Privacy Policy
Last updated: February 18, 2026
Table of Contents
- Data Controller
- Contact Information
- Purposes and Legal Bases for Processing
- Categories of Personal Data
- Data Recipients
- Transfer of Data to Third Countries
- Data Retention Period
- User Rights
- Profiling and Automated Decisions
- Cookie Policy
- Data Security
- Right to Lodge a Complaint
- Changes to the Privacy Policy
§ 1. Data Controller
The controller of your personal data is:
- Daniel Boba
- VAT ID: 5492475822
- Registration Number: 527296610
The Controller operates the vizme application available at https://vizme.pl, used for generating images using artificial intelligence (AI).
§ 2. Contact Information
For matters related to personal data protection, you can contact us at:
- Email: bobadaniel97@gmail.com
We respond to personal data inquiries without undue delay, no later than within one month of receiving the request.
§ 3. Purposes and Legal Bases for Processing
We process your personal data for the following purposes:
| Processing Purpose | Legal Basis (GDPR) |
|---|---|
| Providing AI image generation service | Art. 6(1)(b) – contract performance |
| Registration and user account management | Art. 6(1)(b) – contract performance |
| Payment processing and billing | Art. 6(1)(b) – contract performance |
| Issuing invoices and accounting documents | Art. 6(1)(c) – legal obligation |
| Handling complaints and requests | Art. 6(1)(b) – contract performance |
| Pursuing or defending against claims | Art. 6(1)(f) – legitimate interest |
| Analytics and service improvement | Art. 6(1)(a) – consent (analytics cookies) |
| Collecting user feedback (in-app surveys) | Art. 6(1)(f) – legitimate interest |
§ 4. Categories of Personal Data
We process the following categories of personal data:
Identification and Contact Data
- First and last name
- Email address
- Username
- Profile picture (optional, when logging in via Google)
Billing Data (for purchases)
- Invoice details (company name, VAT ID, address)
- Transaction and payment history
Technical Data
- IP address
- Device identifiers
- Browser and operating system type
- Access and activity logs
Service-Related Data
- Generated images
- Credit usage history
Important: We do not process special categories of personal data (so-called sensitive data) within the meaning of Art. 9 GDPR.
§ 5. Data Recipients
Your personal data may be disclosed to the following categories of recipients:
Processors (Subprocessors)
| Recipient category | Purpose | Location |
|---|---|---|
| Hosting and server infrastructure provider | Hosting, data storage, CDN | USA (Data Privacy Framework) |
| Image generation service provider | Image processing as part of the provided service | USA (Data Privacy Framework) |
| Online payment operator | Payment processing and billing | USA (Data Privacy Framework) |
| Product analytics service provider | Usage statistics (with consent) | EU |
| Email service provider | Sending transactional emails | USA (Data Privacy Framework) |
Independent Controllers
| Recipient category | Purpose | Location |
|---|---|---|
| Authentication service provider | Login via external account (OAuth) | USA (Data Privacy Framework) |
Other Recipients
- Government authorities - based on applicable legal provisions
- Legal and accounting advisors - to the extent necessary for business operations
§ 6. Transfer of Data to Third Countries
Due to the use of services from entities based outside the European Economic Area (EEA), your data may be transferred to third countries, particularly to the United States.
Legal Bases for Transfer
- EU-US Data Privacy Framework - for entities certified under the Transatlantic Data Privacy Agreement
- Standard Contractual Clauses (SCC) – approved by the European Commission, used as additional safeguards
You can obtain a copy of the relevant safeguards by contacting us at bobadaniel97@gmail.com.
§ 7. Data Retention Period
We retain your data for the period necessary to achieve the processing purposes:
| Data Category | Retention Period |
|---|---|
| User account data | Until account deletion + 30 days (backup) |
| Billing data and invoices | 5 years from the end of the tax year (legal obligation) |
| Transaction history | 5 years from the transaction date |
| Generated images | Until deleted by user or account deletion |
| Access logs | 12 months |
| Consents (cookies) | Until consent withdrawal + 3 years (proof of consent) |
| Complaint handling data | Until resolution + statute of limitations period |
§ 8. User Rights
Under GDPR, you have the following rights:
- Right of access (Art. 15) – you can obtain confirmation of whether we process your data and receive a copy thereof.
- Right to rectification (Art. 16) – you can request correction of inaccurate or completion of incomplete data.
- Right to erasure – "right to be forgotten" (Art. 17) – you can request deletion of data when it is no longer necessary for processing purposes.
- Right to restriction of processing (Art. 18) – you can request restriction of processing in certain cases.
- Right to data portability (Art. 20) – you can receive your data in a machine-readable format.
- Right to object (Art. 21) – you can object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7) – you can withdraw your consent at any time, which does not affect the lawfulness of processing before withdrawal.
- Right not to be subject to automated decisions (Art. 22) – you have the right not to be subject to decisions based solely on automated processing.
To exercise the above rights, contact us at bobadaniel97@gmail.com. We will respond to your request within one month.
§ 9. Profiling and Automated Decisions
We do not use profiling within the meaning of Art. 22 GDPR. We do not make decisions about you based solely on automated processing that would produce legal effects or similarly significantly affect you.
§ 10. Cookie Policy
Our application uses cookies and similar technologies.
Types of Cookies
| Category | Purpose | Consent Required |
|---|---|---|
| Essential | User session, authentication, security | No |
| Functional | Remembering preferences (language, theme) | Yes |
| Analytics | Visit statistics, service improvement | Yes |
Cookie Management
On your first visit, we display a banner asking for consent to non-essential cookies. You can change your preferences at any time:
- Through cookie settings in the application
- Through your web browser settings
Disabling essential cookies may prevent use of some application features.
§ 11. Data Security
We apply appropriate technical and organizational measures to protect your personal data:
- Encryption in transit – all connections are encrypted using TLS 1.3 protocol
- Data encryption – data is stored in encrypted form
- Access control – only authorized personnel have access to data
- Regular backups – ensuring data continuity and recoverability
- Monitoring – systems for detecting unauthorized access
§ 12. Right to Lodge a Complaint
If you believe that the processing of your personal data violates GDPR provisions, you have the right to lodge a complaint with the supervisory authority:
- President of the Personal Data Protection Office (UODO) ul. Stawki 2 00-193 Warsaw, Poland https://uodo.gov.pl
However, we encourage you to contact us first – we will try to resolve any issue related to your data protection.
§ 13. Changes to the Privacy Policy
We may periodically update this Privacy Policy. We will inform you of significant changes:
- Through a notification in the application
- Through an email (for registered users)
The date of the last update is always visible at the beginning of this document. We recommend regularly checking this page.
This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Act of 10 May 2018 on personal data protection.