Brandiff.io
Brandiff.io

Privacy Policy

Last updated: November 14, 2025

1. General Information

This Privacy Policy defines the principles of processing and protecting personal data of users of the Brandiff.io service, available at brandiff.io.

Data Controller:

mfir.tech Maciej Firuta (hereinafter "Controller")

Address: Boya-Żeleńskiego 15, 75-713 Koszalin, Poland

VAT ID: 4990619001

REGON: 520310666

E-mail: maciej.firuta@mfir.tech

2. Types of Data Collected

Data provided voluntarily:

  • Name and surname (contact form)
  • Email address (contact form, newsletter)
  • Message content (contact form)
  • Phone number (optional in contact form)

Data collected automatically:

  • IP address
  • Browser and device information
  • Time and date of visit
  • Pages visited

3. Data Processing Purposes

  • Handling inquiries sent through the contact form
  • Sending newsletters (with consent)
  • Website traffic analysis for optimization purposes
  • Ensuring service security
  • Preparing competitive analyses based on publicly available data
  • Fulfilling legal obligations

⚠️ Important Information About Analyses

Data Source: Competitive analyses are prepared exclusively based on publicly available data, including content from websites entered by the user.

AI Processing: Data is processed using OpenAI artificial intelligence technology. Analysis results presented in the application are generated based on AI algorithms.

Limitation of Liability: We are not responsible for the accuracy, timeliness or completeness of analyzed data, results generated by AI systems, or for the consequences of decisions made based on them.

4. Legal Basis for Processing

  • Consent (Art. 6(1)(a) GDPR) - newsletter, analytical and marketing cookies
  • Legitimate interest (Art. 6(1)(f) GDPR) - traffic analysis, security
  • Contract performance (Art. 6(1)(b) GDPR) - handling inquiries, preparing competitive analyses

5. Cookies

Our website uses the following types of cookies:

Essential Cookies

Required for basic website functionality. Store user preferences regarding cookies and site settings.

Analytical Cookies

Used to understand how visitors interact with the website. Help us improve the site by collecting and reporting information anonymously.

Marketing Cookies

Used to personalize ads and track the effectiveness of marketing campaigns.

6. Data Sharing

Personal data may be shared with the following categories of recipients:

  • IT service providers (hosting, analytics) - Vercel, Google Analytics
  • Email service providers (newsletter, notifications) - Resend, MailerLite
  • Payment service providers - Stripe, PayU
  • Artificial intelligence service providers - OpenAI (data processing for competitive analyses)
  • State authorities (in cases provided by law)

International Transfers

Some service providers (e.g., Google Analytics, Vercel, OpenAI) may process data outside the European Economic Area (EEA). These transfers are secured with appropriate safeguards, such as European Commission adequacy decisions or standard contractual clauses approved by the European Commission. OpenAI applies appropriate security measures in accordance with OpenAI's privacy policy.

7. Data Retention Period

  • Contact form data: up to 3 years from last contact
  • Newsletter data: until unsubscribing or withdrawing consent
  • Analytical data: up to 26 months
  • Server logs: up to 12 months

8. User Rights

Under GDPR, you have the following rights:

  • Right of access to data
  • Right to rectification of data
  • Right to erasure of data
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

To exercise the above rights, contact us at: maciej.firuta@mfir.tech

Right to Lodge a Complaint

In case of violation of personal data protection regulations, you have the right to lodge a complaint with the supervisory authority - President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, e-mail: kancelaria@uodo.gov.pl).

9. Automated Decision Making and Profiling

The Controller does not make decisions in an automated way, including through profiling, that would produce legal effects concerning the data subject or similarly significantly affect such person.

10. Data Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction or damage.

Technical measures:

  • • HTTPS/TLS encryption
  • • Secure password storage
  • • Regular backups
  • • Security monitoring

Organizational measures:

  • • Limited data access
  • • Data protection training
  • • Incident response procedures
  • • Regular security audits

11. Privacy Policy Changes

We reserve the right to make changes to this Privacy Policy. We will inform about all changes on this page. We recommend regularly checking the content of the Privacy Policy.

12. Contact

In case of questions regarding personal data processing or this Privacy Policy, please contact:

mfir.tech Maciej Firuta

Address: Boya-Żeleńskiego 15, 75-713 Koszalin, Poland

E-mail: maciej.firuta@mfir.tech

Product website: brandiff.io