Privacy Policy

Last updated: 2026-05-11 · Governing law: GDPR (EU 2016/679) and Czech Act No. 110/2019 Coll.

This policy explains how Tetrakt.io ("we", "us") collects, uses, and protects personal data when you visit tetrakt.io or contact us through the form on this site. It is written to comply with the General Data Protection Regulation (GDPR) and the Czech Act No. 110/2019 Coll. on the processing of personal data.

1. Who is the data controller

The data controller is Tetrakt.io:

Trading name: Tetrakt.io
Company registration No. (IČO): —
VAT ID (DIČ): —
Registered address: —, Prague, Czech Republic
Contact: info@tetrakt.io

Formal registration details will be added once the legal entity is finalized. For any privacy-related question, request, or complaint, write to the contact email above — this is the authoritative channel.

We have not appointed a Data Protection Officer; we are not required to under Art. 37 GDPR.

2. What personal data we collect

We process the following categories of personal data:

• Contact form submissions: name, work email, optional company name, optional company website, optional LinkedIn URL, the service you are interested in, project timeline, budget range, your free-text message, and the submission timestamp.
• Anti-spam verification: a Cloudflare Turnstile token generated when you submit the form. It allows us to confirm the request did not come from automated abuse; it is not a tracking identifier.
• Server and network metadata: IP address, user agent, referrer, and timestamp, automatically logged by Cloudflare (our hosting provider) for security and operational purposes.

We do not use analytics cookies, advertising trackers, or fingerprinting on this site.

3. Why we process it (purposes and legal bases)

• To respond to your inquiry and prepare a possible engagement. Legal basis: performance of pre-contractual measures at your request, Art. 6(1)(b) GDPR.
• To acknowledge that you have read this Privacy Policy when you submit the contact form. Legal basis: consent, Art. 6(1)(a) GDPR. Acknowledgment is required to submit the form; you can withdraw it at any time, in which case we will delete the data we hold on you.
• To prevent spam and abuse. Legal basis: legitimate interest in protecting the integrity of our service, Art. 6(1)(f) GDPR.
• To comply with our legal obligations (accounting, tax, statutory record-keeping) where applicable. Legal basis: Art. 6(1)(c) GDPR.

4. Who has access to your data

We share personal data only with processors that perform specific operations on our behalf under a written data processing agreement, and only to the extent strictly necessary:

• Cloudflare, Inc. — website hosting, content delivery, and the Turnstile anti-spam challenge. Data may transit through global infrastructure.
• Google LLC — the contact form currently routes through a Google Apps Script web app that stores submissions in a Google Sheet and sends an email notification. (We plan to migrate this to a self-hosted endpoint using Resend.com; this policy will be updated when the change is live.)

We do not sell personal data, and we do not share it with third parties for advertising or unrelated purposes.

5. Transfers outside the EU/EEA

Cloudflare and Google may process data outside the European Economic Area, including in the United States. These transfers are protected by the European Commission's Standard Contractual Clauses and, for transfers to the US, by the EU–US Data Privacy Framework where the recipient is certified.

6. How long we keep your data

• Contact form submissions: until we respond and complete any follow-up conversation, and for up to 24 months afterwards for the purpose of context if you contact us again. If you ask us to delete it sooner, we do.
• Active client communications and contracts: for the duration of the engagement and the statutory retention period for invoicing and accounting records under Czech law (currently up to 10 years for some accounting documents).
• Server logs: retained by Cloudflare per their own policy (typically days to weeks).

7. Your rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — a copy of the data we hold on you.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure (Art. 17) — "right to be forgotten".
• Right to restriction (Art. 18) — limit how we process your data.
• Right to data portability (Art. 20) — receive your data in a machine-readable format.
• Right to object (Art. 21) — to processing based on legitimate interest.
• Right to withdraw consent (Art. 7) — for any processing based on consent, with no effect on the lawfulness of prior processing.
• Right not to be subject to automated decision-making (Art. 22) — we do not perform automated decision-making with legal effects.

To exercise any right, email info@tetrakt.io. We respond within 30 days. We may ask you to verify your identity before disclosing or acting on personal data.

8. Right to lodge a complaint

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Czech supervisory authority:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
uoou.gov.cz · posta@uoou.gov.cz

9. Cookies and similar technologies

Tetrakt.io does not set its own analytics or advertising cookies. The following third-party scripts run on this site and may set technical cookies or store data in your browser for their functioning:

• Google Fonts — serves the typefaces used on the site. Google may record your IP address as part of the request.
• Cloudflare Turnstile — loaded on the contact form to verify you are a human. It may set short-lived technical cookies and inspect basic browser signals; it is not a tracker.
• unpkg.com — serves the Three.js library used for the background animation. No cookies; only logs the request server-side.

Because we set no profiling or advertising cookies of our own, no cookie banner is required under the ePrivacy Directive for this site. If we add analytics or any non-essential cookies in the future, we will request your consent first.

10. Children's data

Tetrakt.io is a B2B service. We do not knowingly direct our services to children and we do not knowingly collect personal data from anyone under the age of 16. If we learn that we have inadvertently collected data from a child, we will delete it without delay.

11. Security

We apply appropriate technical and organizational measures to protect personal data: TLS for all data in transit, encrypted storage by our processors, minimum-necessary access controls, and an incident response process. No system is 100% secure; if a personal-data breach affects you, we will notify you and the supervisory authority as required by Art. 33 and Art. 34 GDPR.

12. Changes to this policy

We may update this policy when our practices, processors, or applicable law change. The "Last updated" date at the top of this page reflects the latest revision. Material changes that affect how we process your data will be flagged on the homepage prior to taking effect.

13. Contact

Questions, requests, or complaints regarding this policy or your personal data: info@tetrakt.io.