Privacy

Privacy Policy

This privacy policy (the “Policy”) for Software Mansion S.A. ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our products and/or services ("Services"), such as when you:

  1. Visit our website swmansion.com, or any website of ours that links to this Policy;
  2. Engage with us in other related ways ― including any sales, marketing, or events related to swmansion.com.

By using the Services, you are consenting to the collection and use of your personal data in accordance with this Privacy Policy. Please do not access or use the Services if you do not consent to the collection and use of your information as outlined in this Privacy Policy.

Who is the controller of your data

The controller of your personal data is Software Mansion S.A., a joint stock company with its principal place of business at ul. Zabłocie 43b, 30-701 Kraków, Poland, entered in the register of businesses conducted by the District Court in Kraków for Kraków-Śródmieście, XI Commercial Division of the National Court Register with KRS number 0000961952, NIP 6793131302, REGON 364909814.

Questions or concerns?

Understanding this Policy will help you comprehend your rights and choices regarding your privacy. If you disagree with our methods and practices, do not access our Services. For any questions or issues, please contact us at [email protected]. If there are any capitalized terms in this Policy that are not defined, then those terms will have the meaning defined in your agreement with us.

Definitions

The following definitions are used throughout this Privacy Policy:

Software Mansion Website means swmansion.com and all of its subdomains.

Software Mansion Software Product means any software product owned or created by Software Mansion and provided under Software Mansion’ Subscription Agreement, including but not limited to Fishjam. This may include, but not be limited to, code that extends the functionality of a Software Mansion Software Product (e.g., a “plugin”). Any such code is governed by its own terms and conditions and privacy policy. This also includes any Products provided free-of-charge, such as alpha and beta version and/or early access of Software Mansion Software Products.

Personal Data means any data relating to an identified or identifiable natural person.

Usage Data refers to personal data collected from visitors during their interaction with our public-facing website. This may include contact details voluntarily provided through forms, IP addresses, cookies, and other similar identifiers that help us understand and communicate with users, improve our services, and fulfill requests.

Legitimate Interest means a legal basis for processing personal data under Article 6(1)(f) of the GDPR, where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

EEA (European Economic Area) means the area comprising the Member States of the European Union together with Iceland, Liechtenstein and Norway, where the GDPR and related data protection rules apply.

All other capitalized terms used in this Privacy Policy shall have the same meaning as defined in article 4 GDPR (such as personal data, controller, processor, data subject, and others), unless defined otherwise in this definition clause.

Personal Data we collect:

Personal Data categories collectedWhat we use it for
Cookies and Tracking Technologies:
  • Session identifiers
  • Cookie consent status
  • IP address
  • Date and time of consent
  • Device identifiers
We may use common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites or when you interact with emails we send to you.

For detailed information about the Cookies and similar technologies we use on our Site, please visit our Cookie Policy.
Data about our customers:
  • Email address
  • First name and last name
  • Company name
  • Job title
  • Location
  • Time zone
  • LinkedIn profile link
Our websites and products require the minimal amount of data necessary to provide Services to you, and the amount or type of data we collect depends on the product or service you choose or how you use it. We do not sell your personal data and we do not share your information with third parties for those third parties' own business interests.

We use the information we collect and share it with our service providers primarily to provide the Services you've requested from us, and as needed for our operational purposes (e.g. to collect payment). In addition, we may use data about our customers to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services.
Data we process during account creation and account usage:
  • Contact details
  • Email address
  • Billing information to facilitate payment and communication
  • Your IP address
  • First name and last name
  • Password (in encrypted form)
  • Account Registration date
When you sign up for an account with us, we ask for certain information. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

Information You Share Directly:
Name and contact information. When you sign up for an account with us, you authenticate using your email account. The information we receive may vary depending on the email address and your email service provider. We collect this information so we know who you are — this helps us communicate with you about your account(s), recognize you when you communicate with us, bill you correctly, and provide other Services.

