Privacy Policy
This English version is a convenience translation; the Czech version prevails in case of any discrepancy.
This policy describes what personal data the Danito service (the “service”) collects, why it processes them, and how it protects users’ rights under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and related Czech legislation (Act No. 110/2019 Coll., on the Processing of Personal Data).
Controller and contact
The operator of the service and the controller of personal data is the founder of the Danito project (a natural person, with a registered seat in the Czech Republic). Contact for all questions regarding personal-data protection and the exercise of data-subject rights:
- E-mail: privacy@danito.cz
- Address: will be added before the service launches on the production domain.
The controller has not yet appointed a data protection officer; the scope of processing at the current size of the service does not require it.
Categories of processed data
The service processes the following categories of personal data:
- Data for creating and managing an account: e-mail address and password (stored only as a cryptographic hash using Argon2id; the password itself is never stored or logged by the service).
- Identification data of the billing subject: first and last name of a natural person or the name of a legal entity, address, company ID (IČO), tax ID (DIČ) — used by the user to issue invoices.
- Data on invoices, expenses, and platform income: invoice items, amounts, due dates, payers and recipients, expense descriptions, data on income received through a platform (e.g. platform name, amount, date).
- An uploaded payout document retained to improve processing (only with your consent): if an uploaded payout document cannot be recognized automatically and you actively choose to leave it with us, we temporarily store its file in order to fine-tune the automatic processing of this type of document. If you decline, close the dialog, or do nothing, nothing is stored.
- Subscription status: chosen tariff, activation and renewal date, change history (no payments yet in the MVP — see “Payment processor” below).
- Feedback: the content of messages sent by the user through the feedback form.
- Operational logs and audit trail: records in audit tables (Hibernate Envers) about changes to key entities, and application logs limited to an allow-list of fields (no PII in the logs).
Legal basis for processing
| Data category | Legal basis |
|---|---|
| Data for creating and managing an account | Performance of a contract (Art. 6(1)(b) GDPR) |
| Identification data of the billing subject | Performance of a contract and legitimate interest in providing the service |
| Invoices, expenses, platform income | Performance of a contract |
| An uploaded payout document retained to improve processing | Consent (Art. 6(1)(a) GDPR) |
| Subscription status | Performance of a contract |
| Feedback | Legitimate interest in improving the service |
| Operational logs and audit trail | Legitimate interest in the security, integrity, and accountability of operations |
| Anonymous traffic statistics (Umami) | Legitimate interest in a fully anonymous form; for details see the cookie policy |
Retention period
- Account and user content (subjects, invoices, expenses, platform income, subscription, feedback): for the duration of the account. When the user deletes the account, the data is hard-deleted via the Delete subject / Delete account feature (cascade delete at the database level).
- An uploaded payout document retained to improve processing: stored only when, after unsuccessful recognition, you actively leave the document with us; if you decline, close the dialog, or do nothing, nothing is stored. We use the stored file solely to fine-tune automatic processing and physically delete it within 30 days at the latest (the deletion concerns the file itself in storage). If you requested to be notified once this type of document can be processed, that promise is tied to the retention period — once the document is deleted, we will no longer send the notification.
- Audit trail (Hibernate Envers): for the duration of the account. Audit records are part of the relevant account and are deleted together with it.
- Operational logs: short-term (on the order of days to a few weeks) within an internal self-hosted GlitchTip; the logs contain only items from an allow-list (SafeLog allow-list) — no PII, passwords, or user content.
- Anonymous traffic statistics: aggregated metrics without identifiers; for details see the cookie policy.
Recipients and processors
The service is operated with a minimum of external processors. All data is primarily stored on infrastructure in the European Union (Hetzner Online GmbH, Germany). Sub-processors used in the MVP:
- Hetzner Online GmbH (Germany) — hosting of the PostgreSQL database, the marketing pages, and self-hosted internal services (GlitchTip, Umami). Contractual relationship based on a GDPR data-processing agreement.
- Postmark (ActiveCampaign, LLC, USA) — sending transactional e-mails (account confirmation, forgotten password, billing notifications). Transfer outside the EU takes place on the basis of Standard Contractual Clauses; the e-mail content contains no sensitive data beyond the recipient and the message text.
- Self-hosted GlitchTip (on Hetzner infrastructure) — application error tracking; receives only logs from an allow-list of fields.
- Self-hosted Umami (on Hetzner infrastructure) — anonymous traffic analytics; does not process identifiers or cross-site tracking.
- Uptime Kuma on an external VPS (outside Hetzner) — availability monitoring of the service from an independent location; receives only publicly available status data (HTTP responses), does not process users’ personal data.
A payment processor is not yet involved — paid tariffs will become available in the MVP after billing is implemented (a separate project). Once it is involved, this section will be supplemented with the specific processor and this policy will be updated within the same release.
Data-subject rights
In accordance with the GDPR, the user has the right:
- to access the personal data the service processes about them;
- to rectification of inaccurate data;
- to erasure (“the right to be forgotten”) — the user can carry it out themselves via the Delete subject / Delete account feature, or upon a written request;
- to restriction of processing in the cases set out by the GDPR;
- to portability of the data in a structured, commonly used, and machine-readable format;
- to object to processing based on legitimate interest;
- to withdraw consent to processing where consent is the legal basis (typically cookies — see the cookie policy);
- to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).
Exercising these rights is free of charge. Contact: privacy@danito.cz. The controller usually handles requests within 30 days of receipt.
Changes to this policy
This policy may be updated from time to time — in particular when a new processor is involved or the scope of processed data changes. The current version is always available on this page and includes the date of the last update. Substantial changes (in particular involving a new processor or payment intermediary) will be announced to users by e-mail at least 30 days before they take effect.