Privacy Policy
Last updated: 5 July 2026
1. Who is responsible for your data
The controller of personal data processed through this website (prowny.com) is Miroslav Tichý, Žiar 144, 032 05 Žiar, Slovakia (“Prowny”, “we”, “us”).
For anything related to your personal data, contact us at hello@prowny.com. We are a small operation — the person reading your message is the same person responsible for protecting your data.
2. What data we process, why, and on what legal basis
a) Project intake & contact (the “Start a project” form)
- Data: your name, work email, company name, and the information you choose to share about your project (industry, size, timeline, goals, stakeholders, notes).
- Purpose: to understand your inquiry, prepare for a discovery call, and respond with a proposal.
- Legal basis: taking steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR).
- Providing this data is voluntary — but without it we can't respond to your inquiry. There is no statutory obligation to provide it.
b) Email correspondence
- Data: your email address and the content of our correspondence.
- Purpose: answering your questions and communicating about a potential or ongoing engagement.
- Legal basis: pre-contractual steps (Art. 6(1)(b) GDPR) or our legitimate interest in business communication (Art. 6(1)(f) GDPR).
c) Technical operation of the website
- Data: IP address and technical request data processed transiently by our infrastructure provider (Cloudflare) to deliver the site, balance load and block attacks. We do not build visitor profiles from this data.
- Purpose: serving the website securely and reliably.
- Legal basis: our legitimate interest in operating a secure website (Art. 6(1)(f) GDPR).
d) Anonymous traffic measurement
- We use Cloudflare Web Analytics, a privacy-first tool that works without cookies, without fingerprinting and without cross-site tracking, and does not collect personal data. It gives us aggregate numbers (page views, referrers, countries) — never individual visitor profiles.
3. Cookies and local storage
This website uses no tracking cookies and no advertising or analytics cookies — which is why you don't see a cookie banner. The only thing stored in your browser is a single technical flag in local storage (prowny_seen_intro) that prevents the homepage intro animation from replaying on every visit. It contains no personal data, is not shared with anyone, and never leaves your device. You can remove it at any time by clearing your browser's site data.
Should we ever introduce marketing or analytics cookies, we will ask for your consent first through a proper consent banner, as required by law.
4. Who has access to your data (recipients & processors)
We don't sell your data and we don't share it with anyone for marketing. Your data is handled by:
- Cloudflare, Inc. (USA/EU) — hosting, content delivery, security and cookieless analytics for this website, and routing of our email. Cloudflare processes data under the EU Standard Contractual Clauses and is certified under the EU–U.S. Data Privacy Framework.
- Cloudflare D1 database — storage of intake form submissions, on the same Cloudflare infrastructure as the website. For rate-limiting we store only a salted, irreversible hash — never your raw IP address.
- Our own self-hosted automation server (EU) — receives a copy of your submission to notify us; operated by us, not a third party.
- Google Ireland Ltd. (Gmail) — our email inbox provider, used to receive and answer your messages. Google is certified under the EU–U.S. Data Privacy Framework.
All processors are bound by data processing agreements and process your data only on our instructions.
5. Transfers outside the EU/EEA
We keep processing in the EU/EEA wherever possible. Where a provider (Cloudflare, Google) may process data in the United States, the transfer is safeguarded by an adequacy decision — the EU–U.S. Data Privacy Framework (Art. 45 GDPR) — and/or Standard Contractual Clauses (Art. 46 GDPR).
6. How long we keep your data
- Intake submissions that don't lead to an engagement: deleted within 12 months of our last contact.
- Submissions that lead to an engagement: kept for the duration of the engagement and thereafter as required by statutory retention periods (accounting, tax and contract records).
- Email correspondence: kept as long as relevant for the business relationship, then deleted.
7. Your rights
Under the GDPR you have the right to:
- access your personal data and receive a copy (Art. 15),
- rectification of inaccurate or incomplete data (Art. 16),
- erasure (“right to be forgotten”, Art. 17),
- restriction of processing (Art. 18),
- data portability — receiving your data in a machine-readable format (Art. 20),
- object to processing based on our legitimate interest (Art. 21),
- withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, email hello@prowny.com. We respond within 30 days at the latest.
You also have the right to lodge a complaint with a supervisory authority — in Slovakia, the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR, dataprotection.gov.sk), or the authority of your EU member state of residence.
8. No automated decision-making
We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR. Every inquiry is read and evaluated by a human.
9. How we protect your data
All traffic to and from this website is encrypted (HTTPS/TLS). Form submissions are stored on access-controlled infrastructure, limited to the people who need them to respond to you. We collect only the data we actually need (data minimisation) and delete it when it's no longer needed.
10. Changes to this policy
If we change how we process personal data — for example by introducing new tools — we will update this policy and the “Last updated” date above before the change takes effect.