This policy describes how Pavel Buchta ("we", "us") collects, uses, and protects your personal data when you use Noketa's transactional email platform. We process data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Czech law.
The data controller is Pavel Buchta, company ID (IČO) 12345678, with its registered office at Mattioliho 3272/9, Záběhlice, 106 00, Prague 10, Czechia.
For privacy-related requests and to exercise your rights, contact us at hello@noketa.io.
We collect and process: (1) account and profile information (e.g. name, email address, organization name) that you provide when registering or managing your account; (2) technical and usage data such as IP address, browser type, API usage logs, and authentication events necessary to operate and secure the service; (3) billing and payment information processed by our payment provider (e.g. billing email, payment method details) for subscription and invoicing; (4) support and communication content when you contact us.
When you use Noketa to send emails, we process the content and recipient data of your emails on your behalf as a processor. You are the data controller for that data; we process it only according to your instructions and our contract.
We process your data only where we have a valid legal basis under GDPR Article 6: (1) Performance of our contract with you — to provide the platform, authenticate users, and process payments. (2) Legitimate interests — to secure and improve the service, prevent abuse, and communicate with you about the product (e.g. security or important service updates), where those interests are not overridden by your rights. (3) Legal obligation — where we must retain or disclose data to comply with applicable law.
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
We retain account and usage data for as long as your account is active and for a limited period afterward as needed for legitimate purposes (e.g. resolving disputes, enforcing terms, or complying with legal obligations). Billing records are retained as required by tax and commercial law. Logs and technical data may be retained for a shorter period in line with security and operational needs. You may request erasure of your personal data subject to the exceptions under applicable law.
We use carefully chosen subprocessors to run the service. These include: (1) hosting and infrastructure providers (e.g. cloud providers) that store and process data to deliver the platform; (2) our payment processor, Stripe, for billing and payment processing; (3) optional analytics or monitoring tools that may process limited technical or usage data. We have contracts in place that require these processors to protect your data and process it only on our instructions.
Some of our processors may be located outside the European Economic Area (e.g. Stripe in the United States). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, so that your data is protected in line with GDPR requirements when transferred internationally.
Under GDPR you have the right to: request access to your personal data; request rectification of inaccurate data; request erasure of your data in certain circumstances; request restriction of processing; request data portability where applicable; object to processing based on legitimate interests; and, where processing is based on consent, withdraw consent at any time.
You can exercise these rights by contacting us at the email address above. We will respond within the time limits set by applicable law. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or place of the alleged infringement.
We use cookies and similar technologies where necessary to provide the service (e.g. session and authentication, security, and preference storage). We may use limited analytics to understand how the product is used and to improve it. We do not sell your personal data or use it for third-party advertising. You can manage cookie preferences in your browser; some features may not work if essential cookies are disabled.
If you are in the Czech Republic or believe we process your data in a way that affects you there, you may lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (UOOU), Pplk. Sochora 27, 170 00 Praha 7, Czech Republic. Website: https://www.uoou.cz.
This Privacy Policy was last updated on 2025-03-15. We may update it from time to time; the current version is always available on this page.