Legal

Privacy Policy

Last updated:  ·  Effective:

This policy explains what personal data SmartCapture collects when you visit smartcapture.net or contact us through the site, why we collect it, and what rights you have. We've kept it short and plain — if anything is unclear, email us at the address below.

1. Who we are (the controller)

The data controller is SmartCapture, operating the website smartcapture.net. For any privacy-related request, contact us at privacy@smartcapture.net.

TODO before publishing: add registered address and NIP number (GDPR Art. 13(1)(a) requires controller contact details). Legal entity: Smart Capture Marcin Adamczyk.

2. What we collect

We only collect personal data in two situations:

a) When you contact us through the form

  • Your name and email address
  • The message you send us
  • Any additional details you voluntarily include (e.g. company name, phone)

b) When you visit the site

  • Aggregated, anonymous traffic statistics via Vercel Web Analytics — page views, referrers, approximate country-level location, device type. Vercel Analytics does not use cookies and does not build individual user profiles. We cannot identify you from this data.
  • Standard server logs kept by our hosting provider (Vercel) for security and reliability, including IP address and request metadata, retained for a short period.

We do not use advertising cookies, tracking pixels, social media trackers, or session replay tools. We do not sell personal data.

3. Why we collect it and our legal basis

Purpose Legal basis (GDPR Art. 6)
Respond to your enquiry sent via the contact form Art. 6(1)(b) — pre-contractual steps at your request, or Art. 6(1)(f) legitimate interest in responding to enquiries
Keep the site secure and operational (server logs) Art. 6(1)(f) — legitimate interest in site security
Understand aggregate site usage (Vercel Analytics, cookieless) Art. 6(1)(f) — legitimate interest in improving the site; no personal data processed

4. Who receives your data

We don't share your personal data with third parties for their own purposes. We do rely on a small number of service providers (processors) to operate the site:

  • Vercel Inc. (United States) — hosting and cookieless web analytics. Transfers outside the EEA rely on the EU Standard Contractual Clauses.
  • Resend (Resend Inc., United States) — transactional email delivery. When you submit the contact form, Resend processes your name, email address, and message solely to deliver that email to our inbox. Resend operates on AWS infrastructure in the US; transfers outside the EEA rely on the EU Standard Contractual Clauses.
  • Microsoft Corporation (Microsoft 365) — the email inbox that receives messages submitted through the contact form. Transfers outside the EEA rely on the EU Standard Contractual Clauses and Microsoft's EU Data Boundary commitments.

We disclose data to authorities only when legally required.

5. How long we keep it

  • Contact-form messages: retained in our inbox for up to 24 months after the last exchange, then deleted unless we've established a business relationship that requires longer retention (e.g. an active contract).
  • Server logs: retained by our hosting provider for a short period (typically days to weeks) and then automatically deleted.
  • Vercel Analytics data: aggregated and retained per Vercel's own retention policy; no individual-level records are kept.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure ("right to be forgotten")
  • Request restriction of processing
  • Data portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time, where processing is based on consent (withdrawal doesn't affect the lawfulness of prior processing)

To exercise any of these rights, email privacy@smartcapture.net. We'll respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Poland this is the President of the Personal Data Protection Office (UODO)uodo.gov.pl.

7. International transfers

Our processors (Vercel, Resend, Microsoft) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework as the legal mechanism for those transfers.

8. Security

The site is served over HTTPS. Form submissions are transmitted encrypted in transit. Our inbox is protected by standard Microsoft 365 security controls including multi-factor authentication. Despite these measures, no system is perfectly secure — please don't send us sensitive data (e.g. health data, financial credentials) through the contact form.

9. Children

The site is aimed at business users. We don't knowingly collect data from anyone under 16. If you believe a child has submitted data, email us and we'll delete it.

10. Changes to this policy

If we change this policy, we'll update the "Last updated" date at the top. Material changes will be announced on the site.

11. Contact

Questions or requests: privacy@smartcapture.net