Privacy Policy - RKD Solutions

§ 1. Introduction & Data Controller

This Privacy Policy explains how [COMPANY_NAME] ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our RKD (Rozwój każdego dnia) platform accessible at rkd.solutions.

Data Controller:

Company: [COMPANY_NAME]
NIP: [NIP]
Address: [ADDRESS]
Email: bok@rkd.solutions

This Privacy Policy is provided in accordance with the EU General Data Protection Regulation (GDPR) and Polish data protection laws (RODO).

§ 2. What Data We Collect

2.1 Account Data (Required)

When you create an account on our platform, we collect:

Email address - For account creation and communication
Full name - For personalizing your experience
Username - For platform identification
Password - Securely hashed using industry-standard Argon2 encryption
Birth date - To verify you are 18 years or older
Gender - Optional (male/female/other/not shared) - For training personalization
Country - For regional compliance and localization
Phone number - Optional, for account recovery

2.2 Automatically Collected Data

We automatically collect certain information when you use our platform:

Session cookies - Authentication cookie (auth-session) valid for 30 days
IP address - For security, rate limiting, and fraud prevention
Browser and device information - Collected by our error tracking service (Sentry) for debugging
Usage timestamps - To track account activity

2.3 Training & Platform Data

If you use our training platform features, we collect:

Training form answers - Questionnaire responses (up to 1000 characters per answer)
Training plans - Plans you create (if you are a trainer)
Exercise selections - Exercises you add to plans
PDF generation requests - When you export training plans

2.6 Communication Data

We collect information related to our communications with you:

Email verification codes - 6-digit codes valid for 10 minutes
Password reset tokens - Secure tokens valid for 2 hours
Customer service correspondence - Your messages to our support team

§ 3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b)): To provide you access to our platform, create your account, and deliver our services.
Legitimate Interest (Art. 6(1)(f)): For fraud prevention, security monitoring, platform improvement, and error tracking.
Legal Obligation (Art. 6(1)(c)): To comply with tax laws, financial record-keeping requirements, and anti-money laundering regulations.
Consent (Art. 6(1)(a)): For non-essential cookies and optional features (e.g., UI preferences, newsletter subscriptions).

§ 4. How We Use Your Data

We use your personal data for the following purposes:

Provide access to the platform - Authentication and user sessions
Enable trainer-client relationships - Connect trainers with their clients
Generate and deliver training plans - PDF creation and export
Send transactional emails - Email verification, password resets, important account notifications
Prevent fraud and abuse - Rate limiting, security monitoring, spam prevention
Improve service quality - Error tracking with Sentry to fix bugs and improve stability
Comply with legal obligations - Tax reporting, financial record-keeping

§ 5. Data Sharing & Third-Party Processors

We share your data only with trusted third-party service providers necessary for platform operation:

5.1 Hosting & Infrastructure

Provider: OVH (Poland/EU)
Purpose: Server hosting and database storage
Data location: European Union
Data shared: All platform data stored on OVH servers

5.2 Email Service

Provider: Mailgun (EU endpoint: api.eu.mailgun.net)
Purpose: Transactional email delivery (verification codes, password resets)
Data location: European Union
Data shared: Email addresses, verification codes, password reset tokens

5.3 Error Tracking

Provider: Sentry (Germany region: .ingest.de.sentry.io)
Purpose: Platform stability, bug detection, and performance monitoring
Data location: European Union (Germany)
Data shared: Error logs, stack traces (NO personally identifiable information - sendDefaultPii: false)
Retention: [Sentry retention period - check account settings]

5.4 CDN Services

Google Fonts (fonts.googleapis.com) - Typography resources. May receive browser/IP data for content delivery.
jsDelivr CDN (cdn.jsdelivr.net) - Flag icons library. May receive browser/IP data for content delivery.

5.5 No Data Sales

We do NOT sell, rent, or trade your personal data to third parties.

Your data is shared only with service providers necessary for platform operation, as described above.

§ 6. Cookies & Tracking Technologies

We use cookies and similar technologies to provide functionality and improve your experience.

For detailed information, see our Cookie Policy.

6.1 Essential Cookies (No consent required)

Cookie	Purpose	Duration	Type
`auth-session`	User authentication	30 days	HttpOnly, Secure

6.2 Functional Cookies (Consent required)

Cookie	Purpose	Duration	Type
`sidebar:state`	UI preference (sidebar open/closed)	7 days	Client-side
Theme cookie	Dark/light mode preference	Persistent	Client-side
Language cookie	Language selection (pl/en/de/it)	Persistent	Client-side
`training-view-mode`	Training view preference (grid/list)	Persistent	localStorage

6.3 Managing Cookies

You can manage your cookie preferences through:

Our cookie consent banner (appears on first visit)
Cookie settings (future feature in account settings)
Your browser settings

Note: Disabling essential cookies will prevent you from logging in. Disabling functional cookies will remove saved preferences but won't affect core functionality.

§ 15. Contact

For any questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Protection Officer: bok@rkd.solutions or [DPO_EMAIL]
General inquiries: bok@rkd.solutions
Address: [COMPANY_ADDRESS]
Company: [COMPANY_NAME]
NIP: [NIP]