Essentify

1. Introduction

Essentify ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Enterprise Resource Planning (ERP) system (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

3. Information We Collect

3.1 Information You Provide to Us

Account Information: name, email address, phone number, organization details
Authentication Data: passwords (encrypted), authentication tokens
Profile Information: profile pictures, preferences, language settings
Payment Information: billing address, payment method details (processed securely through third-party payment processors)
Communications: support requests, feedback, correspondence

3.2 Information Collected Automatically

Usage Data: pages visited, features used, time spent, interactions with the Service
Device Information: IP address, browser type and version, device type, operating system
Performance Data: page load times, errors, technical diagnostics (via Sentry)
Analytics Data: aggregated usage patterns (via Vercel Analytics and Speed Insights)

3.3 Information as Data Processor

When you use our Service as part of an organization, your organization (the Data Controller) determines what personal data is collected and processed. This may include:

Employee information, customer records, transaction data
Business operations data, inventory records, financial data
Any other data your organization chooses to store in the ERP system

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

4.1 Contract Performance (Art. 6(1)(b) GDPR)

Providing and maintaining the Service
Processing payments and managing accounts
Delivering customer support

4.2 Legitimate Interests (Art. 6(1)(f) GDPR)

Improving and optimizing the Service
Ensuring security and preventing fraud
Analyzing usage patterns to enhance user experience
Internal analytics and business operations

4.3 Legal Obligation (Art. 6(1)(c) GDPR)

Compliance with accounting, tax, and legal requirements
Responding to legal requests and court orders

4.4 Consent (Art. 6(1)(a) GDPR)

Optional features requiring explicit consent
Marketing communications (where applicable)

5. How We Use Your Information

We use collected information for:

Providing, operating, and maintaining the Service
Account management and authentication
Processing transactions and sending transaction-related communications
Customer support and responding to inquiries
Improving, personalizing, and expanding the Service
Understanding and analyzing usage patterns
Detecting, preventing, and addressing technical issues and security threats
Complying with legal obligations
Sending administrative information, updates, and security alerts

6. Third-Party Service Providers

We use trusted third-party services that may process your personal data:

6.1 Vercel Inc. (USA)

Purpose:: Hosting infrastructure, deployment, web analytics, and performance monitoring
Services:: Vercel Analytics (privacy-focused, cookieless analytics) and Speed Insights
Data Processed:: Anonymized usage data, performance metrics, IP addresses (anonymized)
Legal Basis:: Legitimate interests (service operation and improvement)
Safeguards:: Standard Contractual Clauses (SCCs), adequacy decisions where applicable
Privacy Policy:: https://vercel.com/legal/privacy-policy

6.2 Sentry (USA)

Purpose:: Error monitoring and performance tracking
Data Processed:: Error logs, stack traces, device information, IP addresses (anonymized)
Legal Basis:: Legitimate interests (service stability and security)
Safeguards:: Standard Contractual Clauses (SCCs)
Privacy Policy:: https://sentry.io/privacy/

6.3 Telegram Messenger LLP

Purpose:: Authentication via OTP (One-Time Password) and optional notifications
Data Processed:: Phone numbers, Telegram user IDs, message content for OTP delivery
Legal Basis:: Contract performance, consent for notifications
Privacy Policy:: https://telegram.org/privacy

We ensure all third-party processors:

Provide appropriate data protection guarantees
Process data only on our instructions
Implement appropriate technical and organizational security measures
Comply with GDPR requirements for international data transfers

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Ukraine and the European Economic Area (EEA), including the United States.

When we transfer personal data outside Ukraine/EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Other legally recognized transfer mechanisms under GDPR

These safeguards ensure your data receives an equivalent level of protection as within the EEA.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Some data, such as transaction records, may be retained permanently where required for legal, accounting, tax compliance, or legitimate business interests, in accordance with applicable laws and regulations.