Information We Generate or Collect Automatically:
Device information and IP addresses. We collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We also collect IP addresses when you make requests to our APIs and in our server logs. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.
Payment Information:
  • Card/account holder's first name and last name
  • Email address
  • Billing address (Street, City, Postal code, Country)
  • NIP / VAT ID number
  • Payment card details (Card number, Expiry date, CVC code)
  • Payment method (e.g. Visa, MasterCard, PayPal)
  • Device and browser details
  • IP address
  • Transaction history
We collect payment information necessary to process your purchases. All payment transactions are securely handled by trusted third-party payment processors. We do not store your full payment card details on our servers. Third-party processors collect and process your payment data on our behalf in accordance with their privacy policies and applicable data protection laws.
Data we process from our website and interactions:
  • Mouse movements and cursor path
  • Click coordinates
  • Scroll depth
  • Browser window resize changes
  • Browser type and version
  • Operating system
  • Device type (Desktop/Mobile)
  • Screen resolution
  • Country and region
When you visit our website, we may collect information automatically using tracking technologies like cookies and through web forms. We collect this information to provide what you request through the web form, to learn more about who is interested in our Services, and to improve navigation experience on our pages.
Data we collect through communication and support- Information you share directly:
  • Email address
  • Your phone number
  • Your case use of our products
  • Your Job title
  • First name and last name
  • Location
  • Time zone
  • Lead source information (where the client came from to the site)
  • Client's message content
On certain parts of our public-facing websites, you may be able to fill out forms to request contact from us, sign up for newsletters, or participate in surveys. The personal data requested on these forms will vary depending on the purpose of the form. Our team keeps a record of all communication with customers, including contact information and any other details shared during the conversation. This information is used to help us improve our Services, provide training to our team members, and manage our ongoing relationships with customers. It is important to be mindful of what information you share with these teams, as we store a record of these communications. To protect your privacy, it is best to avoid sharing sensitive personal data unless it is necessary for the teams to assist you. We will take appropriate measures to protect any sensitive information that is shared with us.
Processing of personal data of event participants:

Registration Data:
  • First name and last name
  • Email address
  • Operational data from the website (including IP address, connection date and time, device parameters (e.g., browser type, laptop or phone), and location.)

Event Data:
  • Photos of participants
  • Video recordings of participants
Why we process your personal data
We process your personal data in order to ensure your participation in the event held by us. The legal basis for processing your data is your consent (Art. 6(1)(a) of GDPR) as well as Art. 6(1)(f) of GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party) This legitimate interest relates to:
  • Operational Necessity: Processing data necessary for the performance of the event (e.g., badge printing, attendance tracking, providing essential information).
  • Fraud and Security Prevention: Detecting, investigating, and preventing security incidents, fraud, abuse, or misuse of the event services.
  • Evaluation and Improvement: Analyzing attendance data and collecting feedback (e.g., through anonymous surveys or aggregated data) to evaluate the success of the event and improve the quality of future events.
  • Defense of Legal Claims: Establishing, exercising, or defending legal claims that may arise in connection with the event.

Who we disclose your personal data to
We process personal data in an IT system partially based on cloud computing solutions belonging to external providers. This applies to email hosting, server hosting, well as application software. Whenever such processing involves transferring your data outside EEA (Where GDPR laws do not apply), it is done in accordance with legal instruments provided for by GDPR, ensuring adequate protection of your rights and freedoms. Detailed information on this subject you can find in privacy policies posted by suppliers on their websites. If you wish, you can obtain a set of useful links from us.

Is submitting personal data necessary to conclude contract with us
We do not sign any contract. However, entering your data is necessary for you to take part in the event.

How our personal data gets obtained
Personal data is obtained directly from you.
Processing of personal data of job candidates:
  • First name and last name
  • Email address
  • Phone number
  • CV file
Why we process your personal data
If you are considered a good candidate, we process your personal data to enable you to take part in the recruitment process.
At every stage of the process you are fully aware of your participation. Your personal data is then subject to processing according to your consent (art. 6 par. 1 pt. a. of GDPR).
You are able to withdraw your consent anytime (without affecting the legality of the processing which was carried out on the basis of consent prior to its withdrawal) by sending an email to the address you were contacted from, or [email protected].

Who we disclose your personal data to
We process personal data in an IT system partially based on cloud computing solutions belonging to external providers. This applies to email hosting, server hosting, well as application software. Whenever such processing involves transferring your data outside EEA (Where GDPR laws do not apply), it is done in accordance with legal instruments provided for by GDPR, ensuring adequate protection of your rights and freedoms. Detailed information on this subject you can find in privacy policies posted by suppliers on their websites. If you wish, you can obtain a set of useful links from us.

Is submitting personal data necessary to conclude contract with us
We do not sign any contract. However, entering your data is necessary for you to take part in the event.

How your personal data gets obtained
You have answered our posting using our web form, by sending an email or by contacting us directly. Therefore, the first bunch of data we get directly from you. We might, however, wish to supplement them with our assessment of your suitability for a specific position by means of competence tests.
Processing personal data for marketing and commercial purpose:
  • Work email address
  • Work phone number
  • Job title
  • Company name and industry
  • Office location
  • LinkedIn profile link
  • History of opened sales emails
We may use your email address to send you information about other Software Mansion Services or events in which we think you may be interested, if you opt-in to receive such communication. You can opt-out at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from us. You can also contact us to communicate your choice to opt out. Please note that it may take up to three days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from third-party providers. We use this information to help us understand our customer base better, such as your industry, the size of your company, and your company's website URL.

