Privacy Policy
Last updated: July 2026
1. Data Controller
The data controller for ziskify is Matúš Masár, reachable at masarmatthew@gmail.com.
2. Data We Collect
When you use ziskify, we collect the following data:
- Account data - your name, email address, and profile picture, obtained via Google Sign-In.
- Business data - supplier profile, bank accounts, and settings you configure.
- Invoice data - invoices, customers, line items, amounts, and payment status you create.
- Technical data - session tokens stored in cookies, and server logs (IP address, timestamps) for security purposes.
3. How We Use Your Data
We use your data solely to provide the Service: to authenticate you, display your invoices and customers, and generate PDF documents. We do not sell, share, or use your data for advertising or profiling.
4. Legal Basis (GDPR)
We process your data on the basis of contractual necessity (Art. 6(1)(b) GDPR). Your data is required to deliver the features you use. Technical logs are processed on the basis of legitimate interests (Art. 6(1)(f) GDPR) for security and abuse prevention.
5. Cookies
ziskify uses only strictly necessary session cookies required for authentication. Without them, you cannot stay logged in. No tracking, advertising, or analytics cookies are used. Because these cookies are essential, no consent is required under the ePrivacy Directive.
6. Data Retention
Your data is retained for as long as your account is active. If you delete your account, all associated data (invoices, customers, settings) is permanently deleted within 30 days.
7. Data Storage
Your data is stored on servers within the European Union (Neon PostgreSQL, EU region) and processed on Vercel infrastructure. Both providers maintain appropriate security measures and GDPR compliance.
8. Your Rights
Under GDPR, you have the right to access, rectify, and erase your personal data; the right to data portability; and the right to object to processing. To exercise any of these rights, contact us at masarmatthew@gmail.com. We will respond within 30 days.
9. Third-Party Services
We use the following third-party services:
- Google OAuth - for authentication.
- Neon - PostgreSQL database hosting.
- Vercel - application hosting and deployment.
- Czech National Bank API - public exchange rate data, no personal data shared.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page.
11. Contact & Complaints
For privacy questions, contact masarmatthew@gmail.com. You also have the right to lodge a complaint with your national data protection authority.