Straktur is a developer tool for businesses. We do not knowingly collect data from anyone under 16. If you believe we have, please contact us and we will delete it immediately.
8. Changes to this policy
If we make meaningful changes to this policy, we will update the effective date at the top and, where practical, notify existing customers by email. We will not reduce your rights under a previous version without your consent.