Privacy Policy
Last updated: March 2026
This Privacy Policy explains how SAVORI ("we," "us") collects, uses, stores, and protects your personal data when you use our website (savori.company) and related services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Polish data protection laws.
1. Data Controller
SAVORI
Country: Poland
Email: hello@savori.company
For data protection inquiries, contact us at: hello@savori.company
2. What Data We Collect
2.1 Data you provide directly:
| Data | When | Purpose |
|---|---|---|
| Email address | Waitlist signup | Pre-launch communications |
| Email address, password | Account registration | Account creation and authentication |
| Name | Account profile | Personalization |
| Email address | Google Sign-In | Authentication via Google OAuth |
| Payment information | Course purchase | Payment processing (handled by Stripe) |
| Consultation details | Booking a session | Scheduling and communication |
2.2 Data collected automatically:
| Data | Technology | Purpose |
|---|---|---|
| IP address | Server logs, Upstash | Rate limiting, security |
| Browser type, device info | Vercel Analytics | Performance monitoring |
| Pages visited, time on site | Vercel Analytics | Understanding usage patterns |
| Cookie preferences | Cookie consent banner | Remembering your choices |
2.3 Data we do NOT collect:
- We do not collect financial account numbers (Stripe handles all payment data)
- We do not collect government-issued IDs
- We do not collect precise geolocation data
- We do not collect biometric data
3. Legal Basis for Processing (GDPR Article 6)
| Processing activity | Legal basis |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Processing payments | Performance of contract (Art. 6(1)(b)) |
| Waitlist signup and communications | Consent (Art. 6(1)(a)) |
| Analytics and performance monitoring | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Responding to your inquiries | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Provide access to purchased courses
- Process payments through Stripe
- Send waitlist updates and launch notifications (with your consent)
- Send transactional emails (purchase confirmations, password resets)
- Protect the Platform from abuse (rate limiting, fraud detection)
- Improve our services through anonymized analytics
- Respond to your support requests
- Comply with legal obligations
5. Data Sharing
We share your data only with the following third-party processors, solely for the purposes described:
| Processor | Data shared | Purpose | Location |
|---|---|---|---|
| Firebase (Google) | Email, name, auth data | Authentication, database | EU/US (SCCs) |
| Stripe | Email, payment info | Payment processing | US (SCCs) |
| Vercel | IP, usage data | Hosting, analytics | US (SCCs) |
| Resend | Email address | Transactional emails | US (SCCs) |
| Upstash | IP address (hashed) | Rate limiting | EU |
"SCCs" = Standard Contractual Clauses approved by the European Commission for international data transfers.
We do NOT:
- Sell your personal data to anyone
- Share your data with advertisers
- Use your data for profiling or automated decision-making
- Transfer data to countries without adequate protection without appropriate safeguards
6. Data Retention
| Data | Retention period |
|---|---|
| Account data | Until you delete your account |
| Purchase records | 5 years (legal/tax obligation) |
| Waitlist emails | Until launch + 30 days, or until you unsubscribe |
| Analytics data | 26 months (anonymized) |
| Server logs | 30 days |
| Consultation records | 1 year after session |
After these periods, data is permanently deleted or fully anonymized.
7. Your Rights (GDPR)
Under GDPR, you have the following rights:
Right of access (Art. 15) — Request a copy of all personal data we hold about you.
Right to rectification (Art. 16) — Request correction of inaccurate data.
Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten"). Note: we may need to retain some data for legal obligations (e.g., purchase records for tax purposes).
Right to restrict processing (Art. 18) — Request that we limit how we use your data.
Right to data portability (Art. 20) — Receive your data in a machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interest.
Right to withdraw consent — Where processing is based on consent (e.g., waitlist), you can withdraw at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. In Poland: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl.
To exercise any of these rights, email us at hello@savori.company. We will respond within 30 days.
8. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS on all connections)
- Encryption at rest (Firebase, Stripe)
- Access controls (role-based permissions)
- Rate limiting on API endpoints
- Regular security audits
- Minimal data collection principle
No system is 100% secure. If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
9. Children
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
10. International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (where our processors Firebase, Stripe, Vercel, and Resend are based). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
11. Changes
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For material changes affecting your rights, we will notify you via email.
12. Contact
For any privacy-related questions or to exercise your rights:
Email: hello@savori.company
Supervisory authority: UODO, ul. Stawki 2, 00-193 Warszawa, Poland
EU Online Dispute Resolution: https://ec.europa.eu/consumers/odr