C
Civiq
Anmelden

Privacy Policy

Last updated: March 2026

1. Controller

The controller responsible for data processing on this platform pursuant to Art. 4(7) GDPR is:

MBYT LTD
Agias Napas 6, Office 201
8250 Emba, Paphos, Cyprus
office@mbyt.eu

2. Data We Collect

  • Account data: Email address, hashed password, account creation timestamp.
  • Profile data: Display name (optional), selected region, notification preferences.
  • Usage data: Votes cast (anonymised), polls created, participation history.
  • Technical data: IP address (truncated after 24 h), browser type, operating system, access times.
  • Payment data: Donation amount, currency, Stripe payment intent ID. We never store full card numbers.
  • Communication data: Messages sent via the contact form.

3. Legal Basis for Processing (Art. 6 GDPR)

  • Art. 6(1)(b) GDPR — Contract fulfilment: Processing account and participation data to provide the platform service.
  • Art. 6(1)(a) GDPR — Consent: Newsletter sign-up (withdrawal possible at any time).
  • Art. 6(1)(f) GDPR — Legitimate interest: Security logging, fraud prevention, platform integrity, anonymous analytics.
  • Art. 6(1)(c) GDPR — Legal obligation: Accounting records for donation transactions.

4. Data Sharing with Third Parties

  • Stripe, Inc. — Payment processing for donations. Stripe processes payment data under their own Privacy Policy. Data may be transferred to the USA under standard contractual clauses.
  • Resend — Transactional email delivery (account confirmation, notifications). Email address and message content are transmitted.
  • Fly.io, Inc. — Hosting infrastructure. Your data is stored on servers within the EU (Frankfurt region).
  • Sentry — Error monitoring. Anonymised error reports may include stack traces and request metadata.

We do not sell personal data to any third party.

5. Data Retention

  • Account data: retained for the lifetime of your account.
  • Deleted accounts: all personally identifiable data erased within 30 days; anonymised participation statistics may be retained.
  • IP addresses: truncated after 24 hours, deleted after 7 days.
  • Donation records: retained for 10 years pursuant to Cypriot tax/accounting law.
  • Contact form messages: deleted after 6 months.

6. Your Rights (Art. 15–21 GDPR)

You have the right to access, rectify, erase, restrict processing of, and portability of your personal data. You may also object to processing based on legitimate interests. To exercise your rights, contact us at:

office@mbyt.eu

You also have the right to lodge a complaint with the supervisory authority: Office of the Commissioner for Personal Data Protection, Cyprus (www.dataprotection.gov.cy).

7. Cookies

We use only technically necessary cookies: a session cookie for authentication and a CSRF protection token. No tracking or advertising cookies are used. No consent banner is shown as all cookies are strictly necessary.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and notify registered users by email for material changes.