Privacy Policy

Last Updated: October 14, 2025

1. Introduction

This Privacy Policy explains how Speedflow ("we," "us," or "our") collects, uses, and protects your personal information when you use our website speedflow.cc (the "Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Service Provider: Speedflow
Grzegorzecka 79c
Krakow, Poland
Email: info@speedflow.cc

2. Information We Collect

2.1 Information You Provide Directly

Registration Data:

  • Email address
  • Password (encrypted)

Early Access Form (via Tally):

  • Name
  • Email address
  • Profession
  • Marketing consent (opt-in for updates and early access information)

Website Analysis:

  • Webflow website URL you submit for analysis
  • Analysis results and recommendations

2.2 Automatically Collected Information

Analytics Data (Google Analytics 4):

  • Device information (browser type, operating system)
  • IP address (anonymized)
  • Pages visited and time spent
  • Referring websites
  • User interactions and events

Behavior Analytics (Hotjar):

  • Mouse movements and clicks
  • Scrolling behavior
  • Heatmaps of page interactions
  • Session recordings (anonymized)
  • Feedback and survey responses

Technical Data:

  • Cookies and similar tracking technologies
  • Log files (access times, error logs)

2.3 Payment Information

Payment processing is handled by Paddle. We do not store your credit card information. Paddle collects:

  • Billing name and address
  • Payment method details
  • Transaction history

Please review Paddle's Privacy Policy at https://www.paddle.com/legal/privacy for more information.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

  • Create and manage your account
  • Provide website analysis and recommendations
  • Process your subscription payments
  • Send service-related communications

3.2 Service Improvement

  • Analyze usage patterns to improve our Service
  • Conduct user research and testing
  • Fix bugs and technical issues
  • Develop new features

3.3 Marketing (with your consent)

  • Send newsletters and product updates
  • Notify you about new features and promotions
  • Conduct surveys and collect feedback

You can unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting us at info@speedflow.cc.

3.4 Legal Compliance

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide the Service you've subscribed to
  • Consent: For marketing communications and non-essential cookies
  • Legitimate Interest: To improve our Service, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We share your information only with trusted third-party service providers:

5.1 Service Providers

Tally - Form submission and data collection
Supabase - Database and authentication (servers located in Central Europe)
Paddle - Payment processing
Google Analytics 4 - Website analytics
Hotjar - User behavior analytics
Google Tag Manager - Tag management

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights and safety.

6. Data Retention

We retain your personal information for as long as:

  • Your account remains active
  • Necessary to provide the Service
  • Required by law (typically up to 7 years for financial records)

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal compliance.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

7.1 Right of Access

Request a copy of your personal data we hold

7.2 Right to Rectification

Correct inaccurate or incomplete data

7.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data

7.4 Right to Restrict Processing

Limit how we use your data

7.5 Right to Data Portability

Receive your data in a structured, machine-readable format

7.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes

7.7 Right to Withdraw Consent

Withdraw consent for data processing at any time

7.8 Right to Lodge a Complaint

File a complaint with your local data protection authority

To exercise any of these rights, contact us at info@speedflow.cc.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Our Cookie Policy provides detailed information about the cookies we use.

8.1 Cookie Categories

Strictly Necessary Cookies: Required for the Service to function (authentication, security)

Analytics Cookies: Help us understand how you use the Service (Google Analytics 4, Hotjar)

Marketing Cookies: Used to deliver relevant content and track campaign effectiveness

You can control cookies through our cookie consent banner and your browser settings.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (SSL/TLS)
  • Encrypted password storage
  • Regular security audits
  • Access controls and authentication
  • Secure data centers (Supabase - Central Europe)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your data is primarily stored in Central Europe (Supabase). Some service providers (Google, Hotjar, Paddle) may transfer data outside the EEA. These transfers are protected by:

  • Standard Contractual Clauses (SCCs)
  • Privacy Shield frameworks (where applicable)
  • Other lawful transfer mechanisms under GDPR

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights:

Email: info@speedflow.cc
Address: Grzegorzecka 79c, Krakow, Poland

GDPR Inquiries: info@speedflow.cc

We will respond to your request within 30 days as required by GDPR.

Supervisory Authority (Poland):
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl