Verdiktum — Privacy Policy
Version: 1.0 · Effective date: 31 May 2026
1. Data controller
The controller is the natural person / sole proprietor Tomasz Kulesza, operating as:
HOOGO – Tomasz Kulesza (a sole proprietorship registered in the Polish CEIDG business register) ul. Graniczna 53C lok. 47, 40-018 Katowice, Poland NIP: 6342739846 · REGON: 380741153 Data contact:
contact@verdiktum.com
This policy fulfils the information duty under Articles 13–14 of Regulation (EU) 2016/679 (GDPR).
A Data Protection Officer is not mandatory at the current scale. If appointed, contact details will appear here; meanwhile use the address above.
2. Data we process
Account data: name (may be a pseudonym), email, password (stored hashed only), language (locale), plan tier, email-verification status.
Payment data: payment-provider customer ID (Stripe), payment-method type and last 4 card digits, trial/subscription dates. We do not store full card numbers — these are handled directly by the payment provider.
User Content: comments, ratings (votes), content reports, AI feedback, with metadata (date, language, moderation status).
Technical/session data: IP address, browser/user-agent, session data, activity time, security logs.
Newsletter: email, language, subscription status (double opt-in).
Analytics: aggregated, non-identifying traffic statistics (a privacy-focused tool that operates without cookies and without individual profiling — see Cookie Policy).
3. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating/operating an Account, providing the Service | Art. 6(1)(b) — contract |
| Payments and subscriptions | Art. 6(1)(b) — contract |
| Publishing/moderating User Content | Art. 6(1)(b) and (f) — legitimate interest (safety, quality) |
| Handling complaints/requests | Art. 6(1)(c) and (f) |
| Newsletter | Art. 6(1)(a) — consent |
| Security, abuse prevention, logs | Art. 6(1)(f) — legitimate interest |
| Aggregated statistics | Art. 6(1)(f) — legitimate interest |
| Tax/accounting obligations | Art. 6(1)(c) — legal obligation |
| Establishing/defending legal claims | Art. 6(1)(f) — legitimate interest |
| Displaying advertising (Google AdSense) — free users and guests only | Art. 6(1)(a) — consent |
4. Recipients (processors)
We may share data with trusted providers acting on our behalf: Stripe (payments); transactional email providers (Postmark / Resend / Amazon SES); AI providers (Anthropic, Google, Groq) for analyses, translations and transcription; hosting/infrastructure (OVH — OVH Sp. z o.o., Wrocław / OVH SAS; servers in the European Union (Poland/France)); analytics (Plausible — aggregated); advertising network (Google LLC / Google AdSense — ads shown to free users and guests; Google may process data as an independent controller subject to user consent); internal notifications (Slack — operational only).
The current detailed list is in Sub-processors.
5. International transfers
Some providers (AI, payments, email) may process data outside the EEA (e.g. the USA). Transfers rely on an EU adequacy decision (e.g. EU–US Data Privacy Framework, where certified) or Standard Contractual Clauses (SCCs) with supplementary safeguards. Copies are available on request at contact@verdiktum.com.
6. Retention
- Account data — for the Account's lifetime and up to 30 days after deletion (excluding backups).
- Billing/invoices — as required by tax law (generally 5 years from year-end).
- User Content — until deleted; after Account deletion, comments may be anonymised.
- Technical logs — generally up to 12 months.
- Newsletter — until consent is withdrawn.
- Data for claims — until limitation periods expire.
7. Your rights
You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection to processing based on legitimate interest (Art. 21), and to withdraw consent at any time. You may lodge a complaint with the supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO), Stawki 2, 00-193 Warsaw (uodo.gov.pl) — or your local EU authority.
We respond without undue delay and within one month. Contact: contact@verdiktum.com.
8. Profiling and automated decisions
We do not make decisions producing legal or similarly significant effects based solely on automated processing (Art. 22 GDPR). AI Analyses concern Content (claims, predictions), not User profiling.
9. Provision of data
Providing data is voluntary but necessary to create an Account, make payments, or use registration-only features.
10. Security
We apply appropriate technical and organisational measures (encrypted connections, hashed passwords, access control, backups). In the event of a personal-data breach posing a risk, we will notify the supervisory authority and, where required, affected individuals.
11. Changes
We may update this policy; material changes are announced in the Service or by email. The last-updated date appears at the top.
Controller: Tomasz Kulesza (HOOGO – Tomasz Kulesza), ul. Graniczna 53C lok. 47, 40-018 Katowice, Poland.