Privacy Policy

Last updated: 2026-04-30

This Privacy Policy explains what personal data Martin Regec ("VoxelRun") collects, why we collect it, and what we do with it. VoxelRun acts as the data controller under the GDPR. The data controller is Martin Regec, Nov? sady 988/2, Star? Brno, 602 00 Brno, Czech Republic, contact: [email protected].

1. Data we collect

Account data: email address and a chosen display name. Authentication data: a hashed password and short-lived JWT tokens. Billing metadata: Stripe Customer ID, the credit packs you have purchased, transaction IDs (we never see your card number). Usage data: server start/stop events, durations, plan usage, and the IP address of the client that used the dashboard. Operational logs: minimal request logs retained for security purposes.

2. Why we collect it

To provide the Service, bill it, communicate with you about it, secure it against abuse, and comply with our legal obligations (accounting, tax records, fraud prevention).

3. Legal basis

Performance of a contract for account, server, billing and support data. Legitimate interest for security logs and abuse prevention. Legal obligation for invoicing and tax records. Consent for optional analytics or marketing communications, which you may withdraw at any time.

4. Sub-processors

Hetzner Cloud (Hetzner Online GmbH, DE) - compute and storage. Stripe Payments Europe Ltd (IE) - payment processing. Brevo / Sendinblue SAS (FR) - transactional email. Cloudflare Inc. (US/IE) - DNS and DDoS protection where applicable. All sub-processors are bound by data protection agreements compliant with EU data protection law.

5. International transfers

Primary hosting data is stored within the European Union. Some sub-processors may incidentally transfer metadata outside the EU under Standard Contractual Clauses or equivalent safeguards.

6. Retention

Account data: for the life of your account. Backups: 30 days after creation unless deleted earlier. Billing records: for the period required by Czech accounting and tax law. Logs: 90 days. Marketing data: until you withdraw consent.

7. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, operational logging, and limited access to production systems. No online service can guarantee absolute security, but we work to reduce risk and respond to incidents promptly.

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your data, and to lodge a complaint with the Czech data protection authority (??ad pro ochranu osobn?ch ?daj?). For privacy-related requests, write to [email protected].

9. Data Processing Addendum

If you use VoxelRun to process personal data on behalf of others, a Data Processing Addendum is available on request at [email protected].

10. Cookies

We use a small set of strictly necessary cookies (session, CSRF) and, only with your consent, optional analytics cookies. See our Cookie Policy for the full list.

11. Children

VoxelRun is not directed to children under the age of digital consent. We do not knowingly collect data from such users. If you believe a child has provided us with data, write to us and we will delete it.

12. Changes

Material changes to this Policy will be announced by email and reflected on this page.