Last updated: 27/01/2025

1. Introduction

Welcome to Passtastic App (“we,” “us,” or “our”), operated by Bohdan Syvodiedov, PL6832120321. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

Contact Information

• Business Address: Okrężna 10F, Niepołomice 32-020, Poland
• Email: [email protected]

2. Scope & Applicability

This Privacy Policy applies to personal data we collect or process when you use our services, including our website, platform for creating digital business cards, and any associated services (collectively, the “Service”). If you do not agree with these practices, please do not use the Service.

3. Roles Under GDPR

• Data Controller: For the personal data we collect directly from our users (e.g., account registration details, billing info), we act as a Data Controller.
• Data Processor: If our business customers store third-party personal data (e.g., adding their customers’ or employees’ info to their digital cards), we process that data on behalf of our business customers. In such cases, they are the “Data Controller,” and we are the “Data Processor.”

4. Data We Collect

1. Account Registration & Onboarding
   • What: Name, email address, company name, business area, and any other contact information you provide.
   • Why: To create and maintain your account, provide our Service, and personalize your experience.
   • Legal Basis: Usually contractual necessity (fulfilling our agreement with you) and/or consent (where applicable).
2. Business Card Creation
   • What: Information you voluntarily add to your digital cards (e.g., phone number, email, address, logo, photo).
   • Why: To generate and manage your digital business cards.
   • Legal Basis: Contractual necessity (to fulfill your request) and/or consent (you control what you upload).
3. Messaging (Push Notifications)
   • What: We enable the sending of updates or promotions to card recipients, but we do not store device tokens or detailed device information about the recipients’ phones.
   • Why: To facilitate communication between card owners and recipients.
   • Legal Basis: Legitimate interests (providing a communication feature) or consent (if local laws require it).
4. Analytics
   • Microsoft Clarity & Google Analytics may collect:
     • Usage patterns, page views, time on site
     • Device info (browser type, screen resolution)
     • Anonymized session recordings or heat maps
   • Why: To understand user behavior, improve our interface, and fix technical issues.
   • Legal Basis: Consent (via cookie banner or settings) and/or legitimate interests in analyzing and improving the Service.
5. Emails & Notifications
   • Stored via SendGrid for transactional and marketing emails (delivery status, open rates).
   • Why: To communicate with you effectively, send updates, or marketing messages if you’ve opted in.
   • Legal Basis: Contractual necessity (for service emails) and/or consent (for marketing emails).
6. Payments via Stripe
   • We do not store or process payment details (e.g., credit card numbers) on our servers.
   • All payments are handled 100% by Stripe, subject to Stripe’s Privacy Policy.
   • Why: To securely process subscription fees, handle pay-as-you-grow billing, and ensure compliance with financial regulations.
   • Legal Basis: Contractual necessity (for paid subscriptions).

5. How We Use Your Data

We use the collected data to: