Privacy

Privacy Policy

Last Updated: 2026-02-08

1. Data Controller

The data controller for the Kraliki platform is Verduona s.r.o., a company registered in the Czech Republic. We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Kraliki is a product of Verduona s.r.o. References to "Kraliki," "we," "us," or "our" in this policy refer to Verduona s.r.o. as the data controller.

2. What Data We Collect

We collect the following categories of personal data when you use our platform:

  • Account information: name, email address, company name, and password hash
  • Billing data: payment method details (processed and stored by Stripe), billing address, and transaction history
  • Usage data: platform interaction logs, feature usage metrics, and performance analytics
  • Technical data: IP address, browser type, operating system, device identifiers, and session information
  • Communication data: support requests, feedback, and any correspondence with our team

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and operating the Kraliki platform and its services
  • Processing payments and managing your subscription
  • Communicating with you about your account, updates, and support requests
  • Improving our platform through aggregated, anonymized usage analytics
  • Complying with legal obligations and protecting our legitimate interests

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract performance: processing necessary to provide the Service you subscribed to
  • Legitimate interests: analytics, security, and platform improvement, where these do not override your rights
  • Legal obligation: processing required to comply with applicable laws and regulations
  • Consent: where you have given explicit consent, such as for marketing communications

5. Cookies and Tracking

We use minimal cookies to operate the platform:

  • Essential cookies: session management, authentication, and language preferences
  • Analytics cookies: anonymized usage statistics to improve the platform (only with your consent)

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the platform.

6. Third-Party Services

We share data with the following categories of third-party service providers, each bound by data processing agreements:

  • Stripe: payment processing (Stripe acts as an independent data controller for payment data)
  • AI providers: your API keys are used directly with providers you choose (we do not share your personal data with them; only your API keys authenticate requests)
  • Infrastructure providers: hosting and cloud services with data centers located in the EU

7. Data Retention

We retain your personal data for as long as your account is active and for a period of 30 days after account deletion to allow for recovery. After this period, your data is permanently deleted from our systems.

Financial records and transaction data are retained for 10 years as required by Czech tax and accounting regulations. Anonymized analytics data may be retained indefinitely.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal retention requirements)
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restrict processing: request limitation of how we process your data
  • Right to object: object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact our Data Protection Officer at the address below. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security audits, and incident response procedures. While we strive to protect your data, no system is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data is primarily stored and processed within the European Union. If data transfer outside the EU is necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

11. Children's Privacy

The Kraliki platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform at least 30 days before they take effect. The date at the top of this policy indicates when it was last updated.

13. Contact and DPO

For questions about this Privacy Policy or to exercise your data protection rights, contact our Data Protection Officer:

privacy@kraliki.com

You also have the right to lodge a complaint with the Czech Data Protection Authority (UOOU) or your local supervisory authority.