1. Data controller
Integra Consulting Services s.r.o., Company ID: 24216941.
Contact for data protection matters: David.Picha@integra.cz.
2. What data we process
- Account data — email, password hash, first name, last name, company, optional job position.
- Estimate data — project name, free-text descriptions, scoping inputs and computed man-day estimates you create in the wizard.
- Calibration data — actual project man-days you optionally record in the Training module to tune the estimation engine.
- Technical data — IP address and user-agent in server logs (kept for max 30 days for security and abuse prevention).
We do not use analytics, advertising, fingerprinting or marketing tracking.
3. Purpose and legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Providing the account and the estimation service | Contract performance — Art. 6(1)(b) |
| Securing the service, abuse and fraud prevention | Legitimate interest — Art. 6(1)(f) |
| Compliance with legal obligations (e.g. accounting, requests from authorities) | Legal obligation — Art. 6(1)(c) |
4. How long we keep your data
- Account and estimate data: as long as your account exists. After account deletion, data is erased within 30 days, except where retention is required by law.
- Server logs: max 30 days.
5. Sub-processors
We use the following sub-processors to operate the service. They process data on our behalf under data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase (via Lovable Cloud) | Database and authentication | EU |
| Cloudflare, Inc. | Hosting, edge runtime, DNS | EU edge with global CDN |
| PostHog Inc. (EU Cloud) | Anonymous product analytics — page views and explicit funnel events only. No cookies, no localStorage IDs, no session recording, no IP geolocation enrichment beyond country. | EU (Frankfurt) |
No data is sold or shared with third parties for advertising or profiling.
6. Your rights
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). You may exercise these rights by writing to David.Picha@integra.cz. You may also lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz).
7. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are stored as one-way hashes. Database access is enforced by Row-Level Security so each user only reads their own records.
8. Cookies
We use only strictly necessary cookies — see the Cookie Policy.
9. Changes
We may update this Policy. The current version and effective date are shown at the top of the page. Material changes will be announced inside the application before they take effect.