Draft — not legal advice
This document is an AI-prepared draft awaiting review by a qualified lawyer. Do not rely on it as a final statement of your rights or our obligations until the “DRAFT” line is removed from the source markdown.
Privacy Policy
DRAFT — not legal advice. This document is an AI-prepared draft. It must be reviewed and finalised by a qualified lawyer (GDPR + Czech data-protection rules) before public use. Placeholders in
{{double braces}}must be filled in.
Effective date: 23rd May 2026 Last updated: 23rd May 2026
This Policy describes what personal data Branchwriter collects, why we collect it, how long we keep it, and what choices you have. It is written in plain language; a more formal restatement is available on request.
1. Who is the data controller
The controller of your personal data is:
- Marek Čermák
- Registered seat: Molákova 4, 62800 Brno
- IČO: {{ICO}}
- Contact for privacy matters: {{PRIVACY_EMAIL}} (may be the same as the general contact)
We have not appointed a Data Protection Officer; we are not obliged to under Article 37 GDPR at our current scale.
2. What we collect and why
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Email address | Account creation, sign-in (magic link), transactional emails (chapter publishes, billing receipts), refund correspondence | (b) contract performance |
| Vote choices and timestamps | Operating the voting mechanism; computing chapter winners | (b) contract performance |
| Subscription / purchase records (plan, status, period, Stripe customer ID, Stripe payment intent IDs) | Billing, refunds, plan enforcement, accounting | (b) contract performance; (c) legal obligation (tax / VAT records) |
| Payment method details (card number, expiry, CVC) | Processed by Stripe; we never see or store card numbers | (b) contract performance |
| Web push subscription endpoint (only if you opt-in) | Notifying you when a chapter publishes | (a) consent — revocable at any time |
| Referral code, referrer relationships, credit ledger | Operating the refer-a-friend programme | (b) contract performance |
| Discord user ID and roles (only if you link Discord) | Granting tier roles in the community server | (a) consent — revocable by un-linking |
| Error logs and crash reports (Sentry) — see §5 | Diagnosing site failures; protecting account integrity | (f) legitimate interest |
| IP address (transient, in server logs and rate-limit counters) | Abuse prevention, rate limiting; never used to profile readers | (f) legitimate interest |
| Cookies and similar | See our Cookie Policy | (b)/(a)/(f) as applicable |
We do not carry out automated decision-making with legal or similarly significant effects (Art. 22 GDPR).
We do not sell personal data, do not share it with advertisers, and do not use third-party advertising cookies.
3. AI processing
Chapters are drafted with the assistance of an AI tool used by the author offline; no personal data of readers is sent to that tool. Reader votes, names, and emails are not used as inputs to chapter generation.
4. Retention
| Data | How long we keep it |
|---|---|
| Account email | Until you delete your account, then deleted immediately |
| Vote history | For the duration of the season + 1 year; aggregate statistics are kept indefinitely |
| Subscription / purchase records | 10 years from the end of the tax period, as required by Czech accounting law (Zákon o účetnictví) |
| Stripe customer records (held by Stripe) | According to Stripe's own retention rules and tax law |
| Payment-related personal data on our side after account deletion | We anonymise the customer's name and email in our accounting records; the financial event itself is retained as required by law |
| Web push subscription | Until you revoke it or it expires |
| Server logs containing IP addresses | 30 days rolling |
| Error logs (Sentry) | 90 days rolling |
| Audit log of admin actions on your account | Until 1 year after account deletion; then anonymised |
5. Processors and sub-processors
We use the following processors. Each is bound by a Data Processing Agreement (or equivalent contractual terms). The current list is also kept at /legal/dpa.
| Processor | Purpose | Where data is processed |
|---|---|---|
| Stripe Payments Europe, Ltd. (Ireland) | Card processing, subscriptions, VAT, refunds, fraud detection | EU + transfers to US under Stripe's safeguards |
| Resend Inc. (USA) | Transactional email (magic link, receipts, chapter publish digests) | US, with EU SCCs |
| Functional Software, Inc. dba Sentry (USA) | Server and client error logging | US, with EU SCCs |
| Discord, Inc. (USA) — only if you link Discord | Tier role sync | US, with EU SCCs |
| Hetzner Online GmbH (Germany) | Hosting, off-site encrypted backups (Storage Box) | EU (Germany / Finland) |
| Cloudflare, Inc. (if used as edge/proxy — confirm before publishing) | Edge caching, basic DDoS protection | Global edge, with EU SCCs |
If we add or change a sub-processor in a way that materially affects you, we will update this section and, for material additions, give 30 days' notice by email.
6. Transfers outside the EEA
Where we use processors based in the United States, transfers are protected by the relevant Standard Contractual Clauses (Commission Decision 2021/914) and, where applicable, the processor's certification under the EU–US Data Privacy Framework.
7. Your rights
You have the following rights under GDPR, exercisable free of charge:
- Access — get a copy of the personal data we hold about you. The fastest way is to call
GET /api/user/exportwhile signed in, which returns a JSON dump of all data attributable to your account. - Rectification — correct inaccurate data by emailing {{PRIVACY_EMAIL}}. The only personal identifier we hold is your email address; we will update it on request after verifying you control both the old and new mailbox.
- Erasure ("right to be forgotten") — delete your account from Account → Danger zone. Deletion is immediate and permanent for personal data; financial records and minimal anonymised audit entries are retained where required by law (§4).
- Restriction of processing.
- Portability — receive your data in a machine-readable format (the JSON export above satisfies this).
- Objection to processing based on legitimate interests.
- Withdraw consent for any consent-based processing at any time, without affecting processing carried out before withdrawal. Turn web push notifications off, or unlink Discord, from Account → Notifications & connections.
To exercise any right except erasure and export (which are self-service), email {{PRIVACY_EMAIL}}. We will respond within 30 days (extendable by 60 days for complex requests, as Art. 12(3) GDPR permits, with notification of the extension).
8. Right to lodge a complaint
You have the right to lodge a complaint with a data protection authority. In the Czech Republic this is:
Úřad pro ochranu osobních údajů (ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7 https://www.uoou.cz/ · posta@uoou.cz
EU residents may also complain to the supervisory authority of their country of residence or place of the alleged infringement.
9. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, contact {{PRIVACY_EMAIL}} and we will delete it.
10. Security
We protect your data with industry-standard measures: TLS in transit, encryption at rest for off-site backups (GPG AES-256), hashed sign-in tokens, role-based access control on admin actions, audit logging of sensitive operations, and signature verification on payment webhooks. No system is perfectly secure; we will notify affected users and the supervisory authority within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to your rights, as required by Art. 33–34 GDPR.
11. Changes to this Policy
We will post the updated Policy at this URL with a new "Last updated" date. For material changes we will email active subscribers at least 14 days before the change takes effect.
12. Contact
For any privacy question or request: {{PRIVACY_EMAIL}}.