Privacy Policy

of inflee.app

Your privacy matters to us. Below you will find detailed information about how we process and protect your personal data in accordance with the GDPR.

Effective: March 1, 2026|GDPR Compliant

Appendix No. 2 to the Terms of Service for Electronic Services

Privacy Policy of the Inflee.app Website

1. General Information

This Privacy Policy sets out the rules for processing personal data of users of the Inflee.app website, available at inflee.app and app.inflee.app (hereinafter: the "Service"), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, 4.5.2016, p. 1, as amended).

2. Data Controller

The controller of personal data is AQUATREK SOLUTIONS PROSTA SPÓŁKA AKCYJNA, with its registered office in Łódź, ul. Romana 20A, 93-370 Łódź, Poland, entered in the National Court Register (KRS) by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the KRS under number 0001044483, NIP (Tax ID): 7292750466, REGON: 525692626, with share capital of PLN 50,000.00.

Contact: e-mail: contact@inflee.app, phone: +48 534 874 104.

3. Who Is This Privacy Policy Addressed To?

persons visiting the Service and our social media profiles,
users purchasing products and services offered by us through the Service,
Newsletter subscribers,
persons contacting us.

4. Data Collection

We collect user data in connection with:

users visiting our Service,
visiting our social media profiles,
creating an account in the Service,
purchasing a product or service,
using a product or service,
voluntarily contacting us,
subscribing to the newsletter,
use of cookies or similar internet technologies.

5. Scope of Processed Data

When using the Service, we may process the following data:

Data voluntarily provided during account registration: first name, last name, e-mail address, phone number, password;
Data collected during purchase transactions: first name, last name, company (optional) – tax ID (NIP), company registration data, address (street, house number, apartment number, postal code, city, country), contact details (e-mail address, phone number), payment method data, user's bank account number, account holder data;
Data voluntarily entered by the user for the purpose of creating an e-book ("Input Data");
Data voluntarily provided by the user when contacting us;
Data collected during complaint processing: first name, last name, e-mail address, phone number, address (street, house number, apartment number, postal code, city, country), information about the product/service being complained about, order number, other information voluntarily provided by the user;
Data collected during user visits to our social media platforms: first name, last name, username, e-mail address, photo or avatar, other user information stored in their social media profile, content of correspondence directed to us, content of posts made by users, cookies and other statistical data collected in the social media platform;
Data collected automatically: IP address, technical data regarding the device and browser, cookies, statistical data from analytical tools (e.g., Google Analytics).

6. Purposes and Legal Bases for Data Processing

Your data may be processed for the following purposes:

conclusion and performance of a contract for the provision of electronic services regarding the execution of sales through the Service and the provision of services related to the operation and maintenance of the user account – the legal basis is the necessity of processing for the performance of the contract binding the parties (Art. 6(1)(b) GDPR);
analytical and statistical purposes – the legal basis is our legitimate interest, consisting of conducting analyses of user activity in the Service and their manner of using the account, as well as their preferences in order to improve the functionalities used (Art. 6(1)(f) GDPR);
possible establishment and pursuit of claims or defense against them – the legal basis is the legitimate interest of the Controller, consisting of protecting its rights (Art. 6(1)(f) GDPR);
making marketing offers – the legal basis is consent given by the user (Art. 6(1)(a) or (f) GDPR);
processing complaints, on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR);
fulfillment of obligations arising from legal provisions (Art. 6(1)(c) GDPR).

7. Data Recipients

In order to provide services, we use external entities to whom, if necessary, we disclose Users' personal data. The most important entities whose services we use include:

IT and cloud service providers (hosting, site administration, configurator providers),
Electronic payment system providers, including:
- a) STRIPE – payment system,
- b) INFAKT – online accounting system.
AI system providers, including:
- a) Text Generation API – text generation services,
- b) Claude Haiku 3.5 and Claude 4 – language models by Anthropic,
- c) Image Generation Provider – external system for generating images from descriptions,
- d) Google AI Studio – including: Imagen 3, Imagen 4 and Imagen 4 Ultra – tools for generating graphics and visual content.
Banks where we hold accounts, electronic payment systems,
Analytical tool operators, e.g., Google Analytics (aggregated data, without identification of specific persons),
Newsletter system providers,
Advisory and legal firms to the extent necessary for the fulfillment of legal obligations.

If required by law, we will disclose personal data to other entities, mainly public ones, including in response to a court order, subpoena or other legal request or inquiry carried out in the exercise of public authority, and only if such a request is based on a proper legal basis.

Apart from the situations described above, we do not sell or transfer personal data to third parties.

User data will not be transferred to an international organization. Your personal data may in some cases be transferred outside the EEA (European Economic Area), however only to locations where your rights are protected in accordance with the principles set out in the GDPR. This is related, for example, to the use of IT systems provided by an entity outside the EEA that is on the list of organizations ensuring compliance with the "EU–US Data Privacy Framework" published by the U.S. Department of Commerce.

8. Data Retention Period

The period for which we collect users' personal data depends on the legal basis on which the processing is based.

In the case of user consent, we process data until it is withdrawn or the processing purposes are achieved (when the data is no longer needed).
In the case of contract performance, we process data for the period related to the fulfillment of the contract terms, execution of the order or service, and after its expiry for the limitation period for claims.
In the case of fulfilling a legal obligation, we process data for the period required by the legal provisions imposing such an obligation.
In the case of our legitimate interest, we process data for the period of existence of such legitimate interest, e.g., the need to communicate with the user, present offers of our products and services, limitation of claims, as well as for the time during which we must account for the proper processing of data.

The user may at any time object to the processing of data by us on the basis of consent without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. The user may object if we process personal data on the basis of our legitimate interest, but considers that their rights and freedoms override such interests.

9. Your Rights

The user has the right to:

access their data – the user has the right to obtain information about what personal data we process;
rectification of data – the user may send us a statement regarding the incorrectness of their personal data;
request their erasure – if the user believes there are no grounds for us to process their data, the user may request that we delete them;
restriction of processing – the user may request that we restrict the processing of their personal data if they believe the data is incorrect or we process it without a legal basis, but they do not want us to delete it because they need it to protect or establish claims, or for the duration of their objection to data processing. Restriction of processing means that the user's data will only be stored or we will only carry out actions agreed upon by the user;
data portability – the user may request that we transfer their personal data that we process in electronic systems, with the user's consent or for the purpose of contract performance, in a commonly used machine-readable format, or send the user's personal data to another Controller;
object to processing – (if processing was based on consent) at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. The user may object if we process personal data on the basis of our legitimate interest, but the user considers that their rights and freedoms override such interests;
withdraw consent at any time – withdrawal of consent does not affect the lawfulness of personal data processing carried out on the basis of consent given before its withdrawal;
lodge a complaint with the President of UODO – details for filing a complaint can be found in point 12 below.

10. Cookies and Tracking Technologies

The Service uses cookies.
Cookies are small text files sent by the web server and stored by the browser software. When the browser reconnects with the website, the site recognizes the type of device the user is connecting from. The parameters allow the information contained in them to be read only by the server that created them. Cookies thus facilitate the use of previously visited websites. The information collected relates to the IP address, type of browser used, language, type of operating system, internet service provider, time and date information, location, information sent to the website via the contact form, etc.
The entity placing cookies on the Service user's end device and accessing them is the Controller.
Cookies are used for the following purposes:
- creating statistics that help understand how Service users use web pages, which enables improving their structure and content;
- maintaining the Service user's session (after logging in), so that the User does not have to re-enter the login and password on each subpage of the Service;
- determining the user's profile in order to display matching materials in advertising networks, in particular the Google network.
Within the Service, two basic types of cookies are used: "session" cookies and "persistent" cookies. Session cookies are temporary files that are stored on the User's end device until logging out, leaving the website or shutting down the software (web browser). Persistent cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
Web browsing software (web browser) usually allows cookies to be stored on the User's end device by default. Service Users may change settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the web browser.
Restrictions on the use of cookies may affect some of the functionalities available on the Service's web pages.
Cookies placed on the Service user's end device may also be used by advertisers and partners cooperating with the Service operator.
We recommend reading the privacy policies of these companies to learn about the rules for using cookies used in statistics: Google Analytics Privacy Policy. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the user uses the Service. For this purpose, they may retain information about the user's navigation path or time spent on a given page.
Regarding information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

11. Server Logs

Using the Service involves sending requests to the server on which the website is stored and recording them in server logs. Logs are saved and stored on the server. This data is used solely for the purpose of administering the Service and to ensure the most efficient operation of the hosting services provided. Browsed resources are identified by URL addresses. In addition, the following may be recorded:
- time of request arrival,
- time of response sent,
- client station name – identification performed by the HTTP protocol,
- information about errors that occurred during HTTP transaction processing,
- URL address of the page previously visited by the user (referrer link) – in case the transition to the Service was through a link,
- information about the user's browser,
- information about the IP address.
The above data is not associated with specific persons browsing the pages.
The above data is used solely for server administration purposes.

12. Supervisory Authority

If you find that the processing of your personal data by the Controller is not in compliance with data protection regulations, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) – ul. Moniuszki 1A, 00-014 Warsaw, Poland. Detailed information on how to file a complaint can be found here: https://uodo.gov.pl/pl/

Any comments or objections regarding the manner of processing your data should be sent by traditional mail to the Controller's address or via e-mail: contact@inflee.app.

13. Policy Changes

In conclusion, we would like to inform you that we reserve the right to change this privacy policy. These changes may be made by publishing a new privacy policy on our website. After a change is made, the Privacy Policy will appear on the page with a new date.

This version of the Privacy Policy is effective from March 1, 2026.