The legal basis for processing marketing information, specifically with respect to publicly available data, is the legitimate interest pursued by the controller. This legitimate interest includes the expansion of the business contacts database and the analysis of market conditions.

Why we process your personal data
We process your personal data for direct marketing and commercial purposes, including providing you with commercial information relating to our offer and events we organize. Your personal data is then subject to processing according to your consent (art. 6 par. 1 pt. a. of GDPR).
The legal basis for contacting you via email is the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2002, No. 144 pos. 1204).
You are able to withdraw your consent anytime (without affecting the legality of the processing which was carried out on the basis of consent prior to its withdrawal) by sending an email to the address you were contacted from, or [email protected].

Who we disclose your personal data to
We process personal data in an IT system partially based on cloud computing solutions belonging to external providers. This applies to email hosting, server hosting, well as application software. Whenever such processing involves transferring your data outside EEA (Where GDPR laws do not apply), it is done in accordance with legal instruments provided for by GDPR, ensuring adequate protection of your rights and freedoms. Detailed information on this subject you can find in privacy policies posted by suppliers on their websites. If you wish, you can obtain a set of useful links from us.

How your personal data gets obtained
You have answered our posting using our web form, by sending an email or by contacting us directly. Therefore, the first bunch of data we get directly from you. We might, however, wish to supplement them with our assessment of your suitability for a specific position by means of competence tests.

Automated processing and profiling
We process your data by profiling. Profiling shall mean any form of automated processing of personal data by the Software Mansion, which involves the use of personal data to assess certain personal factors, in particular to analyse or forecast preferences, interests, credibility, behaviour, location or movement of the Client.
Processing personal data of contracting partners:
  • Company name
  • NIP number
  • Registered office address
  • Bank account number
  • Names of contact persons
  • Business email addresses and phones of representatives
Why we process your personal data
We process your personal data in order to perform the contract and in order to fulfill the tax obligations.
The legal basis for processing your data is therefore Art 6. par. 1 pt. b) of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;) as well as art. 6 par. 1 pt. c) of GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject).
If the agreement has been made by your employer or a subject represented by you, however it is you who is in touch with us on their behalf. In such cases, processing of your personal data is based on the premise from art. 6 par. 1 pt. f of GDPR - i.e. the premise of legitimate interests pursued by the controller. The legitimate interest is our will to fulfill the contract with the subject that designated you as their representative. We assume in good faith that this entity was in agreement with you before handing your details over to us, or that the representation of this entity is among your duties.
If you are our contracting partner and you do not fulfill your contractual obligations, the legal basis for the processing of your personal data by us is also art. 6 par. 1 pt. f) of GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child). Under this legal basis, claims might be filed against you.

Who we disclose your personal data to
Your personal data is revealed within legal limitations to state authorities entitled by law (e.g. tax office). Your data will also be disclosed to the external accounting office that services us. We process personal data in an IT system partially based on cloud computing solutions belonging to external providers. This applies to email hosting, server hosting, well as application software. Whenever such processing involves transferring your data outside EEA (Where GDPR laws do not apply), it is done in accordance with legal instruments provided for by GDPR, ensuring adequate protection of your rights and freedoms. Detailed information on this subject you can find in privacy policies posted by suppliers on their websites. If you wish, you can obtain a set of useful links from us.

Is submitting personal data necessary to conclude contract with us
We collect your personal data to the extent necessary to conclude and fulfill the contract. Part of the data is also necessary for the performance of our obligations under the law (tax regulations, accounting regulations, obligations under the provisions on sales warranties). Failure to provide your personal data will, unfortunately, prevent the conclusion and implementation of the contract.

How your personal data gets obtained
We get your personal data from the entity you represent.

Automated processing and profiling
We do not process your data in an automated way and we do not conduct data profiling as understood by GDPR.

Notwithstanding the above, we may use your Personal Data to enforce any agreements we might enter into with you, to defend our legal rights, to conduct audits, to comply with our legal obligations and internal policies, to contact you for administrative purposes such as to address intellectual property infringement, privacy violations or defamation issues related to user content posted on the Service. When we do so, we will use Personal Data relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on us.

How long your personal data will be kept and maintained

Software Mansion will store your User Data as long as needed to provide you with our Services and to operate our business. If you ask Software Mansion to delete specific personal data from your User Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions. We do not store the data from the contact form for longer than necessary to respond to you and keep in touch with you (if you wish so).

Third-party service providers or consultants

We may share your Personal Data with certain third parties which help us provide you with Software Mansion Products or services, or to run our business, for example to providers of data storage and backup services. You can find the list of all subprocessors. We may also share your Personal Data with individual representatives of your company.

