Privacy Policy
Last updated: March 10, 2026
1. Data Controller
The data controller for the processing of your personal data is:
- Company: Rosabrillo s.r.o.
- Registered in: Slovak Republic
- Email: [email protected]
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the anyterm platform (“Service”), in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and Act No. 18/2018 Coll. on the Protection of Personal Data of the Slovak Republic.
2. Personal Data We Collect
We collect the following categories of personal data:
2.1 Data You Provide
- Account information: name, email address, and password (hashed) when you register.
- Payment information: billing details processed through Stripe. We do not store full credit card numbers.
- Communications: information you provide when contacting support.
2.2 Data Collected Automatically
- IP address: captured during authentication sessions for security, rate limiting, and fraud prevention.
- User agent string: captured during authentication sessions to identify the browser and device used to sign in.
- Activity logs: actions performed within the Service (e.g., session creation, key management) with timestamps, for organizational audit purposes.
- Aggregated analytics: we use Umami, a privacy-focused, cookieless analytics tool that collects anonymous, aggregated page-view data. It does not collect personally identifiable information.
- Cookies and similar technologies: as described in our Cookie Policy.
2.3 Data We Do NOT Collect
Due to our zero-knowledge, end-to-end encrypted architecture, we cannot and do not access the content of your terminal sessions. All session data is encrypted client-side before transmission and can only be decrypted by the intended recipients.
3. Legal Bases for Processing (Article 6 GDPR)
We process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service | Performance of a contract (Art. 6(1)(b)) |
| Processing payments | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (e.g., password reset) | Performance of a contract (Art. 6(1)(b)) |
| Security, fraud prevention, and abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Analytics and Service improvement | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Art. 6(1)(a)) |
4. Data Sharing and Recipients
We do not sell your personal data. We may share your data with the following categories of recipients:
- Payment processors: Stripe, Inc. — for processing subscription payments.
- Email service provider: Resend — for sending transactional emails.
- Analytics: Umami (privacy-focused, cookieless analytics) — for understanding Service usage.
- Infrastructure providers: hosting and cloud service providers for operating the Service.
- Legal authorities: when required by applicable law or a valid legal process.
5. International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure adequate safeguards are in place, including:
- EU Commission adequacy decisions (Art. 45 GDPR).
- Standard Contractual Clauses (SCCs) approved by the EU Commission (Art. 46(2)(c) GDPR).
- The EU-U.S. Data Privacy Framework, where applicable.
6. Data Retention
We retain your personal data only as long as necessary:
- Account data: retained while your account is active and for up to 30 days after deletion to allow recovery.
- Payment records: retained for up to 10 years as required by Slovak tax and accounting laws (Act No. 431/2002 Coll.).
- Usage and analytics data: retained for up to 26 months, then anonymized or deleted.
- Support communications: retained for up to 3 years after resolution.
7. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR. You may exercise any of these rights by contacting us at [email protected]:
- Right of access (Art. 15): obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16): correct inaccurate or incomplete personal data.
- Right to erasure (Art. 17): request deletion of your personal data (“right to be forgotten”).
- Right to restriction (Art. 18): restrict processing of your personal data in certain circumstances.
- Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interests, including profiling.
- Right to withdraw consent (Art. 7(3)): withdraw consent at any time where processing is based on consent.
We will respond to your request within 30 days. If we need more time, we will inform you of the extension and the reasons within the initial 30-day period.
8. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:
- Úrad na ochranu osobných údajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic)
- Website: https://dataprotection.gov.sk
9. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- End-to-end encryption for all terminal session data (XChaCha20-Poly1305).
- Passwords hashed using secure algorithms.
- HTTPS/TLS encryption for all data in transit.
- Regular security assessments and updates.
- Access controls and principle of least privilege.
10. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the “Last updated” date. For significant changes, we may also notify you via email.
12. Contact
For privacy-related inquiries or to exercise your data protection rights:
- Company: Rosabrillo s.r.o.
- Email: [email protected]
- Country: Slovak Republic