Services About Contact
Legal

Privacy Policy

Last updated: June 30, 2026

This Privacy Policy is issued by LSM Soft sp. z o.o., with its registered seat at Pl. Solny 14/3, 50-062 Wrocław, Republic of Poland, in fulfilment of the information obligations set out in Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and the applicable provisions of Polish law, including the Act of 10 May 2018 on the Protection of Personal Data.

Table of Contents
  1. Data Controller
  2. Categories of Personal Data Processed
  3. Mobile Applications
  4. Purposes of Processing and Legal Basis
  5. Recipients of Personal Data
  6. Data Retention Period
  7. Rights of the Data Subject
  8. Cookies and Similar Technologies
  9. Technical and Organizational Security Measures
  10. International Transfers of Personal Data
  11. Right to Lodge a Complaint with the Supervisory Authority
  12. Amendments to this Policy
  13. Contact Information

1. Data Controller

This Privacy Policy (the "Policy") sets out the manner in which LSM Soft sp. z o.o. (the "Company," "LSM Soft," or "the Controller") collects, processes, stores, and protects personal data in connection with the operation of its website and the provision of related services. The Company acts as the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, "GDPR"), and is accordingly responsible for ensuring that all processing of personal data is conducted in accordance with applicable law.

Entity LSM Soft sp. z o.o.
Registered seat Pl. Solny 14/3, 50-062 Wrocław, Republic of Poland
Correspondence regarding data protection developer@lsm-soft.com

The Company has assessed that, in view of the nature, scope, and purposes of its data processing activities, it is not required to designate a Data Protection Officer ("DPO") pursuant to Article 37 GDPR. Notwithstanding the foregoing, all enquiries, requests, or concerns relating to the processing of personal data should be directed to the correspondence address set out above, and will be handled by the Company's designated personnel responsible for data protection matters.

2. Categories of Personal Data Processed

The Company processes personal data solely to the extent that such data is voluntarily provided by the data subject (the "User" or "you"), for instance through the submission of the contact form available on the website. The Company does not currently employ cookies, analytics services, tracking pixels, or any comparable technologies on the website.

2.1 Contact form submissions

In connection with the submission of an enquiry through the website's contact form, the Company processes the following categories of personal data:

No personal data is, at present, collected automatically through the website. In the event the Company subsequently introduces analytics, tracking, or similar technologies, this Policy shall be amended accordingly, and, where required under applicable law, the prior consent of the User shall be obtained.

3. Mobile Applications

This Section applies to the mobile applications published by the Company on the Apple App Store and Google Play (each, an "App"). This Policy also serves as the privacy policy for such Apps, as both platforms require every listed application to link to a publicly accessible privacy policy maintained by its publisher. The other Sections of this Policy (data controller, your rights, complaints, and contact) apply equally to the Apps.

On-device data

Most of the Company's Apps operate without a user account and do not require registration or sign-in. Data you enter in an App — for example, profile or onboarding information and your preferences — together with content generated as you use it, is stored locally on your device. Unless an App expressly states otherwise, this data is not copied to the Company's servers, and the App's core features work on the device, including offline.

Technical data processed via service providers

Depending on the App's features, the following limited technical data may be processed through the service providers named below:

Notifications

Where you enable them, the Apps send notifications via Firebase Cloud Messaging or the Apple Push Notification service. You can turn notifications off at any time in the App or in your device settings.

Subscriptions and payments

Where an App offers paid features, purchase and payment are handled entirely by the App Store (Apple) or Google Play (Google). The Company does not receive or store your payment card data. Terms of payment, renewal and refunds are governed by the rules of the relevant app store.

Advertising and tracking

The Apps contain no advertising and no advertising SDKs. The Company does not sell your data and does not carry out cross-app or cross-site advertising tracking.

Third-party service providers

Data deletion

Because App data is stored on your device, uninstalling an App removes it. Requests concerning data may also be sent to the contact address in this Policy.

Children

The Apps are not directed at children, and the Company does not knowingly collect data from children under the applicable age of digital consent. If you believe a child has provided data, please contact the Company and it will be deleted.

4. Purposes of Processing and Legal Basis

Purpose of processing Legal basis under the GDPR
Receipt, evaluation, and response to enquiries submitted via the contact form Article 6(1)(f) GDPR — legitimate interest of the Controller in responding to business enquiries; or, where applicable, Article 6(1)(b) GDPR — processing necessary for steps taken at the request of the data subject prior to entering into a contract

The Company shall not process personal data for any purpose incompatible with that for which it was originally collected, save where an additional, specific legal basis applies, including the separately obtained consent of the data subject or an applicable statutory obligation.

5. Recipients of Personal Data

The Company does not sell, rent, or otherwise commercially trade in personal data. Personal data is disclosed only to the following categories of recipients, and only to the extent strictly necessary for the operation of the website and the handling of User enquiries:

Recipient Purpose of disclosure
Netlify, Inc. (hosting provider) Provision of website hosting infrastructure; transmission of data submitted via the contact form
The Company's electronic mail service provider Delivery of contact form submissions to the Company's internal mailbox
Apple Inc. and Google LLC (mobile application distribution platforms) Where a User installs a mobile application of the Company through the Apple App Store or Google Play, certain data necessary for distribution, such as device and account identifiers, download and installation records, and, where applicable, in-app purchase information, is processed by the respective platform operator. See Section 9 below for further detail

This Policy also serves as the privacy policy for any mobile application published by the Company on the Apple App Store and Google Play, as both platforms require every listed application to link to a publicly accessible privacy policy maintained by its publisher. As of the date of this Policy, the Company's mobile applications do not themselves independently collect, process, or transmit any personal data, and do not maintain a separate privacy policy; they instead link to this Policy in fulfilment of that platform requirement. This does not affect the data necessarily processed by Apple and Google in their capacity as distribution platforms, described in the table above and in Section 9 below.

