Privacy Policy

Latest update: January 26, 2026

This policy explains what data we collect, why we collect it, and the choices you have. It applies to the Tsukurio website and services (the "Service").

Data Controller

The controller responsible for the processing of your Personal Data is a sole proprietor based in Košice, Slovakia.

Contact: privacy@tsukur.io

Full identity and address details are available upon request by contacting the email above.

Summary

  • We automatically collect limited Usage Data when you use the Service.
  • We rely on trusted third parties to operate the Service, including Vercel (hosting), Supabase (authentication), and Stripe (payments).
  • You can manage certain preferences via your browser or by contacting us.

Types of Data collected

Personal Data may be provided by you or collected automatically when using the Service. Unless stated otherwise, requested data is mandatory to provide the Service.

  • Account information (e.g., email) when you sign in via Supabase.
  • Usage Data such as IP address, device/browser information, pages viewed, request timestamps, and referrers.
  • Purchase information related to transactions processed by Stripe (no full card data stored on Tsukurio servers).
  • Support communications if you contact us.

Mode and place of processing the Data

Methods of processing

We take appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Data. Processing is carried out using IT tools and organizational measures strictly related to the stated purposes. In addition to Tsukurio personnel, certain data may be accessible to service providers acting as processors.

Place

Data is processed at our operating locations and at providers’ data centers. Depending on your location, data transfers may occur to countries outside the European Economic Area (EEA), including the United States.

For transfers to countries without an adequacy decision from the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms under applicable data protection law. Our key service providers (Vercel, Supabase, Stripe) maintain appropriate certifications and contractual commitments for international data transfers.

Retention time

We retain Personal Data as long as necessary for the purposes described in this policy and to comply with legal obligations.

The purposes of processing

  • Provide and operate the Service.
  • Authenticate users and secure access.
  • Process purchases and manage entitlements.
  • Monitor performance, troubleshoot, and prevent abuse.
  • Comply with legal obligations and enforce terms.

Detailed information on the processing of Personal Data

Hosting and backend infrastructure — Vercel Inc. (United States)

We deploy and serve the Service via Vercel. Vercel may process Usage Data such as IP addresses and request metadata to deliver and protect the Service.

Authentication — Supabase

We use Supabase Auth to handle sign-in and session management. This involves processing account information (e.g., email) and session cookies/tokens.

Payments — Stripe

Payments are processed by Stripe. We do not store full payment card details on our servers. Stripe processes payment information in accordance with its own privacy practices.

Cookie Policy

We use cookies and similar technologies for essential operations (e.g., authentication session) and to improve the Service. You can control cookies through your browser settings. Blocking essential cookies may impact functionality.

Further Information for Users in the European Union

Legal basis of processing

  • Consent (e.g., for certain optional cookies or communications).
  • Contract (to provide the Service you request).
  • Legal obligation (e.g., tax, accounting, fraud prevention).
  • Legitimate interests (e.g., service reliability, security).

Retention

Unless stated otherwise, we retain Personal Data for as long as needed to provide the Service and meet legal obligations.

Your rights

  • Access, correct, or delete your Personal Data.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection authority.

For direct marketing, you may object at any time.

How to exercise your rights

Submit a request via privacy@tsukur.io. We will respond as soon as possible and within the time limits required by law.

Additional information

We may process Personal Data for legal purposes in the event of disputes or regulatory inquiries. For operation and maintenance, we may log system events and use IP addresses for security.

Changes to this policy

We may update this policy from time to time. We will post changes on this page and update the date above. Continued use of the Service after changes means you accept the updated policy.

Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Usage Data: Information collected automatically, including IP, device, browser, pages viewed, and timestamps.
  • Controller: The entity that determines the purposes and means of processing Personal Data.
  • Processor: A service provider processing Personal Data on behalf of the Controller.