Retention Periods:

Account Data: Retained while your account is active, then deleted or anonymized within 90 days of account closure
Transaction Records: Retained permanently for legal, accounting, tax compliance, and business record-keeping purposes. This includes payment transactions, invoices, receipts, and related financial documentation necessary for audit trails, dispute resolution, and regulatory compliance
Support Communications: Retained for 3 years
Analytics and Performance Data: Aggregated data retained indefinitely; individual-level data retained for 12 months
Error Logs (Sentry): Retained for 90 days

Data Processed on Behalf of Customers:

Retention is determined by our customers (Data Controllers)
We delete or return data upon customer instruction or contract termination

9. Data Security

We implement appropriate technical and organizational measures to protect personal data:

Encryption in transit (TLS/SSL) and at rest
Access controls and authentication mechanisms
Regular security assessments and updates
Employee training on data protection
Incident response procedures
Regular backups and disaster recovery plans

Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

10.1 Right of Access (Art. 15 GDPR)

Obtain confirmation of whether we process your data
Access your personal data and information about processing

10.2 Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete personal data

10.3 Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

Request deletion of your personal data under certain conditions

10.4 Right to Restriction of Processing (Art. 18 GDPR)

Restrict processing of your personal data under certain conditions

10.5 Right to Data Portability (Art. 20 GDPR)

Receive your personal data in a structured, commonly used, machine-readable format
Transmit your data to another controller

10.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests
Object to direct marketing at any time

10.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Withdraw consent for processing based on consent, without affecting prior processing

10.8 Right to Lodge a Complaint

File a complaint with a supervisory authority (data protection authority in Ukraine or your country)

Email:

contact@essentify.dev

Website:

essentify.dev

Address:

Kyiv, Solyana str., 70, apt. 38

Country:

Ukraine

We will respond to your request within one month. In complex cases, we may extend this period by two additional months.

11. Cookies and Tracking Technologies

11.1 Essential Cookies

We use essential cookies necessary for the Service to function:

Authentication and session management
Security and fraud prevention
User preferences and settings

11.2 Analytics

Vercel Analytics: Privacy-focused, cookieless analytics that collects anonymized usage data without identifying individual users
Vercel Speed Insights: Performance monitoring without cookies or personal identifiers

We do not use third-party advertising or tracking cookies.

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

12. Children's Privacy

Our Service may be used by individuals under 16 years of age when they visit our facilities (e.g., gyms, fitness centers) and create accounts.

Parental Consent Required

For children under 16 years of age, we require verifiable parental consent before processing their personal data. This consent must be provided by a parent or legal guardian.

Legal Basis for Processing Children's Data

We process personal data of children under 16 based on:

Verifiable parental consent (Art. 8 GDPR)
Contract performance (when a parent or guardian enters into a service agreement on behalf of the child)
Legitimate interests (ensuring safety and proper service delivery, where appropriate and in the child's best interests)

Data We Collect from Children

For children using our Service, we may collect:

Basic identification information (name, date of birth)
Contact information (if provided by parent/guardian)
Membership and service usage data
Health and fitness information (if relevant to the service)
Any other information necessary to provide the service safely and effectively

Parental Rights

Parents and legal guardians have the right to:

Access their child's personal data
Request correction of inaccurate data
Request deletion of their child's data
Withdraw consent for processing
Object to processing based on legitimate interests
Request data portability

Safeguards for Children's Data

We implement additional safeguards when processing children's data:

Requiring verifiable parental consent before account creation
Limiting data collection to what is necessary for the service
Using clear, age-appropriate language in communications
Implementing appropriate security measures
Restricting access to children's data to authorized personnel only

If you are a parent or guardian and have questions about your child's data, wish to exercise your rights, or believe your child has provided us with personal data without your consent, please contact us at contact@essentify.dev. We will respond promptly and take appropriate action.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware
Notify affected individuals without undue delay if the breach poses a high risk
Document the breach and our response in accordance with GDPR requirements

14. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

For material changes, we will provide prominent notice or seek consent where required by law.

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Us

For questions, concerns, or to exercise your rights regarding this Privacy Policy or your personal data, contact us: