Privacy Policy

Effective from: 6th of May, 2025

  • Lucanto Privacy Policy

    Provider:
    Stark Codes, s. r. o., Holíčska 3043/13, Bratislava – Petržalka 851 05, Company ID: 51 414 546 ("Provider" or "we")

    Effective Date: May 11, 2025


    1. Introduction

    1.1 This Privacy Policy explains how we collect, store, process, and protect your personal data when you use our website (lucanto.eu) and web or mobile application (app.lucanto.eu) (the "Service").
    1.2 By using the Service, you agree to this Privacy Policy in conjunction with our Terms and Conditions.


    2. Definitions

    • Personal Data: Any information relating to an identified or identifiable natural person, as defined by GDPR.

    • Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

    • User: Any individual or legal entity who registers for or uses the Service.

    • Controller: Stark Codes, s. r. o.

    • EEA: European Economic Area.


    3. Data We Collect

    3.1 Account Data: Name, email, password, company name, address, registration number, phone number.
    3.2 Usage Data: Pages visited, actions taken, timestamps, device type, IP address, browser type.
    3.3 Communication Data: Messages, chat logs, support tickets.
    3.4 Transaction Data: Invoice details and payment records (if paid plans are introduced).
    3.5 Cookies & Tracking: Cookie IDs, analytics data, marketing pixels.
    3.6 Location Data: IP-based location and optional precise geolocation for tax compliance.
    3.7 Third-Party Data: Data imported from integrations (e.g., Kros.sk), connected calendars, or other services.


    4. Use of Your Data

    We use your data to:

    • Provide, operate, and maintain the Service.

    • Manage user accounts and authentication.

    • Process invoicing and expense workflows.

    • Communicate with you via notifications, chat, and support.

    • Improve, personalize, and optimize the Service and user experience.

    • Ensure security, prevent fraud, and comply with legal obligations.

    • Send marketing and promotional communications (with your consent; opt-out anytime).


    5. Legal Bases for Processing

    • Contract Performance: To fulfill our agreement to deliver the Service.

    • Legitimate Interests: For security, fraud prevention, and Service enhancement.

    • Consent: For marketing communications and non-essential cookies.

    • Legal Obligation: To comply with tax and accounting regulations.


    6. Data Sharing

    We may share your Personal Data with:
    6.1 Subprocessors & Service Providers (under GDPR agreements):

    • HubSpot, Inc. — CRM and marketing automation.

    • Linear — Ticketing and customer request management.

    • Google LLC — Google Analytics for web and app.

    • June.so — Performance monitoring and telemetry.

    • Apollo.io — B2B contact enrichment and prospecting for sales teams.


    6.2 Legal Authorities: When required by law or court order.
    6.3 Business Transfers: In connection with a merger, sale, or acquisition of assets.


    7. International Transfers

    7.1 Your data is primarily stored within the EEA.
    7.2 We use Standard Contractual Clauses for transfers outside the EEA (e.g., MailChimp, Intercom).


    8. Data Retention & Deletion

    8.1 We retain Personal Data while your account is active and for 10 years thereafter for audit and legal compliance.
    8.2 Upon account deletion, we permanently erase your data within 45 days (backups purged after 45 days).
    8.3 Anonymized data may be retained indefinitely for analytics.


    9. Cookies & Tracking

    9.1 Essential cookies for Service functionality.
    9.2 Optional cookies for analytics (Google Analytics) and marketing (Meta Pixel).
    9.3 You can manage or disable cookies via browser settings; some features may not function.


    10. Your Rights

    Under GDPR, you have the right to:

    • Access your Personal Data.

    • Rectify inaccurate data.

    • Request erasure ("right to be forgotten").

    • Restrict processing.

    • Data portability.

    • Object to processing (e.g., marketing).

    • Withdraw consent at any time.

    • Lodge a complaint with the Slovak Data Protection Authority.


    11. Security Measures

    We implement:

    • TLS encryption in transit; 256-bit encryption at rest.

    • Role-based access controls; regular security audits.

    • Daily backups; geo-redundant storage.

    • Incident response and breach notification within 72 hours.


    12. Children’s Privacy

    Our Service is not intended for individuals under 16. We do not knowingly collect Personal Data from minors.


    13. Policy Changes

    We’ll notify you at least 14 days before updating this policy via email and in-app banner.


    14. Contact Information

    For questions or data requests:
    Email: hello@lucanto.eu
    Address: Holíčska 3043/13, Bratislava – Petržalka 851 05