Application Privacy Policy

Audit WaveCore

1. GENERAL PROVISIONS

1.1. The owner of the Application is Kramsoft spółka z ograniczoną odpowiedzialnością, ul. Samuela Bogumiła Lindego 1C, 30-148 Kraków, Poland, registered in the Register of Entrepreneurs maintained by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0001010881, Tax ID (NIP): 6772488602, email address: kontakt@wavecore.pl, phone: +48 788 200 246.

1.2. Terms used in this Privacy Policy have the following meanings:

TERM	DEFINITION
Controller	Kramsoft spółka z ograniczoną odpowiedzialnością, ul. Samuela Bogumiła Lindego 1C, 30-148 Kraków, Poland, registered in the Register of Entrepreneurs maintained by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0001010881, Tax ID (NIP): 6772488602, email address: kontakt@wavecore.pl, phone: +48 788 200 246.
Application	the "Audit WaveCore" application in web version provided by the Controller, enabling AI visibility audits (Claude, ChatGPT, Perplexity)
personal data	information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Terms of Service	the terms and conditions governing the use of the Application
GDPR	Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Device	a device on which the User can use the Application, having Internet access functionality, in particular a computer, smartphone, or tablet
Users	users of the Application, persons signing up for the waitlist, and those using AI audit services

1.3. As part of the Application's operations, User data, including personal data, may be collected, processed, and used. The Application only requests access to data essential for using the basic functionalities of the Application and collects and uses only the data required to perform a given action.

1.4. Use of the Application and providing data when signing up for the waitlist is voluntary.

1.5. The scope of User data includes:

1.5.1. data necessary for signing up for the waitlist and using the Application (as indicated in the Application),
1.5.2. data related to the use of the Application (e.g., login dates, time spent using the Application, usage patterns, features used),
1.5.3. data relating to the Device and the User themselves.

1.6. The Controller ensures proper protection of User data by implementing appropriate organizational and technical measures.

2. PERSONAL DATA CONTROLLER

2.1. The controller of Users' personal data is Kramsoft spółka z ograniczoną odpowiedzialnością, ul. Samuela Bogumiła Lindego 1C, 30-148 Kraków, Poland, registered in the Register of Entrepreneurs maintained by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0001010881, Tax ID (NIP): 6772488602, email address: kontakt@wavecore.pl, phone: +48 788 200 246.

2.2. User data originates directly from the User and their Device.

3. PURPOSES OF PROCESSING

3.1. The Controller may, through the Application, collect and process personal data for the following purposes:

3.1.1. maintaining a waitlist for the Application launch:

3.1.1.1. the legal basis for processing is Article 6(1)(a) GDPR (consent),
3.1.1.2. providing personal data is voluntary,
3.1.1.3. without providing data, it will not be possible to join the waitlist.

3.1.2. contacting the User when they have sent a message to the Controller, filled out a contact form, or left a phone number or email address:

3.1.2.1. the legal basis for processing is Article 6(1)(f) GDPR, as responding to inquiries or correspondence is a legitimate interest of the Controller,
3.1.2.2. providing data for this purpose is voluntary but may be necessary to enable contact and provide a response,
3.1.2.3. without providing data, receiving a response from the Controller may not be possible, depending on the circumstances.

3.1.3. direct marketing of the Controller's products and services:

3.1.3.1. the legal basis for processing is Article 6(1)(a) GDPR, as processing is based on consent to receive marketing content given by the User; the legal basis may also be Article 6(1)(f) GDPR, when processing is necessary for the purposes of legitimate interests pursued by the Controller; such interest is promoting the Controller's services,
3.1.3.2. providing personal data for this purpose is voluntary. The User has the right to withdraw consent or object to processing for this purpose at any time.

3.1.4. pursuing claims or defending against claims from other entities:

3.1.4.1. the legal basis for processing is Article 6(1)(f) GDPR, as exercising rights in the event of a potential dispute is a legitimate interest of the Controller,
3.1.4.2. for this purpose of processing, the Controller will likely already have personal data,
3.1.4.3. depending on the nature of the dispute, providing additional personal data may be required by law.

3.1.5. fulfilling legal obligations incumbent on the Controller, such as maintaining accounting and bookkeeping documentation in accordance with applicable regulations:

3.1.5.1. the legal basis is Article 6(1)(c) GDPR,
3.1.5.2. providing data processed for this purpose is a statutory requirement,
3.1.5.3. failure to provide data would make it impossible, for example, to conclude a contract or issue an invoice in a specific situation.

3.1.6. statistics and analysis of User behavior in the Application:

3.1.6.1. the legal basis for processing is Article 6(1)(f) GDPR, as conducting statistics and analysis of User behavior in the Application is a legitimate interest of the Controller,
3.1.6.2. providing personal data for this purpose of processing is voluntary, but some data may also be collected automatically,
3.1.6.3. failure to provide data prevents conducting complete statistics and analysis of User behavior in the Application.

4. DATA RETENTION PERIOD

4.1. Personal data processed for the following purposes will be retained for the periods specified below:

4.1.1. for maintaining the waitlist - data will be processed until the Application launch and for a period of 1 year from the launch date,
4.1.2. for contacting the User - data will be processed for 1 year from the date of collection,
4.1.3. for direct marketing of the Controller's products and services - data will be processed until an objection to processing is raised or consent to receive commercial information is withdrawn,
4.1.4. for pursuing claims or defending against claims from other entities - data will be retained for the period necessary for claims to become statute-barred,
4.1.5. for fulfilling legal obligations incumbent on the Controller - data will be retained for the period required by law,
4.1.6. for conducting statistics and analysis of User behavior in the Application - data will be processed for 1 year from the date of collection.

4.2. Personal data collected through cookies may be retained for periods different from those indicated above. The User can delete cookies earlier.

5. DATA RECIPIENTS

5.1. The Controller may disclose personal data to recipients who process it on behalf of the Controller or act as separate, independent data controllers.

5.2. Disclosure of personal data to recipients is carried out in accordance with applicable law, in particular based on data processing agreements.

5.3. The Controller may entrust personal data to its subcontractors, i.e., entities whose services it uses for data processing, including in particular:

5.3.1. IT service providers, e.g., IT companies supporting the development of the Application,
5.3.2. entities handling the operation of the Application,
5.3.3. providers of services such as email, virtual disk, and applications supporting the management of the Controller's operations,
5.3.4. providers of tools supporting marketing activities,
5.3.5. entities providing marketing services,
5.3.6. legal, tax, and accounting advisors.

5.4. The Controller also entrusts data to its subcontractors such as dhosting.pl sp. z o.o. - provider of servers on which the Application is hosted.

5.5. The Controller may also disclose personal data to entities that will process it as separate personal data controllers.

5.6. The Controller is entitled to disclose personal data to other entities if such obligation arises from the provisions of law.

6. DATA TRANSFERS OUTSIDE THE EEA

6.1. The Controller does not transfer personal data outside the European Economic Area, except in situations where data is disclosed to the Controller's subcontractors (entities processing data on its behalf) who provide tools, applications, or services related to the functioning of the Application.

6.2. In cases where such a subcontractor is located or has its registered office outside the European Economic Area, data transfer takes place in accordance with European Commission decisions stating an adequate level of data protection (Article 45 GDPR). In the case of countries for which the European Commission has not issued a decision stating an adequate level of protection, data transfer takes place based on standard contractual clauses (Article 46(2) GDPR).

7. USER RIGHTS

7.1. The User whose data is concerned has the following rights:

7.1.1. the right to access their personal data and the right to receive a copy thereof,
7.1.2. the right to rectification of personal data,
7.1.3. the right to erasure of personal data,
7.1.4. the right to request restriction of processing of personal data,
7.1.5. the right to data portability,
7.1.6. the right to object to the processing of personal data,
7.1.7. the right to lodge a complaint with the President of the Personal Data Protection Office: ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland.

7.2. In the case of data processing based on consent, the User has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing that took place before the withdrawal. Consent may be withdrawn, for example, by sending appropriate information by email to the Controller's indicated email address.

7.3. The User may object to the processing of their personal data for marketing purposes at any time.

7.4. To exercise the above rights, the User may contact the Controller in any chosen manner.

8. AUTOMATED DECISION-MAKING

8.1. The Controller does not make decisions about Users based solely on automated processing, including profiling, that could produce legal effects concerning Users or similarly significantly affect them.

9. COOKIES

9.1. The Application uses cookies, which are stored on Users' end devices.

9.2. The use of cookies means their storage and access to them by the Controller.

9.3. Cookies are IT data, in particular text files, that are stored on the User's end device.

9.4. Cookies typically contain:

9.4.1. content (e.g., action identifiers);
9.4.2. domain name;
9.4.3. information about their storage time on the end device;
9.4.4. a number.

9.5. Cookies are used to:

9.5.1. customize the content of the Application to the User's preferences and optimize the use of the Application; in particular, these files allow recognition of the User's device and appropriate display of the Application, adapting it to their needs and preferences;
9.5.2. create statistics and analyses regarding the use of the Application.

9.6. The Application uses two basic types of cookies: "session" (session cookies, session storage) and "persistent" (persistent cookies, local storage).

9.7. "Session" cookies are temporary files stored on the User's end device until the session expires (e.g., leaving the Application, deleting them by the User, or closing the browser).

9.8. "Persistent" cookies are files stored on the User's end device for the time specified in the cookie parameters. However, the User can delete them earlier.

9.9. The Application may use the following types of cookies:

9.9.1. necessary cookies;
9.9.2. analytical cookies;
9.9.3. functional cookies.

9.10. Necessary cookies are used to ensure the Application functions properly, e.g., they enable filling out and submitting forms, as well as remembering privacy settings.

9.11. Analytical cookies enable checking visit details and traffic in the Application, including traffic sources and usage patterns (e.g., session duration). Consent to the use of this type of cookies is voluntary. Lack of consent prevents obtaining information about the use of the Application.

9.12. Functional cookies allow customizing the use of the Application to the User's preferences (e.g., login, plugins). Consent is voluntary, but lack of consent may limit the operation of some Application features.

9.13. Cookies do not change the settings or configuration of the end device or installed software.

9.14. Default browser settings allow cookies to be saved, but the User can change them.

9.15. The User can define the conditions for using cookies through the settings of the software (browser) installed on the end device.

9.16. The User can change cookie settings, including partially or completely restricting their storage.

9.17. Blocking or deleting cookies may limit the functionality of the Application and hinder the use of some of its options.

9.18. In accordance with the provisions of the Electronic Communications Act, the end user's consent to store information or access information already stored on the end user's telecommunications end device may also be expressed by the user through the settings of the software installed on their end device. Therefore, if the User does not wish to give such consent, they should change their browser settings.

9.19. Detailed information on changing browser settings regarding cookies and their deletion can be obtained on the official website of the specific browser used to navigate the Application.

10. FINAL PROVISIONS

10.1. The Controller processes Users' personal data in accordance with GDPR provisions, including implementing appropriate technical and organizational measures to ensure the security and appropriate confidentiality and integrity of personal data, including protection against unauthorized access to them, against unauthorized or unlawful processing, and accidental loss, unauthorized alteration, destruction, or damage.

10.2. The User will be informed of any significant modifications to the Privacy Policy.

10.3. In case of questions or concerns regarding the Privacy Policy, the User has the right to contact the Controller electronically at the provided email address: kontakt@wavecore.pl.

Controller's Details:

Kramsoft sp. z o.o.
ul. Samuela Bogumiła Lindego 1C
30-148 Kraków, Poland
KRS: 0001010881
Tax ID (NIP): 6772488602
Email: kontakt@wavecore.pl
Phone: +48 788 200 246

Last updated: 04/14/2026