Privacy Policy
Last updated: 26 May 2026
This Privacy Policy explains how sinka s.r.o. ("we", "us", or "our"), the operator of PlotiQ, collects, uses, stores, shares, and protects personal data. It is prepared in accordance with Regulation (EU) 2016/679 (GDPR), Slovak Act No. 18/2018 Coll. on Personal Data Protection, and other applicable Slovak and EU data protection rules.
PlotiQ is a visualization service for a broad range of users, including private individuals and professional users. Depending on the content you upload, project photographs may contain personal data about you or other people.
We try to collect only the personal data that is reasonably necessary to provide, secure, maintain, improve, and legally operate the Service. We do not sell personal data. We do not use advertising cookies or third-party tracking scripts in the PlotiQ application.
1. Scope of This Privacy Policy
This Privacy Policy applies to:
- The PlotiQ web application.
- The PlotiQ website and public pages that link to this Privacy Policy.
- Accounts, projects, uploaded content, generated results, support requests, billing records, and related communications.
- Demo, preview, beta, or trial features where they are provided through PlotiQ.
This Privacy Policy does not apply to third-party websites, products, services, or integrations that have their own privacy policies.
For some processing, we act as a controller, for example when we manage your account, billing, security, and support. For some content uploaded by professional users or organizations, you may act as an independent controller and we may process the data on your behalf as part of providing the Service. See Section 8 for more details.
2. Data Controller
sinka s.r.o. Námestie osloboditeľov 3/A Košice - mestská časť Staré Mesto 040 01, Slovak Republic Company registration number: 54 866 944 Website: www.sinkasystems.sk
Email: info@plotiq.sk
We have not appointed a data protection officer because we are not currently required to do so under GDPR Art. 37. You can contact us about privacy matters at the email address above.
3. Personal Data We Collect
We collect personal data in three main ways:
- Data you provide directly.
- Data generated when you use the Service.
- Data received from third-party providers that help us provide the Service, such as authentication or payment providers.
3.1 Account Data
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication, service communications |
| Account identifiers and settings | Account management, language settings, security, support |
| Name, company name, billing details, or contact details, if provided | Invoicing, support, account identification, business communication |
| Optional profile or workspace information, if provided | Personalizing or organizing your account |
You are not required to provide optional profile information unless a feature clearly needs it.
3.2 Project Content
| Data | Purpose |
|---|---|
| Photographs you upload | Generating and storing visualizations |
| Style reference images you upload or select | Generating visualizations |
| Marked zones, coordinates, labels, prompts, and generation settings | Producing the requested visualization |
| Preview images and server-rendered composites | Showing non-AI previews and helping you prepare visualizations |
| AI-generated result images | Delivering, storing, and sharing finished visualizations |
| Project names, notes, and metadata | Organizing your workspace and support troubleshooting |
Uploaded photographs may show houses, gardens, land, neighboring properties, people, vehicles, license plates, addresses, or other identifying details. Please avoid uploading unnecessary personal data and obtain any required permissions before uploading content involving other people or third-party property.
3.3 Billing and Transaction Data
| Data | Purpose |
|---|---|
| Credit balance and credit transactions | Billing, account management, fraud prevention |
| Order history, invoices, tax records, and payment status | Accounting, tax compliance, customer support |
| Payment details entered at checkout | Payment processing by Stripe or another payment provider, if enabled |
| Manual payment information, such as variable symbol, payment reference, and billing details | Matching payments, issuing invoices, assigning credits |
We do not store full payment card numbers. Payment card processing, if enabled, is handled by the payment provider.
3.4 Support, Communications, Feedback, and Forms
| Data | Purpose |
|---|---|
| Messages you send us by email, form, or other contact method | Responding to support requests, complaints, privacy requests, and feedback |
| Feedback, feature requests, bug reports, or testimonials you choose to provide | Improving the Service, support, product decisions, and, where separately approved, public references |
| Administrative notices | Service, legal, security, payment, and account communications |
If you approve a testimonial, case study, review, or public reference, we may publish the information you approved. You can contact us if you want it updated or removed, subject to reasonable technical and legal limits.
3.5 Usage and Technical Data
| Data | Purpose |
|---|---|
| Session tokens and authentication cookies | Keeping you securely logged in |
| IP address, timestamps, request paths, user agent, and error logs | Security monitoring, debugging, abuse prevention |
| Rate-limit counters and security events | Protecting the Service from abuse and overload |
| Device, browser, operating system, language, and approximate technical information | Compatibility, troubleshooting, security, and improving reliability |
| Feature usage events, errors, performance information, and storage usage | Maintaining, debugging, and improving the Service |
We may use application logs and internal technical records to understand errors, performance issues, feature reliability, and abuse patterns. We do not use this information for third-party advertising.
3.6 Data From Third Parties
We may receive limited personal data from third parties where needed to provide the Service, such as:
- Authentication providers, if you sign in using a third-party login method.
- Payment providers, if you purchase credits through a checkout provider.
- Banks or payment records, if you pay by bank transfer.
- Publicly available or business contact information, if you contact us as a business prospect or customer.
- Referral information, if another person or business gives us your contact details for a specific business purpose.
If someone gives us your contact details, we use them only for the reason they were provided, such as responding to an inquiry, setting up a demo, or contacting you about PlotiQ.
4. How We Use Personal Data
We process personal data to:
- Create, secure, and manage accounts.
- Provide AI-assisted visualization features requested by you.
- Provide non-AI preview, demo, beta, or trial features.
- Store projects and generated results in your workspace.
- Enable optional share links for selected results.
- Process credit purchases, invoices, accounting records, and refunds.
- Match manual bank payments and assign credits.
- Provide support, handle complaints, and respond to privacy requests.
- Send service announcements, security messages, legal notices, billing messages, and other administrative communications.
- Send newsletters or marketing communications only where we have a valid legal basis and where required, your consent.
- Monitor, secure, debug, maintain, and improve the Service.
- Enforce our Terms of Service and prevent fraud, spam, misuse, security incidents, or illegal activity.
- Comply with legal, accounting, tax, regulatory, and consumer protection obligations.
- Establish, exercise, or defend legal claims.
5. Legal Bases for Processing
| Processing Activity | Legal Basis under GDPR |
|---|---|
| Creating and managing your account | Performance of contract - Art. 6(1)(b) |
| Generating, previewing, storing, and displaying visualizations | Performance of contract - Art. 6(1)(b) |
| Sharing results through links you activate | Performance of contract - Art. 6(1)(b) |
| Support and service communications | Performance of contract - Art. 6(1)(b), legitimate interests - Art. 6(1)(f) |
| Security monitoring, abuse prevention, debugging | Legitimate interests - Art. 6(1)(f) |
| Product maintenance and service improvement | Legitimate interests - Art. 6(1)(f) |
| Billing, invoices, accounting, tax records | Legal obligation - Art. 6(1)(c) |
| Manual payment matching and credit assignment | Performance of contract - Art. 6(1)(b), legitimate interests - Art. 6(1)(f), legal obligation - Art. 6(1)(c) where applicable |
| Marketing emails or newsletters | Consent - Art. 6(1)(a), or legitimate interests - Art. 6(1)(f) where permitted |
| Testimonials, case studies, or public references | Consent - Art. 6(1)(a), or legitimate interests - Art. 6(1)(f) where appropriate |
| Handling legal claims and enforcing terms | Legitimate interests - Art. 6(1)(f), legal obligation - Art. 6(1)(c) where applicable |
| Responding to GDPR rights requests | Legal obligation - Art. 6(1)(c) |
Where we rely on legitimate interests, those interests include operating a secure and reliable service, preventing abuse, protecting users and third parties, improving functionality, communicating with business users, and protecting our legal rights. You may object to processing based on legitimate interests as described in Section 13.
Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that already took place before the withdrawal.
6. Your Choices
You have choices about how your personal data is used:
- You can choose not to provide optional profile or workspace information.
- You can avoid uploading photographs or references that contain unnecessary personal data.
- You can delete projects or generated results where the Service provides that option.
- You can disable public share links where the Service provides that option.
- You can unsubscribe from non-essential marketing emails by using the unsubscribe link or contacting us.
- You cannot opt out of essential service, security, legal, billing, or administrative messages because they are part of operating the Service.
- You can disable cookies in your browser, but strictly necessary cookies or storage may be required for the Service to work.
7. Content Involving Other People
If you upload content that contains personal data about another person, you are responsible for ensuring that you have the right and legal basis to do so. This may include obtaining consent, relying on another lawful basis, respecting property and privacy rights, and informing affected people where required.
Professional users and organizations may act as independent controllers for personal data they decide to upload to PlotiQ. In those cases, you remain responsible for your own GDPR obligations toward the people whose data you process.
Please do not upload special categories of personal data, such as health information, biometric data, political opinions, religious beliefs, or other sensitive information, unless you have a valid legal basis and it is strictly necessary.
8. Business Users, Processor Role, and Data Processing Terms
If you use PlotiQ for your business or on behalf of your customer, you may upload project content that includes personal data of your customers, neighbors, employees, contractors, or other people. In that situation, you may be the controller of that personal data, and we may process it as your processor to provide the Service.
Where required, we will process such data only for the purpose of providing, securing, maintaining, troubleshooting, and improving the Service, and according to this Privacy Policy, our Terms of Service, and any applicable written data processing terms.
If you need a separate Data Processing Agreement for your business use of PlotiQ, contact us at info@plotiq.sk.
9. Public Share Links
When you activate a public share link, the shared visualization may be accessible to anyone with the link without login. Shared content may include project images and visual details from the uploaded photograph or generated result.
Only share content you are allowed to disclose. Publicly shared content may be viewed, copied, downloaded, cached, screenshotted, or re-shared by people who access the link. Search engines or automated tools may also access public pages if they are discoverable.
If you disable a share link, future access through that link should stop, but copies already viewed, downloaded, cached, indexed, or shared by others may remain outside our control.
10. Demo, Preview, Beta, and Sample Content
We may offer demo accounts, preview features, beta features, sample projects, example images, templates, or sample visualizations.
Demo or sample data may be fictional, anonymized, synthetic, licensed, publicly available, or provided with permission. It is intended only to demonstrate the Service.
If we create a personalized demo for a potential customer, we may use limited business contact information such as a name, company name, email address, or greeting text. We use this only for the demo, sales communication, and related follow-up, unless we agree otherwise.
Beta or preview features may collect additional technical logs, error reports, or feedback to help us evaluate and improve the feature. We will avoid collecting unnecessary personal data.
11. Cookies and Local Storage
The Service uses strictly necessary cookies and similar storage technologies, including:
- Authentication/session cookies or tokens needed to keep you logged in.
- Security and rate-limiting mechanisms needed to protect the Service.
- A language preference cookie such as
NEXT_LOCALE. - Local storage or similar browser storage for necessary application preferences, editor state, or session-related functionality.
These technologies are necessary for the Service to function and generally do not require consent under Slovak Act No. 452/2021 Coll. and ePrivacy rules.
We do not currently use advertising cookies, behavioral tracking cookies, or third-party analytics scripts in the PlotiQ application. If that changes, we will update this Privacy Policy and request consent where required.
Some browsers send "Do Not Track" signals. Because there is no consistent technical standard for how services should respond to such signals, we do not currently respond to them separately. We do not use advertising tracking regardless of this setting.
12. Sub-Processors and Third-Party Services
We use third-party providers to deliver the Service. We enter into data processing agreements or equivalent data protection terms where required.
| Provider | Role | Location / Transfer | Safeguard |
|---|---|---|---|
| Supabase, Inc. | Database, file storage, authentication | EU region where configured, currently Frankfurt, Germany | Data processing terms |
| OpenAI, L.L.C. | AI image generation and related image processing | United States / international transfer | Standard Contractual Clauses or other valid transfer mechanism |
| Stripe, Inc. | Payment processing, checkout, invoices, fraud prevention, if enabled | United States / international transfer | Standard Contractual Clauses or other valid transfer mechanism |
| Upstash, Inc. | Rate limiting and abuse prevention, if enabled | EU region where configured, currently Frankfurt, Germany | Data processing terms |
| Hosting, email, monitoring, or infrastructure providers | Service operation, logs, transactional emails, security | EU or international, depending on provider | Data processing terms and transfer safeguards where required |
We may update sub-processors as the Service evolves. Material changes will be reflected in this Privacy Policy or communicated where required.
Access by People Working With Us
Access to personal data is limited to people and systems that need it for legitimate purposes, such as support, security, debugging, billing, legal compliance, or service operation. This may include employees, contractors, advisors, accountants, legal representatives, or technical providers, where relevant. They may access personal data only as needed and subject to confidentiality or equivalent obligations.
Third-Party Links and Services You Choose
The Service or website may contain links to third-party websites or services. If you open those links or use third-party services, their own privacy policies apply. We are not responsible for how third parties process personal data outside our Service.
If the Service later supports optional third-party integrations, enabling an integration may allow that third party to access data needed for the integration. You should review the third party's privacy terms before enabling it.
13. International Data Transfers
When you submit a project for AI processing, the uploaded image and relevant project instructions may be transferred to OpenAI or another AI provider outside the European Economic Area. Payment data may also be transferred to payment providers outside the EEA.
Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, supplementary measures, or another lawful transfer mechanism under GDPR Chapter V.
14. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion or 2 years of account inactivity, unless longer retention is required |
| Project photos, project data, preview images, and generated images | Until you delete the project or account, unless longer retention is required for legal, security, or dispute reasons |
| Public share links | Until disabled, deleted, account deletion, or service discontinuation |
| Support, complaint, feedback, and business communications | Up to 3 years after the matter is resolved or last contact, unless needed longer for legal claims |
| Server access logs and security logs | Usually up to 90 days, unless needed longer for security investigation or legal reasons |
| Credit transaction, invoice, accounting, and tax records | Usually 10 years or another period required by applicable Slovak accounting and tax law |
| Marketing consent and suppression records | As long as needed to respect your preferences and demonstrate compliance |
| Demo account data | Until the demo is deleted, expires, or is no longer needed, unless longer retention is required |
| Backups | Deleted or overwritten according to backup cycles; deleted data may remain temporarily in encrypted backups |
After the applicable retention period, data is deleted, anonymized, or isolated from ordinary use until deletion is technically possible.
Inactive Accounts
We may delete or anonymize inactive unpaid accounts after a continuous period of inactivity, for example 2 years, after providing notice where reasonably possible. If you have purchased credits or have active paid use, different retention or notice periods may apply.
15. Your GDPR Rights
Subject to legal conditions and exceptions, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Request confirmation and a copy of personal data we process about you |
| Rectification (Art. 16) | Ask us to correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your data, subject to legal retention obligations |
| Restriction (Art. 18) | Ask us to restrict processing in certain circumstances |
| Portability (Art. 20) | Receive data you provided in a structured, commonly used, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw consent | Where processing is based on consent, withdraw it at any time without affecting prior processing |
| Complaint | Lodge a complaint with a data protection supervisory authority |
To exercise your rights, contact us at info@plotiq.sk. We will respond within one month unless the GDPR allows an extension due to complexity or number of requests. We may need to verify your identity before processing a request.
Some data may need to be retained despite an erasure request, for example accounting records, fraud prevention records, security logs, or data needed to establish, exercise, or defend legal claims.
If we process personal data on behalf of a business customer and you are not that business customer, we may need to refer your request to the relevant business customer or cooperate with them in handling the request.
16. Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of GDPR Art. 22 that produces legal or similarly significant effects concerning you.
AI image generation is initiated by you to produce a visual output. The output may be automated, but it does not decide your rights, eligibility, pricing, legal status, or access to essential services.
17. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encrypted connections (TLS) for data in transit.
- Access controls limiting who can access user data.
- Database row-level security and account-based access restrictions.
- Signed URLs or similar controls for temporary access to stored files.
- Logging, monitoring, rate limiting, and abuse prevention.
- Restricting administrative access to people and systems that need it.
- Backup, recovery, and incident response procedures appropriate to the size and risk of the Service.
- Internal separation of production and development access where reasonably possible.
No online service can be guaranteed completely secure. If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required and inform affected users without undue delay where required by GDPR Art. 33-34.
If you believe your account or data may be compromised, contact us immediately at info@plotiq.sk.
18. Children's Data
The Service is not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will take appropriate steps to delete it.
19. Legal Disclosure, Enforcement, and Business Transfers
We may preserve or disclose personal data where reasonably necessary to:
- Comply with applicable law, court orders, legal process, regulatory requests, or government requests.
- Enforce our Terms of Service or other agreements.
- Investigate fraud, security incidents, spam, abuse, or suspected illegal activity.
- Protect the rights, property, safety, and legitimate interests of us, our users, third parties, or the public.
- Handle accounting, tax, legal, audit, insurance, or professional advisory matters.
If our business, assets, or the Service are sold, merged, reorganized, or transferred, personal data may be transferred as part of that transaction, subject to appropriate confidentiality and data protection safeguards. We will notify affected users where required by law.
20. Supervisory Authority
If you believe we have not handled your personal data in accordance with the GDPR, you may lodge a complaint with the Slovak data protection supervisory authority:
Úrad na ochranu osobných údajov Slovenskej republiky Hraničná 12 820 07 Bratislava 27 Slovak Republic Website: www.dataprotection.gov.sk Email: statny.dozor@pdp.gov.sk
You may also contact the supervisory authority in your EU country of habitual residence, workplace, or place of alleged infringement.
21. Compliance and Review
We may periodically review our privacy practices, retention periods, security measures, sub-processors, and this Privacy Policy to keep them aligned with the Service and applicable law.
If you have concerns about how we process personal data, contact us at info@plotiq.sk. We will try to resolve the issue directly and cooperate with competent authorities where required.
22. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 30 days before they take effect where reasonably possible. The "Last updated" date at the top reflects the most recent revision.
Minor changes, clarifications, or updates that do not materially affect your rights may take effect immediately when posted.
23. Contact
For privacy questions, data subject requests, or concerns:
sinka s.r.o. Námestie osloboditeľov 3/A Košice - mestská časť Staré Mesto 040 01, Slovak Republic Company registration number: 54 866 944 Website: www.sinkasystems.sk
Email: info@plotiq.sk