SupaDir
Get started free

Privacy Policy

Effective Date: May 26, 2026

Note: This is a draft document pending legal review. It does not constitute a legally binding agreement until verified by a qualified attorney.

This Privacy Policy explains how JZP.media, with its registered office at Poznan, Poland, entered into the Register of Entrepreneurs under NIP: PL8861970595 ("Operator", "we", "us", or "our"), collects, uses, processes, and protects your personal data.

1. Our Role in Data Processing

Under the General Data Protection Regulation (GDPR), our legal responsibilities depend on your relationship with our platform:

  • Data Controller: We act as the Data Controller for the personal data of Catalog Administrators ("Admins") who subscribe directly to our SaaS infrastructure.
  • Data Processor: We act strictly as a Data Processor for any personal data pertaining to Listing Owners, general visitors, or end-users whose information is stored within the directories. The Admin is the sole Data Controller for this information.

2. Data We Collect as a Controller

When you register as an Admin, we collect and process the following categories of data:

  • Account and Identity Information: Your name, email address, password hash, and corporate details (such as NIP and registered address).
  • Financial Data: Billing information and transaction history. Sensitive credit card information is processed securely by our payment provider, Stripe, and is not stored on our servers.
  • Technical and Usage Data: IP addresses, browser types, authentication logs, and statistical data regarding your usage of the platform.

3. Legal Basis for Processing

We process your data strictly in accordance with the GDPR, relying on the following lawful bases:

  • Performance of a Contract (Art. 6(1)(b) GDPR): To deliver our SaaS infrastructure, manage your subscription, and provide necessary customer support.
  • Legal Obligation (Art. 6(1)(c) GDPR): To issue invoices and comply with mandatory Polish tax and accounting regulations.
  • Legitimate Interests (Art. 6(1)(f) GDPR): To monitor platform security, prevent fraudulent activities, and improve our technical operations.

4. Data Sharing and Sub-processors

We do not sell your personal data. We may share data with authorized third-party Sub-processors only to the extent necessary to deliver our Services:

  • Infrastructure Hosting: Hetzner Online GmbH, with servers physically located within the European Economic Area (EEA).
  • Payment Routing: Stripe Payments Europe, Ltd.
  • Transactional Email: Resend.

We enforce Data Processing Agreements with all our Sub-processors to ensure your data remains protected.

5. Data Retention

We apply strict storage limitation protocols to minimize data retention:

  • Active Accounts: Admin data is retained for the duration of an active subscription.
  • Tenant Databases (Soft Deletion): Upon account cancellation or prolonged non-payment, databases are retained in a "soft-deleted" state before permanent eradication.
  • System Backups: Cross-bucket object storage backups are retained for 14 days.
  • Server Logs: System and security logs are retained for 30 days.
  • Billing Records: Invoices are archived for 7 years to comply with Polish tax obligations.

6. Your Rights as a Data Subject

Under the GDPR, you have the right to:

  • Access a copy of your personal data.
  • Request the rectification of inaccurate or incomplete data.
  • Request the erasure of your data ("Right to be Forgotten"), provided there is no overriding legal obligation to retain it.
  • Restrict or object to certain types of processing.
  • Request data portability.

To exercise any of these rights, or if you have questions regarding this Privacy Policy, please contact us at [email protected].

You also have the right to lodge a complaint with the Polish supervisory authority (Prezes Urzędu Ochrony Danych Osobowych — PUODO).