top of page

Privacy Policy MASKIT

Effective Date: June 30, 2025
Last Updated: June 30, 2025

This Privacy Policy explains how DataVision s.r.o., a company incorporated in the Czech Republic, processes personal data when you access or use the MASKIT platform (the “Service”), available at www.maskit.ai. It applies to all users of the Service, including visitors, registered users, and organizations accessing the platform via API.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), applicable Czech and EU laws, and any other applicable privacy regulations.

1. Data Controller

DataVision s.r.o.
Registered address Slinková 589/2, 153 00 Praha 5,
Czech Republic
Email: info@datavision.cz
ID No.: 27142663
DataVision s.r.o. is the data controller for personal data processed through the MASKIT platform.

2. Categories of Personal Data Processed

We process the following categories of personal data, depending on how you interact with MASKIT:

a) Account Data

  • First and last name

  • Email address

  • Password (encrypted)

  • Company name and country

  • Account settings and preferences

b) Communication Data

  • Emails or messages sent to us

  • Support requests and feedback

  • Metadata (e.g., timestamps)

c) Billing and Payment Data

  • Billing name and address

  • VAT ID (if applicable)

  • Payment confirmation details

Note: All payment processing is handled by Stripe. We do not store your card or bank details.

d) Usage Data

  • IP address

  • Browser and device type

  • Access times and activity logs

  • Clickstream and interaction data

  • Referring URLs

e) Uploaded and Processed Content

  • Images, documents, or text data you upload for anonymization

⚠️ You are responsible for the content you upload. Please avoid submitting data that is unnecessary or unrelated to the purpose of processing.

f) API Interaction Logs

For organizations using our API:

  • Authentication tokens

  • Request and response metadata

  • Volume of requests

  • Error logs

3. Legal Bases for Processing

We process personal data in accordance with Article 6 of the GDPR based on the following lawful grounds:

  • Account creation and login are processed on the basis of performance of a contract.

  • Providing the Service is also based on the performance of a contract, as it is necessary to fulfill our obligations to you.

  • Billing and payments are processed on the basis of both legal obligation (for accounting and tax compliance) and performance of a contract (to manage your subscription or usage fees).

  • Analytics and platform improvement are processed on the basis of our legitimate interest in maintaining and enhancing the quality, security, and performance of our services.

  • Customer support data is processed either under the performance of a contract (when directly related to the service you use) or based on our legitimate interest in ensuring user satisfaction and proper service functioning.

  • Marketing communications, where applicable, are processed only on the basis of your explicit consent, which you may withdraw at any time.

  • Compliance with legal obligations (such as responding to lawful requests or retaining certain records) is based on our legal obligation.

4. Purpose of Processing

We use personal data to:

  • Provide you with access to and use of MASKIT services

  • Maintain and secure our platform

  • Monitor usage to prevent fraud and abuse

  • Improve our services and features

  • Communicate with users and respond to inquiries

  • Process payments and manage subscriptions

  • Comply with legal and contractual obligations
     

5. Data Sharing and Recipients

We may share personal data with:

a) Processors

These third parties act under our instructions and are contractually bound by Data Processing Agreements (DPAs):

  • Hosting Providers (e.g., AWS, Azure)

  • Analytics tools (e.g., Google Analytics, Matomo)

  • Payment processors (e.g., Stripe)

  • CRM and communication tools (e.g., HubSpot)

b) Independent Controllers

In some cases, third parties may process data as independent controllers (e.g., tax authorities, law enforcement when required).

6. Data Transfers Outside the EU/EEA

Some of our subprocessors or service providers are located outside the European Economic Area (EEA), including in the United States.

In such cases, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions where applicable

  • Additional safeguards (encryption, access control)

7. Data Retention

We retain personal data for as long as necessary for the purpose for which it was collected:

  • Account data: for the duration of your account + up to 6 months

  • Uploaded data: based on user configuration (temporary or permanent deletion options are available)

  • Billing data: 10 years (as required by accounting law)

  • Logs and analytics: 12–24 months

You may request deletion at any time (see section 9).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption

  • Secure access control

  • Regular security audits and patches

  • Encrypted storage and backups

  • Data minimization and access logging

We continuously review our security practices and update them to address new risks.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access – to obtain a copy of your personal data

  • Right to rectification – to correct inaccuracies

  • Right to erasure – to request deletion under certain conditions

  • Right to restriction – to limit processing temporarily

  • Right to data portability – to obtain data in a structured format

  • Right to object – to processing based on legitimate interest or direct marketing

  • Right to withdraw consent – at any time where processing is based on consent

To exercise your rights, email us at info@datavision.cz. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (in the Czech Republic: Úřad pro ochranu osobních údajů).

10. Cookies and Similar Technologies

We use cookies for:

  • Essential functions (login, preferences)

  • Analytics (usage statistics)

  • Marketing (if consented)

You can manage your preferences via our cookie banner or browser settings. For full details, see our Cookie Policy.

11. Children’s Data

MASKIT is not designed for or directed at children under 18. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this policy occasionally. When we do, we will:

  • Update the “Last Updated” date

  • Notify users via email or dashboard (if materially significant)

  • Keep previous versions available on request

13. Contact Information

If you have any questions or concerns regarding this policy or your personal data, please contact:

DataVision s.r.o.
Email: info@datavision.cz or support@maskit.ai
Address: Polygon House, Doudlebská 1699/5, 140 00 Praha 4, Czech Republic.

bottom of page