Skip to content
Start Free Trial
Legal · Privacy

Privacy Policy

How FoyerFlow (operated by Anton Eremeeff, IČO 09673024) processes personal data about you when you visit foyerflow.app, sign up, or use the FoyerFlow application.

Effective 5 May 2026

The short version. We collect what we need to provide the Service and run the business — your account details, the data you put into FoyerFlow, basic usage logs, and payment info. We do not sell personal data and we do not run ad-targeting. You have full GDPR rights and can exercise them by emailing [email protected].

1. Who we are

The data controller is Anton Eremeeff, IČO 09673024, sole trader registered in the Czech Republic and trading as FoyerFlow. Our contact details are in the Imprint. We have not appointed a Data Protection Officer because we are not required to under Article 37 GDPR; for any privacy matter, please write to [email protected].

2. What this policy covers

This policy covers personal data we process about you as our customer — when you visit our website, create an account, subscribe, communicate with us, or use the FoyerFlow application.

When you use FoyerFlow to manage events and host data about your end users (event guests, clients, vendors), you are the controller of that data and we are the processor. Our role for that data is governed by the Data Processing Agreement, not this policy.

3. What we collect, why, and on what basis

Category Examples Purpose Legal basis (GDPR Art. 6)
Account data Name, email, password hash, company, role, language, timezone Create and operate your Account; authenticate; bill (b) contract performance
Billing data Billing address, VAT ID, invoice history, payment method (token, not card number) Issue invoices, take payment, comply with tax law (b) contract performance · (c) legal obligation
Communications Emails to support, in-app messages, NPS responses Respond to inquiries, improve the Service (b) contract performance · (f) legitimate interest
Usage & technical data IP, browser, device, pages viewed, features used, error reports Operate, secure, troubleshoot, and improve the Service (f) legitimate interest in running and securing the Service
Cookies & similar Session, CSRF, theme preference, optional analytics Authentication, preferences, analytics (with consent) (b) contract or (a) consent — see Cookie Policy
Marketing Email address, preferences, opens/clicks of newsletters you opted into Send product updates and announcements (a) consent — withdrawable at any time

4. Where the data comes from

Mostly directly from you, when you fill in a form or use the Service. Some data is generated automatically as you use the Service (logs, usage events). Billing details come back to us through our payment processor — we receive a token, not your full card number.

5. Who we share data with

We only share personal data with:

  • Service subprocessors we use to operate FoyerFlow — hosting, error tracking, transactional email, payments, customer support tooling. The full list, kept current, is at /legal/subprocessors. All are bound by data-processing agreements.
  • Tax authorities and accountants, where required to comply with legal obligations (invoices, VAT records).
  • Professional advisers (lawyers, auditors) under confidentiality.
  • Acquirers and successors, in the event of a merger, acquisition, or sale of all or substantially all our assets — with prior notice to you.
  • Authorities, when we are legally required to disclose under a valid order.

We do not sell personal data and we do not share it with advertising networks.

6. International transfers

Our primary infrastructure is hosted within the European Economic Area. Some of our subprocessors are headquartered or operate outside the EEA — in those cases we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where appropriate, additional safeguards. The country of processing for each subprocessor is listed on the Subprocessors page.

7. How long we keep it

DataRetention
Account data While your Account is active, plus up to 90 days after closure to allow recovery, then deletion or anonymisation
Invoices and tax records 10 years (Czech Accounting Act §31, VAT Act §35)
Usage logs & security logs Up to 12 months (90 days for verbose logs)
Backups Encrypted; rotated within 35 days
Marketing consent records & preferences Until you unsubscribe, plus 24 months for proof of consent
Customer Data inside FoyerFlow Per your instructions (see DPA); deleted on Account closure or earlier on request

8. Your rights

Under the GDPR you can, free of charge and without giving a reason:

  • Access the personal data we hold about you (Art. 15);
  • Correct inaccurate or incomplete data (Art. 16);
  • Erase your data where one of the grounds in Art. 17 applies;
  • Restrict processing in certain circumstances (Art. 18);
  • Port data you provided in a structured, machine-readable form (Art. 20);
  • Object to processing based on legitimate interests, including for direct marketing (Art. 21);
  • Withdraw consent at any time, where consent is the legal basis; withdrawal does not affect the lawfulness of processing before it.

To exercise any of these rights, email [email protected]. We will respond within 30 days (extendable by 60 days for complex requests). We may need to verify your identity.

You also have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ — uoou.cz), or the supervisory authority of the EU member state where you live or work.

9. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS) and at rest, role-based access control, audit logging, least-privilege production access, and regular backups. No system is impervious to every attack — if a breach occurs that puts your rights or freedoms at risk, we will notify you and the supervisory authority within 72 hours, as required by Art. 33–34 GDPR.

10. Children

FoyerFlow is not directed at children. We do not knowingly process personal data of children under the age of 16 without parental consent. If you believe a child has provided us with personal data, write to [email protected] and we will delete it.

11. Automated decision-making

We do not use personal data to make decisions that produce legal or similarly significant effects on you by automated means alone (Art. 22 GDPR).

12. Changes to this policy

When we update this policy, we update the "Effective" date at the top. For material changes we'll notify you in-app or by email at least 30 days in advance. Earlier versions are kept on file and available on request.

Questions? Write to [email protected]. The binding version of this document is the most recent one published at foyerflow.app/legal.