Privacy Policy

This Privacy Policy explains how White Raven ALEKSANDER IŻEMSKI ("we", "us", or "our") processes personal data when you use whiteraven.app (the "Site") and when you contact us about our software engineering services.

We process personal data in accordance with the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable privacy laws. Where local law gives you additional rights, those rights apply.

1. Data controller

The data controller responsible for your personal data is:

• White Raven ALEKSANDER IŻEMSKI
• NIP: 8792741703
• REGON: 523007968
• Website: https://whiteraven.app
• Email: contact@whiteraven.app

We operate as a remote software studio serving clients internationally.

We have not appointed a Data Protection Officer. For privacy questions, contact us at contact@whiteraven.app.

2. Scope

This policy applies to:

• Visitors who browse the Site;
• People who submit a project inquiry through our contact form or email;
• Subscribers to our blog RSS feed (no account is required; see Section 4);
• Business contacts who communicate with us about potential or active engagements.

It does not cover third-party websites linked from the Site, client projects we deliver under separate contracts, or employee/applicant data (handled under separate notices).

3. Personal data we collect

Depending on how you interact with us, we may process:

• Contact and inquiry data: name, work email address, company name, selected services, project timeline, budget range, and message content you choose to send.
• Communication data: email correspondence and metadata (dates, subject lines) when you write to us.
• Technical and usage data: IP address, browser type, device type, operating system, referring URL, pages viewed, approximate location derived from IP, session identifiers, and interaction events collected through analytics tools.
• Cookie and consent data: cookie identifiers, consent choices, and timestamps recorded by our cookie consent platform.

We do not intentionally collect special categories of personal data (such as health data) through the Site. Please do not include sensitive information in contact forms unless it is necessary for your inquiry.

4. How we collect personal data

• Directly from you when you complete our contact form, send email, or otherwise communicate with us. Our contact form prepares a message on your device and opens your email client; we receive data only when you send the email or follow up with us.
• Automatically when you visit the Site, through server logs and analytics technologies described in Section 6.

5. Purposes and legal bases

Under GDPR Article 6, we rely on the following legal bases:

Purpose	Data involved	Legal basis
Respond to project inquiries and pre-contract discussions	Contact and inquiry data, communication data	Steps at your request before a contract (Art. 6(1)(b)); legitimate interest in operating our business (Art. 6(1)(f))
Perform contracts and deliver services to clients	Contact, communication, and project-related data	Performance of a contract (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f))
Operate, secure, and improve the Site	Technical and usage data, server logs	Legitimate interest in maintaining a secure, reliable website (Art. 6(1)(f))
Measure audience and Site performance with analytics	Technical and usage data, cookie identifiers	Your consent where required (Art. 6(1)(a)); legitimate interest for strictly necessary measurement where consent is not required (Art. 6(1)(f))
Record and manage cookie preferences	Cookie and consent data	Your consent (Art. 6(1)(a)); legal obligation to respect choices where applicable (Art. 6(1)(c))
Comply with law, enforce terms, and protect rights	Relevant data in our systems	Legal obligation (Art. 6(1)(c)); legitimate interest (Art. 6(1)(f))

Where we rely on legitimate interests, we balance our interests against your rights. You may object to processing based on legitimate interests as described in Section 10.

6. Cookies and similar technologies

We use cookies, local storage, and similar technologies. Non-essential cookies and analytics scripts are managed through our consent banner provided by Cookie Script (ID: 824b5af3c4c24b4ba3816ef1318f1c55). You can accept, reject, or customize categories at any time through the banner or your browser settings.

6.1 Cookie categories

• Strictly necessary: required for core Site functions and to remember your consent choices. These do not require consent under the ePrivacy rules in most EU member states.
• Analytics and performance: help us understand how visitors use the Site. We use Google Analytics (property ID: G-GYWDW0JC8G) and Microsoft Clarity (session recordings and heatmaps). These tools are loaded in accordance with your consent choices where required.

6.2 Managing cookies

You can withdraw consent at any time by reopening the cookie settings on the Site or clearing cookies in your browser. Blocking cookies may affect Site functionality. For browser controls, see your browser's help documentation.

7. Recipients and processors

We share personal data only as needed with:

• Hosting and infrastructure providers (including Cloudflare) that deliver and protect the Site;
• Analytics providers: Google LLC (Google Analytics) and Microsoft Corporation (Clarity);
• Cookie consent provider: Cookie Script (Digital Data Solutions);
• Email and communication tools you or we use to exchange messages;
• Professional advisers (lawyers, accountants) when necessary and subject to confidentiality;
• Authorities when required by law or to protect legal rights.

These parties process data on our instructions under data processing agreements where required by GDPR. We do not sell your personal data.

8. International transfers

Some providers listed above are located in the United States or other countries outside the European Economic Area (EEA) and UK. When we transfer personal data internationally, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms, and we assess supplementary measures where required.

You may request more information about transfer safeguards by emailing contact@whiteraven.app.

9. Retention

We keep personal data only as long as necessary for the purposes above:

• Marketing and pre-contract inquiries: up to 24 months after last contact, unless a longer period is needed for an active discussion or legal claim.
• Client project data: for the duration of the engagement and as required by contract, accounting, or law (typically up to 7 years for business records where applicable).
• Analytics data: according to each provider's configured retention (Google Analytics and Clarity retention settings are reviewed periodically; aggregated statistics may be kept longer).
• Server and security logs: typically up to 90 days unless needed for incident investigation.
• Cookie/consent logs: as required to demonstrate compliance, generally up to 12 months.

When data is no longer needed, we delete or anonymize it.

10. Your rights

If GDPR or UK GDPR applies to you, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase data in certain circumstances ("right to be forgotten");
• Restrict processing in certain circumstances;
• Data portability for data you provided, where processing is based on consent or contract and carried out by automated means;
• Object to processing based on legitimate interests or for direct marketing;
• Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal;
• Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (we do not use such processing on the Site).

To exercise these rights, email contact@whiteraven.app. We may need to verify your identity before responding. We aim to reply within one month, as required by GDPR.

11. Supervisory authority complaints

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA member state or UK nation where you live, work, or where an alleged infringement occurred.

A list of EU supervisory authorities is published by the European Data Protection Board at edpb.europa.eu. UK residents may contact the Information Commissioner's Office at ico.org.uk.

We encourage you to contact us first so we can try to resolve your concern.

12. Security

We implement appropriate technical and organizational measures to protect personal data, including HTTPS encryption, access controls, and vendor due diligence. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

13. Children

The Site is intended for business professionals. We do not knowingly collect personal data from children under 16 (or the age defined by local law). If you believe a child provided us data, contact us and we will delete it.

14. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on visitors.

15. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when it was revised. Material changes will be posted on this page. Continued use of the Site after changes constitutes notice of the updated policy where permitted by law.

16. Contact

For privacy requests or questions about this policy, email contact@whiteraven.app with the subject line "Privacy request".