Estimora

Estimora

Privacy Policy

1. Data Controller

The controller of your personal data is:

HK Hubert Kowalewski
Kraszewskiego 45
15-024 Białystok, Poland
Email: hubertkow14@gmail.com

2. Overview

This Privacy Policy explains how we collect, use, and protect your personal data when you use our SaaS product (“the Service”).

The Service is designed for software agencies to create and manage project estimates, offers, and related data.

We process personal data in accordance with the General Data Protection Regulation (GDPR).

3. What Data We Collect

3.1 Account Data

We collect:

  • name (if provided)
  • email address
  • authentication data (stored securely)

3.2 Workspace and Project Data

We process data entered by users, including:

  • company/workspace information
  • project estimates and scope data
  • tasks, roles, and hours
  • pricing and financial data
  • assumptions, exclusions, and notes

3.3 Usage Data

We collect:

  • IP address
  • browser and device information
  • pages visited and interactions
  • timestamps of actions

3.4 Payment Data

Payments are processed by Stripe. We do not store full payment details.

Stripe may process:

  • billing information
  • payment method data
  • transaction history

4. How We Use Your Data

We use your data to:

  • provide and operate the Service
  • manage user accounts and authentication
  • enable estimation, collaboration, and workflows
  • process payments and subscriptions
  • improve performance and usability
  • ensure security and prevent abuse
  • provide support and communicate with users
  • send marketing communications (only with consent)

5. Legal Basis for Processing

We process personal data based on:

  • Contract performance
    (e.g. account data, workspace/project data, service functionality)
  • Legitimate interest
    (e.g. analytics, security, product improvement)
  • Legal obligations
    (e.g. accounting, tax, billing records)
  • Consent
    (e.g. marketing communications, non-essential cookies)

6. Data Sharing

We may share your data with trusted third-party providers:

  • Stripe – payment processing and subscription management
  • Google Analytics (GA4) – product analytics and usage insights
  • OVHcloud (EU) – hosting and infrastructure

All providers process data in accordance with applicable data protection laws.

7. International Data Transfers

Some providers (e.g. Stripe, Google Analytics) may process data outside the European Economic Area (EEA).

In such cases, we ensure appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • GDPR-compliant transfer mechanisms

8. Data Retention

We retain data only as long as necessary:

  • Account data – for the duration of the account
  • Workspace/project data – until deletion by the user or account closure
  • Billing data – as required by law (typically 5–10 years)
  • Analytics data – retained for a limited period (e.g. up to 14 months), then anonymized or aggregated

9. Your Rights (GDPR)

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion (“right to be forgotten”)
  • restrict processing
  • object to processing
  • data portability
  • withdraw consent at any time

You also have the right to lodge a complaint with a supervisory authority in your country of residence or where a violation occurred.

To exercise your rights, contact: hubertkow14@gmail.com

10. Cookies

We use cookies and similar technologies for:

Essential Cookies

  • maintaining user sessions
  • authentication and security

Analytics Cookies

  • understanding how users interact with the Service
  • improving performance and usability (Google Analytics)

Analytics cookies are used based on consent where required.

You can manage cookies through:

  • cookie banner (if implemented)
  • browser settings

11. Security

We implement appropriate technical and organizational measures, including:

  • encrypted communication (HTTPS)
  • access control and authentication mechanisms
  • secure infrastructure hosted in the EU
  • monitoring and protection against unauthorized access

12. Data Roles (Controller vs Processor)

Depending on the context:

We act as a Data Controller for:

  • account data
  • billing data
  • platform usage data

We act as a Data Processor for:

  • workspace and project data entered by users

In this case, customers (software agencies) are the data controllers and we process data on their behalf.

A Data Processing Agreement (DPA) is available upon request.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

We will notify users of significant changes where required.

14. Contact

If you have any questions about this Privacy Policy, contact:

HK Hubert Kowalewski
Email: hubertkow14@gmail.com