Data Privacy Policy

1. Introduction

This Privacy Policy explains how TM Infotech Kft. ("we", "us", "our") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) when you use our MyStickynotes service.

2. Data Controller

TM Infotech Kft. acts as the data controller for personal data collected through MyStickynotes. Our contact details are provided at the bottom of this policy.

3. Personal Data We Collect

We collect and process the following personal data:

• Email address (for account creation and communication)
• Name (for personalization)
• Content of your notes
• Usage data (how you interact with our service)
• Technical data (IP address, browser type, device information)

4. Authentication Data

For account creation and authentication, we collect and process:

• Email address (required for account creation and communication)
• Password (stored in encrypted form using industry-standard hashing)
• Name (for personalization)
• IP addresses (for security monitoring)
• Login timestamps
• Session information

Authentication data is stored securely and is only used for account access and security purposes.

5. Session and Cookie Data

We use the following cookies and session data:

• Session cookie (for maintaining your login state)
• CSRF token cookie (for security against cross-site request forgery)
• Remember-me cookie (optional, only if "Remember me" is selected)

Session data is automatically deleted when you log out or when the session expires.

6. Data Storage and Security

Your data is stored as follows:

• Account data is stored in our secure database
• Passwords are hashed using bcrypt
• All data is backed up daily
• Data is stored within the European Union
• Access logs are maintained for security purposes

7. Data Retention Periods

• Account information: Stored until account deletion
• Login history: 90 days
• Session data: 2 hours after last activity
• Failed login attempts: 24 hours
• IP logs: 30 days

8. Account Deletion

When you delete your account:

• All personal data is permanently deleted within 30 days
• Your notes and categories are immediately removed
• Login history is anonymized
• Backup data is removed within 90 days

You can request a copy of your data before deletion through our support.

9. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract execution (to provide you with our service)
• Legal obligation (to comply with applicable laws)
• Legitimate interests (to improve and secure our service)
• Consent (where specifically requested)

10. Your Data Protection Rights

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

11. Data Retention

We retain your personal data only for as long as necessary to provide you with our service and as required by law. When you delete your account, your data will be permanently deleted within 30 days.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

13. International Data Transfers

Your data is stored and processed within the European Economic Area (EEA). If any data transfer outside the EEA becomes necessary, we ensure appropriate safeguards are in place.

14. Cookies and Tracking

We use only essential cookies necessary for the functioning of our service. These cookies do not track your behavior for marketing purposes.

15. Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16.

16. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

17. Data Protection Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority in Hungary is the National Authority for Data Protection and Freedom of Information (NAIH).