BucketExperience

Privacy Policy

Last updated: February 17, 2026

1. Data Controller

The data controller responsible for processing your personal data is:

  • Name: Marek Matušica
  • Business Address: Šintava 560, 925 51 Šintava, Slovenská republika
  • Company ID (IČO): 55509908
  • Tax ID (DIČ): 1124287219
  • Email: hello@marekmat.com

2. What Personal Data We Process

We adhere to the principle of data minimization and process only the data necessary for the purposes described below.

a) Email Address

Collected when you voluntarily subscribe to marketing updates or contact us.

b) Feature Requests / Communications

Information you voluntarily submit regarding product feedback or feature suggestions.

c) Technical Data

When you access our website or application, certain technical data may be processed automatically, including:

  • IP address
  • Basic server logs
  • Security-related metadata

We do not use analytics tools, profiling, or tracking cookies.

3. Purposes and Legal Bases for Processing

We process personal data in accordance with Article 6 of the GDPR:

Marketing Communication

  • Purpose: Sending updates and product-related communication
  • Legal Basis: Consent (Art. 6(1)(a) GDPR)
  • You may withdraw your consent at any time.

Feature Requests and Communication

  • Purpose: Responding to inquiries and improving our product
  • Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)

Technical and Security Processing

  • Purpose: Ensuring platform security and preventing abuse
  • Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)

Where processing is based on legitimate interest, we ensure that such interests do not override your fundamental rights and freedoms.

4. Data Retention Periods

We retain personal data only for as long as necessary for the purposes described above:

  • Email addresses (marketing): Stored until you withdraw consent or after 24 months of inactivity.
  • Feature requests and communications: Stored for up to 3 years for product development reference.
  • Technical/security logs (including IP addresses):Stored for up to 90 days unless required for security investigation or legal compliance.

After expiration of the retention period, data is securely deleted or anonymized.

5. Provision of Data

Providing your email address or submitting feature requests is entirely voluntary.

However:

  • Without providing an email address, we cannot send marketing updates.
  • Without submitted communication data, we cannot respond to your request.

There is no statutory or contractual obligation to provide personal data.

6. International Data Transfers

Our application infrastructure is provided by:

  • Vercel (hosting provider)
  • Convex (database infrastructure)

These providers may process data on servers located in the United States.

Transfers outside the European Economic Area are safeguarded through:

  • The EU–US Data Privacy Framework (where applicable), and/or
  • Standard Contractual Clauses (SCCs) approved by the European Commission.

We ensure appropriate safeguards are in place to maintain an equivalent level of data protection.

7. Data Processors

We use trusted third-party service providers acting as data processors under Data Processing Agreements (DPAs). These providers process data only on our documented instructions and implement appropriate technical and organizational security measures.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit (HTTPS/TLS)
  • Restricted access controls
  • Minimal data collection practices
  • Secure infrastructure hosting

9. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure ("right to be forgotten") (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))

To exercise your rights, contact: hello@marekmat.com

We will respond within one month as required by law.

10. Right to Lodge a Complaint

If you believe your data is processed unlawfully, you have the right to lodge a complaint with the Slovak supervisory authority:

Úrad na ochranu osobných údajov Slovenskej republiky

11. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised “Last updated” date.