Privacy Policy

Last updated: 19/12/2025

This Privacy Policy contains information on the processing of your personal data in connection with the use of the "FlareFact" application. Any capitalized terms not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions.

Personal Data Administrator

The administrator of your personal data is Kacper Potyrała with registered office at Gawrzyłowska 44, 39-200 Dębica, entered into the Central Registration and Information on Business (CEIDG) with NIP: 8722437242, REGON: 522252720.

Contact with the Administrator

In all matters related to the processing of personal data, you can contact the Administrator via:

Personal Data Protection Measures

The Administrator applies modern organisational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter:"GDPR"), the Act of 10 May 2018 on the Protection of Personal Data and Other Personal Data Protection Regulations.

Information on Personal Data Processed

The use of the Application requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds of processing, as well as the period of processing and the obligation or voluntariness to provide them.

Conclusion and performance of the Service Provision Agreement and Account creation

Personal data processed:

  • Username
  • Name and Surname
  • E-mail address
  • address of residence/business (street, house number, apartment number, city, postal code, country)
  • company and TIN (if the Service Recipient is an Entrepreneur or an Entrepreneur with Consumer rights)

Legal basis: Article 6(1)(b) of the GDPR
(processing is necessary for the performance of the Service Provision Agreement concluded with the data subject or to take steps to conclude it)

Providing the above-mentioned personal data is a condition for concluding and performing the Service Provision Agreement (their provision is voluntary, but the consequence of failure to provide them will be the inability to conclude and perform the Application Supply Agreement).

The Administrator will process the above-mentioned personal data until the statute of limitations for claims under the Service Provision Agreement expires.

Conclusion and performance of the Newsletter Delivery Agreement

Personal data processed: E-mail address

Legal basis: Article 6(1)(b) of the GDPR
(processing is necessary for the performance of the Contract for the provision of the Newsletter or Digital Content concluded with the data subject or to take steps to conclude it)
and
Article 6(1)(f) of the GDPR
(processing is necessary for the purpose of the legitimate interest of the Administrator, in this case informing about new products and promotions available in the Application)

Providing the above-mentioned personal data is voluntary, but necessary in order to receive the Newsletter or Digital Content (the consequence of not providing them will be the inability to receive the Newsletter or Digital Content).

The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved, or until the claims arising from the Contract for the provision of the Newsletter or Digital Content expire (whichever occurs first).

Conducting a complaint procedure

Personal data processed: Name, surname, and e-mail address

Legal basis: Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Administrator is subject, in this case the following obligations:

  • responding to a complaint – Article 7a of the Consumer Rights Act;
  • exercising the Customer's rights resulting from the provisions on the Administrator's liability in the event of non-compliance of the Physical Goods with the Sales Contract or the Object of Digital Supply with the Contract applicable to it

Providing the above-mentioned personal data is a condition for receiving a response to the complaint or exercising the Service Recipient's rights resulting from the provisions on the Administrator's liability in the event of non-compliance of the Subject of Digital Service with the Agreement applicable to him (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the complaint and the exercise of the above-mentioned rights).

The Administrator will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the Service Recipient – until their limitation expires.

Conducting a verification procedure and considering appeals against decisions on dealing with unacceptable content

Personal data processed: Name and Surname/Business name, contact details, including e-mail address

Legal basis: Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Administrator is subject, in this case the following obligations:

  • provide a mechanism for reporting inappropriate content (Article 16 of Regulation 2022/2065 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act)(hereinafter: "DSA"))
  • Article 20 of the DSA

Providing the above-mentioned personal data is a condition for receiving a response to the report or exercising the Service Recipient rights under the provisions of the DSA (their provision is voluntary, but the consequence of failure to provide them will be the inability to receive a response to the report and the exercise of the above-mentioned rights).

The Administrator will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of exercising the above-mentioned rights of the Service Recipient – until their limitation expires.

Handling queries submitted by Service Recpients

Personal data processed: Name, E-mail address, other data contained in the message to the Administrator

Legal basis: Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Administrator, in this case responding to the inquiry received)

Providing the above-mentioned personal data is voluntary, but necessary in order to receive a response to the inquiry (the consequence of failure to provide them will be the inability to receive an answer). The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved (whichever occurs first).

Fulfilling tax obligations (m.in. issuing a VAT invoice, storing accounting documentation)

Personal data processed: Name, surname/company, address/registered office, and TIN

Legal basis: Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation to which the Administrator is subject, in this case obligations under tax law)

Providing the above-mentioned personal data is voluntary, but necessary for the Administrator to meet its tax obligations (the consequence of failure to provide them will be the Administrator's inability to meet the above-mentioned obligations). The Administrator will process the above-mentioned personal data for a period of 5 years from the end of the year in which the deadline for payment of tax for the previous year expired.

Compliance with obligations related to the protection of personal data

Personal data processed: Name and Surname, contact details provided by you (e-mail address; correspondence address; telephone number)

Legal basis: Article 6(1)(c) of the GDPR (processing is necessary to comply with a legal obligation to which the Administrator is subject, in this case the obligations resulting from the provisions on the protection of personal data)

Providing the above-mentioned personal data is voluntary, but necessary for the proper performance by the Administrator of the obligations resulting from the provisions on the protection of personal data, m.in. the exercise of the rights granted to you by the GDPR (the consequence of failure to provide the above-mentioned data will be the inability to properly exercise the above-mentioned rights).

Establishing, exercising or defending against legal claims

Personal data processed: Name and surname/company name, E-mail address, address of residence/registered office, PESEL, number TIN

Legal basis: Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Administrator, in this case establishing, investigating or defending against claims that may arise in connection with the performance of the Agreements concluded with the Administrator)

Providing the above-mentioned personal data is voluntary, but necessary in order to establish, pursue or defend against claims that may arise in connection with the performance of the Agreements concluded with the Administrator (the consequence of failure to provide the above-mentioned data will be the inability of the Administrator to take the above-mentioned actions).
The Administrator will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of the Agreements concluded with the Administrator.

