RN
Video Plugins

Privacy Policy

1. Introduction
This Privacy Policy describes how The Widlarz Group sp. z o.o., with a registered office in Krakow, ul. Szlak 77/222, 31-153 Krakow, entered into register of entrepreneurs of the National Court Register by District Court Krakow-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS no.: 0000948896, Tax Id. No. (NIP): 6762610444, Industry Id. No. (REGON): 521042593, represented by: Bartłomiej Widlarz ("We," "Us," "Our") handles information. It is divided into two parts:

  • The data we collect from our Clients for business relationship purposes (where we act as a Data Controller).
  • The data we process on behalf of our Clients through our Services (where we act as a Data Processor).

2. Information We Process

A. As a Data Controller (Client Information):
To manage our business relationship with you ("Client"), we collect your name, email address, company information, and payment details. We use this to provide our Services, process payments, and communicate with you.

B. As a Data Processor (End-User Data):
On behalf of our Clients, our Software collects the following data points from our Client's end-users. Under GDPR, this is Personal Data.

  • Device and Application Data: Device ID, App ID.
  • Usage Statistics: Total Impressions, Total Downloads, Total Users, and the same statistics broken down per plugin.
  • Time-Based Data: Timestamps and Hourly breakdown of usage.

3. How We Use Information

A. Use of Client Information (as Controller):
We use your information to administer your account, provide customer support, and comply with legal obligations.

B. Use of End-User Data (as Processor):
We process End-User Data only on behalf of and as instructed by our Client (the Data Controller). The purpose is determined by our Client but is generally for analytics, optimization, technical monitoring, and business intelligence to help them understand and improve their application's performance and user experience. We do not use this End-User Data for our own purposes.

4. Data Sharing and Subprocessors
We do not sell personal data. To provide our Services, we partner with key third-party service providers who act as our subprocessors. It is important for you to understand that your data will be processed by these companies. Our primary subprocessors include:

  • Fly.io: We use Fly.io for our core application and database hosting. They process all End-User Data we collect and the Client Information we manage.
  • Google Firebase: We use Firebase for user authentication (Firebase Auth). This service processes and stores the credentials and associated personal data of end-users who sign up or log in to our Clients' applications.
  • Cloudflare: We use Cloudflare for domain connection, security (SSL), and as a content delivery network. Cloudflare processes network traffic data, which includes End-User IP addresses and other request details, to protect and accelerate our service.

5. Data Subject Rights

  • Clients: You have the right to access, correct, or delete your own account information.
  • End-Users: As we are a Data Processor, any individual wishing to exercise their data protection rights (e.g., access, deletion) regarding data collected via the Software must direct their request to our Client (the Data Controller). We will provide reasonable assistance to our Clients to help them respond to such requests, as detailed in our DPA.

6. International Data Transfers
As a company based in Poland, we adhere to the GDPR. However, to provide our services, we utilize a global infrastructure, which means that personal data we process may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA), most notably the United States.

We have a legal basis for these transfers and ensure your data remains protected to the standards required by EU law. The safeguards we rely on for each subprocessor are:

  • Fly.io: Data hosted on Fly.io is stored and processed in the United States. Fly.io complies with the EU-U.S. Data Privacy Framework (DPF), which is an approved mechanism for transferring personal data from the EU to the U.S.
  • Cloudflare: Cloudflare processes data globally and primarily stores information in the United States and the EEA. For transfers to the U.S., Cloudflare also adheres to the EU-U.S. Data Privacy Framework (DPF) and may use Standard Contractual Clauses (SCCs) for other transfers.
  • Google Firebase: As a Google service, data processed by Firebase is transferred to Google's global servers, which are primarily in the United States. Google complies with the EU-U.S. Data Privacy Framework and also offers Standard Contractual Clauses (SCCs) to ensure data is protected.

7. Data Security and Retention
We implement appropriate technical and organizational measures to protect data. We retain Client Information for the duration of our business relationship and as required by law. We retain End-User Data for the period instructed by our Client, as defined in the DPA.

8. Contact Us
For questions about this Privacy Policy, please contact us at hi@thewidlarzgroup.com.

Last updated: 2025-07-23