SPILL!

Privacy Policy

Last updated: March 2026

1. Data Controller

arrielrogand s.r.o.
Slnečná ulica 192/13, 900 50 Hrubá Borša
IČO: 50254987 · DIČ: 2120245644
Contact: spillsome.coffee/feedback

2. What Data We Collect

DataPurposeLegal basis
Email addressPayment notificationsContract
Feedback messagesService improvementLegitimate interest
Analytics cookiesUsage statisticsConsent
Payment dataProcessing transactionsContract
IP addressSecurity, rate limitingLegitimate interest

3. Third-Party Services

We share data with GDPR-compliant processors:

  • Stripe — payment processing
  • Resend — transactional emails
  • Google Analytics — usage data (with consent only)
  • Supabase — database hosting
  • Vercel — web hosting

Payment card details are processed exclusively by Stripe and never stored on our servers.

4. Cookies

  • Google Analytics (_ga, _gid) — up to 2 years. Loaded only with consent.
  • Cookie consent (spill_cookies) — 1 year. Essential.

Withdraw consent by clearing browser cookies and revisiting the site.

5. Data Retention

  • Email addresses: 2 years after last transaction
  • Feedback messages: 1 year
  • Payment records: 10 years (Slovak accounting law)
  • Analytics data: 14 months

6. Your Rights

Under GDPR you have the right to: access, rectification, erasure, restriction, portability, and objection.

Contact us at spillsome.coffee/feedback. We respond within 30 days.

7. Data Security

We use HTTPS encryption, rate-limited authentication, and row-level database security.

8. Supervisory Authority

Lodge complaints with the Slovak Office for Personal Data Protection (dataprotection.gov.sk).

9. Changes

We may update this policy. Changes will be posted here with an updated date.