Analysis of your activity in the App

Personal data processed: Date and time of the visit, IP number of the device, device operating system type, approximate location, type of web browser, time spent in the App, visited subpages, and other actions taken within the Application.

The above data are saved automatically in the so-called server logs, each time the Application is used (it would not be possible to administer it without the use of server logs and automatic saving).

Legal basis: Article 6(1)(f) of the GDPR (processing is necessary for the purpose of the legitimate interest of the Administrator, in this case obtaining information about your activity in the Application)

Providing the above-mentioned personal data is voluntary, but necessary in order for the Administrator to obtain information about your activity in the Application (the consequence of failure to provide them will be the Administrator's inability to obtain the above-mentioned information). The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.

Application Administration

Personal data processed: Date and time of visit, operating system, browser type, search queries, verification history, payment information.

The above data are saved automatically in the so-called server logs, each time the Application is used (it would not be possible to administer it without the use of server logs and automatic saving).

Legal basis: Article 6(1)(f) of the GDPR (processing is necessary for the purpose of pursuing the legitimate interest of the Administrator, in this case ensuring the proper operation of the Application)

Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the Application (the consequence of failure to provide them will be the inability to ensure the proper operation of the Application). The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of the processing is achieved.

Recipients of Personal Data

The recipients of personal data will be external entities cooperating with the Administrator:

1. Supabase Inc.

Address: 548 Market St, PMB 20793, San Francisco, CA 94104-5401, USA

TIN/EIN: 85-2575369

Services: Database hosting, authentication, and real-time services

2. Stripe, Inc.

Address: 510 Townsend Street, San Francisco, CA 94103, USA

TIN/EIN: 47-4141942

Services: Payment processing and billing services

3. Google LLC

Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

TIN/EIN: 61-1768469

Services: Cloud infrastructure, hosting, and computing services

4. Vercel Inc.

Address: 340 S Lemon Ave #4133, Walnut, CA 91789, USA

TIN/EIN: 47-2196472

Services: Hosting, deployment, and edge computing services

Personal data may also be transferred to public or private entities if required by law, court judgment, or administrative decision.

Transfer of Personal Data to Third Countries

In connection with the Administrator's use of services provided by external subprocessors, your personal data may be transferred to third countries including: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan, Indonesia, and Australia.

The basis for data transfer includes European Commission adequacy decisions and standard contractual clauses in compliance with Commission Implementing Decision (EU) 2021/914.

Supabase Inc. (USA)

Data transferred: Email address, username, profile information, IP address, device information, usage analytics

Purpose: Database hosting, user authentication, real-time data synchronization

Legal basis: Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework certification

Stripe, Inc. (USA)

Data transferred: Payment information, billing address, transaction history, device information, IP address

Purpose: Payment processing, fraud prevention, compliance with financial regulations

Legal basis: Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework certification

Vercel Inc. (USA)

Data transferred: Email address, usage analytics, IP address, device information, application logs

Purpose: Application hosting, performance monitoring, analytics

Legal basis: Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework certification

Google LLC (USA)

Data transferred: Account information, usage logs, IP address, device data, billing information

Purpose: Cloud infrastructure services, application hosting, monitoring

Legal basis: Standard Contractual Clauses (SCCs) and EU-US Data Privacy Framework certification

You can obtain from the Administrator a copy of the data transferred to a third country.

Your Rights

In connection with the processing of personal data, you have the following rights:

  1. the right to be informed what personal data concerning you is processed by the Administrator and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free of charge, for subsequent copies the Administrator may charge a fee;
  2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
  3. in certain situations, you can ask the Administrator to delete your personal data, e.g. when:
    1. the data will no longer be needed by the Administrator for the purposes of which it has informed;
    2. you have effectively withdrawn your consent to the processing of data - unless the Administrator has the right to process the data on another legal basis;
    3. the processing is unlawful;
    4. the need to delete the data results from a legal obligation to which the Administrator is subject;
  4. if personal data is processed by the Administrator on the basis of the consent granted to the processing or in order to perform the Agreement concluded with him, you have the right to transfer your data to another administrator;
  5. if personal data is processed by the Administrator on the basis of your consent to the processing, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal);
  6. if you believe that the processed personal data are incorrect, their processing is unlawful, or the Administrator no longer needs certain data, you can request that for a specified period of time (e.g. checking the correctness of the data or pursuing claims) the Administrator does not perform any operations on the data, but only stores them;
  7. you have the right to object to the processing of personal data based on the legitimate interest of the Administrator. In the event of an effective objection, the Administrator will cease to process personal data for the above-mentioned purpose;
  8. you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.

Cookies

The Administrator informs that the Application uses "cookies" installed on your end device. These are small text files that can be read by the Administrator's system and by systems belonging to other entities whose services are used.

Cookie Purposes:

  • Ensuring proper operation of the Application
  • Increasing comfort of using the Application
  • Creating statistics and analytics
  • Conducting marketing activities

Types of Cookies:

Strictly Necessary Cookies

These files are necessary for proper functioning of the Application and cannot be disabled. Most are session cookies, but some remain on your device for several months.

Vercel Analytics

Collects statistical data on how users use the Application, including number of visits, duration, search engines used, and location. Data is stored for up to 2 years.

You can manage cookies through your browser settings, but disabling them may cause difficulties in using the Application, such as needing to log in on each page or limitations in functionality.

Final Provisions

To the extent not regulated by this Policy, the generally applicable provisions on the protection of personal data shall apply.