← Back

Privacy Policy

Last updated: February 11, 2025

1. Data Controller

The data controller for your personal data is:

steezr s.r.o.
Email: hello@steezr.com
Web: steezr.com

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Steezr Hub ("Platform"), in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Czech data protection laws.

2. What Data We Collect

We collect and process the following categories of personal data:

Category Examples
Account dataName, email address, profile photo
Business dataCompany name, IČO, DIČ, invoices, subscriptions, tasks
Usage dataLogin timestamps, pages visited, actions performed
Technical dataIP address, browser type, device information
Communication dataTask comments, messages sent through the Platform

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

  • Performance of a contract (Art. 6(1)(b)) — Processing is necessary to provide you with access to the Platform and deliver our services under our business agreement.
  • Legitimate interests (Art. 6(1)(f)) — We process usage and technical data to maintain Platform security, prevent fraud, and improve our services.
  • Legal obligation (Art. 6(1)(c)) — We may process data to comply with tax, accounting, or other legal requirements.

4. How We Use Your Data

  • Providing and maintaining your access to the Platform
  • Managing tasks, invoices, subscriptions, and other business operations
  • Sending service-related notifications (e.g., task updates, invoice alerts)
  • Ensuring Platform security and preventing unauthorized access
  • Complying with legal and regulatory obligations
  • Improving the Platform's functionality and user experience

5. Data Storage and Transfers

Your data is stored on servers located within the European Union:

  • Application hosting: Hetzner Online GmbH, Germany
  • Database: PostgreSQL hosted on Hetzner, Germany
  • File storage: Hetzner Object Storage, Germany

We do not transfer your personal data outside the European Economic Area (EEA). If this changes in the future, we will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) and update this policy accordingly.

6. Third-Party Processors

We use the following third-party services that may process your data on our behalf:

  • Fakturoid — Invoicing and billing (Czech Republic)
  • Hetzner Online GmbH — Infrastructure hosting (Germany)

All third-party processors are bound by data processing agreements in compliance with GDPR.

7. Data Retention

We retain your personal data for as long as your account is active and as necessary to fulfill the purposes described in this policy. After account termination:

  • Account and business data is retained for the duration required by Czech tax and accounting laws (typically 10 years for financial records).
  • Usage and technical data is deleted or anonymized within 12 months.
  • You may request earlier deletion of non-legally-required data at any time.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15) — You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — You can request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — You can request deletion of your data, subject to legal retention requirements.
  • Right to restriction (Art. 18) — You can request that we limit the processing of your data.
  • Right to data portability (Art. 20) — You can request your data in a structured, machine-readable format.
  • Right to object (Art. 21) — You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@steezr.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, uoou.cz).

9. Cookies and Session Data

The Platform uses only essential cookies required for its operation:

  • Session cookie — Maintains your authenticated session. Expires when you close your browser or after inactivity.
  • CSRF token — Protects against cross-site request forgery attacks.

We do not use any analytics, advertising, or third-party tracking cookies.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Encrypted data storage at rest
  • Role-based access controls
  • Regular security updates and monitoring
  • Password hashing using industry-standard algorithms

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

For any questions or requests regarding your personal data, please contact us at:

steezr s.r.o.
Email: hello@steezr.com
Web: steezr.com