Privacy Policy

Alexis Zrimec s.p., Velika Loka 90, 1290 Grosuplje, Slovenia, is the data controller for the personal data described in this policy.

For privacy questions, contact admin@alittis.com.

This policy covers personal data for which we are the controller: account holders, billing contacts, visitors to this website, and people who join our waitlist. For the consent records we process on behalf of our customers, the customer is the controller and we act as their processor under a Data Processing Agreement.

We collect the minimum needed to run the service:

• Account data (name, email), via our authentication processor Clerk, to create and operate your account. Legal basis: performance of a contract.
• Billing data, handled by our merchant of record Paddle. Paddle collects payment details; we receive only subscription identifiers, plan, and status, never full card numbers. Legal basis: contract and legal obligation (tax).
• Consent records, on behalf of customers: IP address, user agent, session identifier, and the exact consent wording shown, with a SHA-256 integrity token, as proof of consent.
• Website and waitlist data: the email you submit and basic technical logs. Legal basis: consent or legitimate interest.
• Support communications you send us.

Email addresses captured by the widget are relayed in memory to the customer-configured email provider and are never persisted on our servers. They are excluded from our logs and backups.

We rely on a small set of vetted processors:

• Clerk — authentication.
• Paddle — payments and tax, as merchant of record.
• Klaviyo — email delivery, configured by each customer.
• Resend — our transactional email.
• Hostinger — server hosting in Frankfurt, Germany (EU).
• Cloudflare — content delivery and security.

Our infrastructure is hosted in the EU. Some processors are based in the United States; those transfers rely on EU Standard Contractual Clauses or an adequacy mechanism such as the EU-US Data Privacy Framework.

We keep account and billing data for as long as your account is active and as required by law (for example, tax records). After cancellation we provide a 90-day window to export consent records.

Consent records — including the IP address captured as proof of consent — are kept on the controlling customer's instructions, for as long as needed to evidence the consent and to meet applicable legal retention periods, and are deleted when no longer required.

Subject to applicable law, you can request access, rectification, erasure, restriction, and portability, object to processing, and withdraw consent at any time.

You can also lodge a complaint with a supervisory authority, for example the Slovenian Information Commissioner (Informacijski pooblaščenec).

We use only the essential cookies needed for authentication and security. We do not use advertising or cross-site tracking cookies on this site.

We protect data with encryption in transit, encryption of stored provider credentials, integrity tokens on consent records, and daily encrypted backups.

We may update this policy. Material changes will be notified by email or in the dashboard.