Privacy Policy

1. Introduction

This Privacy Policy explains how barski.io ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website and use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide to Us

When you submit a problem or challenge through our Problem Catcher form, we collect:

• Email address: To contact you regarding your submission and send you solutions
• Problem description: Details about the manual task or workflow challenge you're facing
• Hours wasted: Your estimate of time spent on the manual task (optional)
• Tools tried: Information about solutions you've already attempted (optional)

3.2 Information Automatically Collected

When you visit our website, we automatically collect:

• IP address: For security, fraud prevention, and analytics purposes
• User agent: Browser and device information to optimize our website performance
• Performance metrics: Page load times, error rates, and interaction data (only with your consent)
• Page views: Which pages you visit on our site (only with your consent)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: For analytics and marketing communications, we rely on your explicit consent
• Legitimate interests: For processing problem submissions and providing solutions, we rely on our legitimate interest in operating our business and delivering value to users
• Contract performance: When responding to your submissions and providing requested information

5. How We Use Your Information

We use your personal data for the following purposes:

• To review and analyze the workflow challenges you submit
• To develop automation solutions and blueprints based on submitted problems
• To contact you via email with solutions, updates, or follow-up questions
• To improve our website performance and user experience
• To prevent fraud and ensure the security of our services
• To comply with legal obligations

6. Data Storage and Retention

Your data is stored securely on Microsoft Azure infrastructure, specifically in Azure PostgreSQL Flexible Server. We retain your data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Specifically:

• Problem submissions: Retained indefinitely for research and solution development, unless you request deletion
• Analytics data: Retained for 12 months, then automatically deleted
• Cookie preferences: Retained for 12 months, then you will be asked again

7. Data Sharing and Processors

We do not sell your personal data to third parties. We may share your data with the following service providers who process data on our behalf:

• Microsoft Azure: Cloud hosting and database services (subject to Microsoft's GDPR-compliant data processing agreement)
• GitHub: For deployment and version control (code only, no personal data)

All third-party processors are required to implement appropriate technical and organizational measures to protect your data and comply with GDPR.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection through:

• Microsoft Azure's GDPR compliance and Standard Contractual Clauses
• Adequate safeguards as recognized by the European Commission

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website. You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings.

Types of cookies we use:

• Essential cookies: Required for basic site functionality (always active)
• Analytics cookies: Help us understand how visitors use our site (requires your consent)

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): Request deletion of your personal data
• Right to restriction: Request limitation of processing of your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, please contact us at hello@barski.io. We will respond to your request within 30 days.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/SSL)
• Encryption of data at rest in our database
• Regular security assessments and updates
• Access controls and authentication mechanisms
• SQL injection prevention through parameterized queries

12. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the "Last Updated" date at the top of this policy. If you have consented to cookies, we may also request your consent again if material changes affect how we process your data.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates GDPR.