Should this change in the future, for example if a mobile application of the Company begins collecting device identifiers, usage analytics, or crash diagnostics, this Policy will be updated accordingly to describe such processing before it takes place, and the relevant application's own listing (the App Privacy section on the App Store, or the Data Safety section on Google Play) will be updated to reflect the same.

The Company does not disclose personal data to advertising networks, data brokers, or any third party for marketing purposes, and shall not do so in the future without first amending this Policy and, where required, obtaining the prior consent of the data subject.

6. Data Retention Period

Category of data Retention period
Contact form submissions (name, surname, email address, message content) A period of up to twelve (12) months from the date of submission, or until final resolution of the relevant enquiry, whichever period is longer

Where a data subject requests earlier erasure of their personal data, the Company shall comply with such request within thirty (30) days, save where retention for a longer period is mandated by applicable law (including, without limitation, accounting or tax-related retention obligations arising from an actual commercial engagement).

7. Rights of the Data Subject

Pursuant to Chapter III of the GDPR, every data subject is entitled to exercise the following rights with respect to their personal data:

Any of the foregoing rights may be exercised by submitting a written request to developer@lsm-soft.com. The Company shall respond without undue delay and, in any event, within one (1) month of receipt of the request, in accordance with Article 12(3) GDPR.

8. Cookies and Similar Technologies

The website does not, as of the date of this Policy, employ cookies, web beacons, analytics services, or any comparable tracking technology. Accordingly, no monitoring of User browsing behaviour is undertaken by the Company through this website.

Should the Company introduce cookies at a future date (for instance, for the purpose of website analytics), this Section shall be amended accordingly, a cookie consent banner shall be implemented, and the prior consent of the User shall be obtained before any non-essential cookie is placed on the User's device.

9. Technical and Organizational Security Measures

In accordance with Article 32 GDPR, the Company implements appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including, in particular:

In the event of a personal data breach giving rise to a risk to the rights and freedoms of natural persons, the Company shall notify the competent Polish supervisory authority (UODO) without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33 GDPR, and shall communicate the breach to the affected data subjects where required under Article 34 GDPR.

10. International Transfers of Personal Data

The website is hosted by Netlify, Inc., an entity established in the United States of America. To the extent that the foregoing hosting arrangement entails the transfer of personal data outside of the European Economic Area, such transfer is undertaken in reliance upon appropriate safeguards, including Standard Contractual Clauses approved by the European Commission pursuant to Article 46(2)(c) GDPR, so as to ensure that the data subject's personal data continues to benefit from a level of protection substantially equivalent to that guaranteed within the European Union.

Further information regarding Netlify's data protection practices is available at the following address:

netlify.com/privacy

The Company's mobile applications, as of the date of this Policy, do not independently collect any personal data beyond what is necessary to operate within the Apple App Store and Google Play. However, by virtue of distributing applications through these platforms, certain data, such as device and account identifiers, download and installation records, and, where applicable, in-app purchase information, is necessarily processed by Apple Inc. and Google LLC, respectively, in their capacity as the operators of those platforms, both entities established in the United States. This processing is governed by each platform's own privacy policy, available at:

apple.com/legal/privacy
policies.google.com/privacy

Should the Company's mobile applications begin independently collecting additional personal data in the future, this Section and Section 4 above will be updated accordingly before such collection takes place.

11. Right to Lodge a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, every data subject who considers that the processing of personal data relating to them constitutes an infringement of the GDPR has the right to lodge a complaint with a supervisory authority, in particular with the supervisory authority of the Member State of their habitual residence, place of work, or place of the alleged infringement. The competent supervisory authority in the Republic of Poland is:

Supervisory authority Urząd Ochrony Danych Osobowych (the Polish Data Protection Authority, "UODO")
Address ul. Stawki 2, 00-193 Warszawa, Republic of Poland
Website uodo.gov.pl

The Company respectfully requests that, prior to lodging any such complaint, the data subject afford the Company a reasonable opportunity to address the matter directly, by contacting developer@lsm-soft.com.

12. Amendments to this Policy

The Company reserves the right to amend this Policy from time to time, including, without limitation, where it introduces new functionalities, technologies (such as cookies or analytics tools), or services. Any such amendment shall be published on this page together with an updated revision date set out at the head of this Policy. Data subjects are advised to consult this page periodically in order to remain informed of the then-current version of this Policy.

13. Contact Information

All enquiries concerning this Policy or the Company's processing of personal data should be directed as follows:

Entity LSM Soft sp. z o.o.
Electronic mail developer@lsm-soft.com
Registered seat Pl. Solny 14/3, 50-062 Wrocław, Republic of Poland