Privacy Policy
Last updated: April 10, 2026
1. Introduction
BINARY BRAIN TECHNOLOGIES SP. Z O.O. (“we”, “us”) operates Declario (https://declario.app). This Privacy Policy explains how we collect, use, and protect your personal data in compliance with GDPR and applicable data protection laws.
2. Data Controller
BINARY BRAIN TECHNOLOGIES SP. Z O.O.
NIP: 7133142056
REGON: 54334690400000
KRS: 0001207918
Email: hello@declario.app
3. Data We Collect
3.1 Account Data
- Name, email address (provided during registration)
- Authentication data (managed by Supabase Auth)
- Workspace and team information
3.2 Proposal Data
- Proposals you create, including text, pricing, and attachments
- Client contact information you enter
- Comments and interactions on proposals
3.3 Tracking Data (Proposal Analytics)
- When a proposal recipient opens a proposal page
- Which sections they view and time spent
- Scroll depth and engagement patterns
- Device type (desktop/mobile/tablet)
- IP addresses are hashed (SHA-256) before storage — we never store raw IP addresses
- No cookies are used for tracking proposal viewers
3.4 Payment Data
- Payments are processed by Paddle (paddle.com) as Merchant of Record
- We do not store credit card numbers or payment details
- Paddle’s privacy policy applies to payment processing
3.5 Technical Data
- Browser type and version
- Access logs (server-side)
4. How We Use Your Data
- To provide and maintain the Service
- To send you proposal analytics and notifications
- To process payments (via Paddle)
- To communicate with you about your account
- To improve the Service
5. Legal Basis (GDPR)
- Contract performance: processing necessary to provide the Service
- Legitimate interest: analytics, security, service improvement
- Consent: marketing communications (opt-in)
6. Data Sharing
We share data with:
- Supabase — database and authentication hosting
- Paddle — payment processing
- Resend — transactional emails
- Vercel — application hosting
- Anthropic — AI content generation (Claude API)
We do not sell your data to third parties.
7. Data Retention
- Account data: retained while your account is active + 30 days after deletion
- Proposal data: retained while your account is active
- Tracking data: retained for 2 years, then automatically deleted
- Payment records: retained as required by law (5 years)
8. Your Rights (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
To exercise these rights, contact us at hello@declario.app.
9. Data Security
- All data is encrypted in transit (TLS) and at rest
- Row-level security ensures workspace data isolation
- IP addresses are hashed before storage
- Regular security audits
10. International Transfers
Your data is primarily processed in the EU (Supabase EU region). Some data is transferred outside the EU/EEA to the following providers: Resend (US) and Anthropic (US). For all such transfers, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
12. Children
The Service is not intended for users under 18 years of age.
13. Changes to This Policy
We will notify you of material changes via email. The latest version is always available at https://declario.app/privacy.