Data Subject Rights

You have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete information.
  • Right to Erasure (Right to be Forgotten): Under certain conditions, you may request the deletion of your personal data.
  • Right to Restrict Processing: You can request the limitation of processing of your personal data under specific circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another controller.
  • Right to Object: In some cases, you may object to the processing of your personal data.
  • Right to be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how we process your personal data.
  • Withdrawal of Consent: In accordance with Article 13(2)(c) of the GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. As a visitor to this website, you can adjust or withdraw your consent via the consent banner on the site or by contacting the website operator using the contact details provided in this privacy policy. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise these rights, please contact us at [email protected]. We will exercise your rights only after receiving your written request to exercise a particular right indicated above and only after confirming the validity of your identity.

Your requests shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within one month from the date of submission of the request meeting our internal rules and GDPR. The period may be extended by two further months if the request is related to a great scope of personal data or other simultaneously examined requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. A response to you will be provided in a form of your choosing as the requester.

  • We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects' rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

Cookies and Tracking Technologies

We may use common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites or when you interact with emails we send to you.

Cookies

A cookie is a small piece of data stored on your device when you visit a website. Cookies allow us to identify your device as you navigate our websites. This makes navigating and interacting with our websites more efficient, easy and meaningful for you.
By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to us, we don't know who you are just because you visited our website. We use persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you've turned it off. These cookies enable core functionality such as security, network management, and accessibility and are necessary for our websites to function properly.
For detailed information about the Cookies and similar technologies we use in our Site, please visit our Cookie Policy.

Legal basis for processing Personal Data

Our approach to privacy compliance is a global one. No matter where you are located, we remain committed to abiding by all applicable data protection laws.

Regions Requiring a Legal Basis for Processing Personal Data

If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you only where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person, such as in the case where we request personal data from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact information provided below.
Broadly speaking, we use the Usage Data to further our legitimate interests to:

  • understand who our customers and potential customers are and their interests in the Services;
  • manage our relationship with you and other customers;
  • analyze user behavior, optimize performance, and enhance the user experience;
  • provide customer support and maintain a record of correspondence;
  • help detect, prevent, or investigate security incidents, fraud and other abuse or misuse of our Services.

United States

California Consumer Access and Deletion Rights
For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:

  • that we provide details about the categories of personal data that we collect about you, including how we collect and share it;
  • that we provide you access to the personal data we collect about you; and
  • that we delete the personal data we have about you.

Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. You must be a resident of California to make this request. The California Code of Regulations defines a "resident" as:

  1. every individual who is in the State of California for other than a temporary or transitory purpose and
  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

We have collected the following categories of personal data in the past twelve (12) months:

  • Identifiers
  • geolocation data
  • Internet or other similar network activity

Other regions

Some countries, other than the EEA, UK, and United States, also have specific privacy notice requirements, and we address those requirements in our general privacy sections above.

International data transfers

We may need to transfer your personal data to our affiliates, contractors, service providers, and to third parties in various countries and jurisdictions around the world. In each case, we take care to use appropriate safeguards to ensure your personal data remains protected.

Data transfers to the United States and elsewhere. When you use our cloud dashboard, or our other Services, personal data of you and your end users processed by Software Mansion may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.

Safeguards for data transfers. Software Mansion employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law.

Transfers from other countries. When we transfer personal data outside countries other than those in the EEA, the UK, and Switzerland, we strive to comply with the cross-border data transfer rules of those countries, such as by cooperating with that country's data protection authority or providing a written agreement to each customer that meets the data protection requirements of the country.

Security Information

How We Secure Personal Data

We use appropriate security measures designed to protect the security of your personal data both online and offline. These measures vary based on the sensitivity of the personal data we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place. When we transfer data across borders, we also take supplementary measures to ensure that data is protected.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

How we use personal data for security purposes

We may collect and use Usage Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services. In addition, we may also use records containing end user personal data to debug, troubleshoot, or investigate security incidents; to detect and prevent spam or fraudulent activity; and to detect and prevent network exploits and abuse. We may anonymize personal data and use it for our legitimate business needs, and, where allowed by law, this may include records containing end user personal data.

Handling disputes

If you have a dispute with us relating to our data protection practices, you can raise your concern or dispute by contacting us via email at [email protected].
For individuals in the EEA, the UK, or Switzerland, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
You have the right to lodge a complaint with a competent supervisory authority, if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. You may apply in accordance with the procedures for handling complaints that are established by the Personal Data Protection Office (UODO) of the Republic of Poland.

Changes to our Privacy Policy

We may change this Policy from time to time, and if we do, the most current version will be available on our website with the date at the top indicating when it was last updated. Any changes will take effect immediately upon their publication on our Website. We may update this policy periodically and will publish the latest version on our website with an effective date.