Privacy

Privacy Policy

Last updated: 2026-02-08

1. Data Controller

The data controller for the Kraliki platform is Verduona s.r.o., a company registered in the Czech Republic. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Kraliki is a product of Verduona s.r.o. References to "Kraliki," "we," "us," or "our" in this policy refer to Verduona s.r.o. as the data controller.

2. What Data We Collect

When using our platform, we collect the following categories of personal data:

  • Account information: name, email address, company name, and password hash
  • Billing details: payment method details (processed and stored by Stripe), billing address, and transaction history
  • Usage data: platform interaction logs, feature usage metrics, and performance analytics
  • Technical data: IP address, browser type, operating system, device identifiers, and session information
  • Communication data: support requests, feedback, and any correspondence with our team

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and operating the Kraliki platform and its services
  • Processing payments and managing your subscription
  • Communicating with you about your account, updates, and support requests
  • Improving our platform through aggregated, anonymized usage analytics
  • Complying with legal obligations and protecting our legitimate interests

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance: processing necessary to provide the Service you have subscribed to
  • Legitimate interests: analytics, security, and platform improvement, where these do not override your rights
  • Legal obligation: processing required to comply with applicable laws and regulations
  • Consent: where you have given explicit consent, such as for marketing communications

5. Cookies & Tracking

We use a minimal set of cookies to operate the platform:

  • Essential cookies: session management, authentication, and language preferences
  • Analytics cookies: anonymized usage statistics for platform improvement (only with your consent)

You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

6. Third-Party Services

We share data with the following categories of third-party service providers, each bound by a data processing agreement:

  • Stripe: payment processing (Stripe acts as an independent data controller for payment data)
  • AI providers: your API keys are used directly with your chosen providers (we do not share your personal data with them)
  • Infrastructure providers: hosting and cloud services with data centers in the EU

7. Data Retention

We retain your personal data for the duration of your active account and 30 days after deletion for potential recovery. After this period, your data is permanently deleted from our systems.

Financial records and transaction data are retained for 10 years as required by Czech tax and accounting regulations. Anonymized analytics data may be retained indefinitely.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal retention periods)
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restriction: request limitation of how we process your data
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes

To exercise any of these rights, contact our Data Protection Officer at the address below. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security audits, and incident response procedures. While we strive to protect your data, no system is completely secure and we cannot guarantee absolute security.

10. International Data Transfers

Your data is primarily stored and processed within the European Union. If data transfer outside the EU is necessary, we ensure appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

11. Children's Privacy

The Kraliki platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we discover that we have collected data from a child, we will take steps to delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform at least 30 days before they take effect. The date at the top of this policy indicates when it was last updated.

13. Contact & DPO

For questions about this Privacy Policy or to exercise your data protection rights, contact our Data Protection Officer:

privacy@kraliki.com

You also have the right to lodge a complaint with the Czech Data Protection Authority (UOOU) or your local supervisory authority.