Privacy Policy

Privacy Policy of the commentslab.ai Service

effective from June 27, 2025

§ 1. General Provisions

  1. This Privacy Policy (hereinafter: "Policy") defines the rules for the processing and protection of personal data of Users in connection with their use of the website available at https://commentslab.ai (hereinafter: "Service"), provided in the SaaS (Software as a Service) model.
  2. The Controller of Users' Personal Data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR", is SENTERO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ.
  3. The purpose of the Policy is to provide Users with detailed information about what personal data is collected, for what purpose, on what legal basis, how it is used, to whom it is disclosed, and how it is protected.

§ 2. Personal Data Controller

  1. The controller of your personal data is: SENTERO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. Tadeusza Kościuszki 32, 21-100 Lubartów NIP: 7142055397, REGON: 388662223, KRS: 0000894952
  2. In matters concerning the processing of your personal data and exercising your rights under the GDPR, you can contact us via e-mail: [email protected].

§ 3. Purposes, Legal Bases, and Scope of Data Processing

We process your personal data for the following purposes:

Purpose of processingLegal basis (GDPR)Scope of processed data
Provision of electronic services – including creating and managing a User account in the Service, ensuring its proper functioning, and executing the service agreement.Art. 6(1)(b) GDPR (necessity for the performance of a contract)E-mail address, password (encrypted), data provided in the User profile (e.g., first name, last name, company name).
Enabling login via Google and Facebook platforms.Art. 6(1)(a) GDPR (your voluntary consent)First name, last name, e-mail address, public profile picture URL, unique User identifier on the given platform.
Handling inquiries and communication – responding to questions sent via the contact form or to the e-mail address.Art. 6(1)(f) GDPR (our legitimate interest, consisting in handling correspondence)First name, e-mail address, content of the inquiry, and other data voluntarily provided during communication.
Direct marketing and newsletter dispatch – informing about news, promotions, and the Controller's own services.Art. 6(1)(a) GDPR (your voluntary consent)First name, e-mail address.
Analysis and statistics – conducting statistical analyses of traffic on the Service and User behavior to improve our services (e.g., using Google Analytics, Facebook Pixel).Art. 6(1)(a) GDPR (your voluntary consent expressed through cookie settings)IP address (anonymized), device data, browser, operating system, demographic data, data on interaction with the Service.
Pursuing and defending against claims and ensuring the security of the Service.Art. 6(1)(f) GDPR (our legitimate interest)Login data, IP address, data necessary to prove a claim.
[TO BE EDITED / IMPLEMENTED AT PAYMENT LAUNCH]
Handling payments and fulfilling legal and tax obligations.		Art. 6(1)(b) GDPR (necessity for the performance of a contract) and Art. 6(1)(c) GDPR (legal obligation arising from accounting and tax regulations)First name and last name, address details, company data, NIP number, transaction details. Payment card data is not stored by us – it is handled by an external payment operator (e.g., Stripe).

§ 4. Data Recipients

  1. For the proper functioning of the Service, your personal data may be entrusted to third parties for processing. We always ensure that our partners provide the highest standard of data protection.
  2. The recipients of your data may be:
    • Hosting service provider: Hetzner Online GmbH (Germany) – for the purpose of storing Service data on servers.
    • Providers of analytical and marketing tools:
      • Google LLC (USA) – in connection with the use of Google Analytics.
      • Meta Platforms, Inc. (USA) – in connection with the use of Facebook Pixel and the login mechanism.
    • [TO BE EDITED / IMPLEMENTED AT PAYMENT LAUNCH]
      Payment operators: e.g., Stripe, Inc. (USA) – for the purpose of handling payments for services.
    • Law firms, accounting offices, debt collection companies: to the extent necessary to pursue our legitimate interests.
    • Authorized state authorities: on the basis and within the limits of applicable law.

§ 5. Transfer of Data Outside the European Economic Area (EEA)

  1. In connection with the use of services from entities such as Google, Meta (Facebook), and [possibly Stripe], your personal data may be transferred to third countries, in particular to the United States.
  2. The legal basis for such a transfer is the Standard Contractual Clauses (SCC) approved by the European Commission, which ensure an adequate level of protection for your personal data. You can find more information on this topic in the privacy policies of the respective providers.

§ 6. Data Retention Period

We store your personal data for the period necessary to achieve the purposes for which it was collected:

  • Service account data: for the entire duration of having an active account, and after its deletion for the period necessary to pursue or defend against claims (usually up to 3 years).
  • Data processed based on consent (e.g., newsletter, analytics): until you withdraw your consent.
  • Communication data: for the period necessary to resolve the matter, and then for archival purposes for up to 3 years.
  • Data for accounting and tax purposes: for the period required by law, i.e., 5 years from the end of the calendar year in which the tax obligation arose.

§ 7. User Rights

In connection with our processing of your personal data, you have the following rights:

  1. Right of access to data (Art. 15 GDPR).
  2. Right to rectification of data (Art. 16 GDPR).
  3. Right to erasure of data ("right to be forgotten") (Art. 17 GDPR).
  4. Right to restriction of processing (Art. 18 GDPR).
  5. Right to data portability (Art. 20 GDPR).
  6. Right to object to the processing of data based on our legitimate interest (Art. 21 GDPR).
  7. Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  8. Right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

To exercise these rights, please contact us at the e-mail address: [email protected].

§ 8. Cookies and Tracking Technologies

  1. The Service uses cookies (small text files saved on the User's device) and other similar technologies.
  2. We use the following types of cookies:
    • Necessary: essential for the proper functioning of the Service, e.g., to maintain a session after logging in. They do not require your consent.
    • Analytical: used to collect statistical data about how the Service is used (e.g., Google Analytics).
    • Marketing: used to personalize advertisements and marketing activities (e.g., Facebook Pixel).
  3. During your first visit to the Service, an information banner is displayed, through which you can consent to the use of analytical and marketing cookies or manage them. You can change your decision at any time in the Service or browser settings.

§ 9. Changes to the Privacy Policy

  1. We reserve the right to make changes to this Privacy Policy.
  2. We will inform Users of any changes by publishing the new content of the Policy on the Service and, in the case of significant changes, by e-mail.
  3. The current version of the Privacy Policy is always available at https://commentslab.ai/en/privacy-policy.