Privacy Policy
Effective March 2, 2026
Data Controller
SMALL DATA s.r.o., Reg. No 02095611, Vresovicka 429/1, 155 21 Praha 5, Czech Republic. You can reach us via the contact form.
What Data We Collect
Contact Form
When you submit the contact form, we process:
- Name, email address, subject, and message
- IP address and submission timestamp
- Pages you visited on our site before submitting (stored in your browser tab only)
- Referral source: advertising link parameters (UTM) or referring website/AI assistant
Blog Subscription
When you subscribe, we store your email address and IP address at the time of subscription.
Session Identifier
We set a short-lived first-party cookie (sid) to identify your browsing session. This cookie:
- Contains a random identifier with no personal data
- Expires after 30 days of inactivity
- Is refreshed on each visit to the site
- Is used to recognize returning visitors for security monitoring and site analytics
- Is not shared with any third party
Server Logs
Our web server logs each request:
| Data | Retention |
|---|---|
| IP address | 30 days |
| Requested URL (including UTM parameters) | 30 days |
| Session identifier | 30 days |
| Browser type (User-Agent) | 30 days |
| Referrer | 30 days |
Logs are used for security monitoring, error diagnostics, and aggregated analytics.
Cloudflare
Our CDN provider Cloudflare may set technical cookies (__cf_bm, cf_clearance) required for DDoS protection. These are strictly necessary and do not track behavior across websites.
How We Use Your Data
| Purpose | Data | Legal Basis |
|---|---|---|
| Respond to your inquiry | Contact form data | Legitimate interest, Art. 6(1)(f) GDPR |
| Send blog notifications | Subscriber email | Legitimate interest, Art. 6(1)(f) GDPR |
| Security and error monitoring | Server logs, session ID | Legitimate interest, Art. 6(1)(f) GDPR |
| Advertising effectiveness | UTM parameters, referral source | Legitimate interest, Art. 6(1)(f) GDPR |
| DDoS protection | Cloudflare cookies | Strictly necessary |
Data Sharing
We do not sell or share your personal data for marketing purposes. Data may be processed by:
- Cloudflare, Inc. — CDN and security (EU/US, Standard Contractual Clauses)
- SMTP provider — email delivery for contact form and subscriptions
Data Retention
| Data | Retention Period |
|---|---|
| Contact form submissions | 1 year |
| Blog subscriber emails | Until unsubscribed |
| Server logs | 30 days |
| Session cookie | 30 days (refreshed on each visit) |
Your Rights
Under GDPR you have the right to access, correct, delete, restrict processing of, or export your personal data. You also have the right to object to processing.
Contact us at contact form to exercise any of these rights.
Changes
We may update this policy. The current version is always available at this page.