Privacy Policy

Last updated: February 19, 2026

1. Data controller

The data controller is Damian Domżalski Software Services, ul. Morska 7a/72, 84-240 Reda, Poland. Tax ID (NIP): 5882472990. Contact: [email protected]

2. What data we collect

  • Photo - uploaded for AI analysis. Stored securely to display on your results card. You may request its deletion at any time. We never share or sell your photos.
  • Analysis results - the generated results card (scores, text). Stored in our database.
  • Session identifier - an anonymous UUID stored in a browser cookie. Not linked to your identity.
  • IP address and location - we collect your IP address for security purposes (rate limiting) and to determine your country for currency display. We do not store precise geolocation.
  • Payment data - processed by a third-party payment provider (Stripe). We never see your card number. We store the email address provided during payment.
  • Email - only if you voluntarily provide it. Never required. May be used to send results, recover credits, and send automated reminder emails (see section 4).
  • Compatibility results - generated when comparing two scans, derived from existing scan results.
  • Roast results - additional AI analysis stored alongside your scan.
  • Fortune data - lucky number, day, and color generated from your analysis.

3. Legal basis for processing

We process your data on the following legal bases (Art. 6 GDPR):

  • Performance of a contract (Art. 6(1)(b)) - photo analysis, generating and storing results, payment processing.
  • Consent (Art. 6(1)(a)) - analytics cookies (Google Analytics), providing your email address.
  • Legitimate interest (Art. 6(1)(f)) - ensuring service security, rate limiting, preventing abuse, error monitoring.

4. How we use data

  • Your photo is sent to external AI providers to generate your analysis and caricature, then stored securely to display on your results card.
  • Analysis results are stored so you can return to your results card.
  • Analysis results and photos are stored indefinitely. You may request their deletion at any time by contacting us.
  • Payment data is used solely to process your transaction and is retained as required by tax law.
  • If you provide your email on an unlocked scan, we may send up to 3 automated emails: a confirmation, a results reminder (after approx. 6 hours), and an expiry notice (after approx. 20 hours). The purpose of these emails is to inform you about the status of your results.
  • We do not sell, trade, or share your personal data with third parties for marketing purposes.
  • Free results (without payment and without providing an email) expire after 24 hours. Providing an email or making a payment prevents expiry.
  • We plan to implement automatic deletion of unclaimed scan data after 12 months of inactivity. Until then, you may request deletion at any time.

5. Cookies & analytics

We use essential technical cookies:

  • visitor_id - anonymous session identifier (30 days)
  • locale - preferred language (1 year)
  • _session - session cookie (required for functionality)
  • consent_analytics - stores your analytics consent choice (1 year)

After you consent via the cookie banner, we load analytics tools (Google Analytics, Meta Pixel, TikTok Pixel, Reddit Pixel, X Pixel) that may set their own cookies. We do not use advertising cookies.

6. Third parties

To provide our service, we use external providers from the following categories:

  • AI service providers - photo analysis and image generation. Your photo is sent to the API to generate results.
  • Payment processor - transaction processing. We never see your card details.
  • Email service provider - email delivery.
  • Analytics providers - website traffic analysis. Loaded only after consent.
  • Error monitoring - application monitoring. Does not transmit personal data.

Your data may be processed outside the EEA (USA). Our providers implement safeguards compliant with GDPR.

7. Automated processing and A/B testing

We use artificial intelligence algorithms to analyze photos and generate results. This processing is purely for entertainment - it does not produce legal effects or significantly affect you. It does not constitute profiling under Art. 22 GDPR.

We conduct A/B tests to optimize our service. Based on the anonymous session identifier (visitor_id), users may be randomly assigned to different interface variants. Assignment is fully automatic, deterministic, and not based on personal data.

8. Your rights

You have the right to:

  • Access your data
  • Rectify your data
  • Delete your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)

Contact: [email protected]

You also have the right to lodge a complaint with the supervisory authority - the President of the Polish Data Protection Office (UODO, uodo.gov.pl).

9. Your rights (California residents)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know - you may request information about the categories and specific pieces of personal data we have collected about you.
  • Right to Delete - you may request that we delete your personal data.
  • Right to Opt-Out - we do not sell your personal data.
  • Right to Non-Discrimination - you will not be treated differently for exercising your rights.

Contact: [email protected]

10. Voluntary nature of data

  • Providing a photo is necessary to use the analysis service - we cannot generate results without it.
  • Providing your email is voluntary and used only for credit recovery or sending results.
  • Payment data is necessary to process a purchase transaction.

11. Security

We use HTTPS encryption, secure cookies, and rate limiting.

Nous utilisons des cookies pour l'analyse du trafic (Google Analytics). Tu peux accepter ou refuser. Politique de confidentialite