Home

Privacy Policy

A short, human-readable privacy notice in line with GDPR Art. 13.

1. Data controller

Srenk Media Limited
Promitheos 14, Floor M, Flat / Office M1, 1065 Nicosia, Cyprus
Cyprus company registration number: ΗΕ 483274
+357 99 631882 · business@srenkmedia.com

Data-protection requests: business@srenkmedia.com (subject «GDPR»). We respond within 30 days.

2. Personal data we process

  • Account data: name, email address, bcrypt password hash.
  • Subscription data: Premium plan type (monthly/yearly/one-off), subscription status, start and end dates, billing cycle dates.
  • Payment data: transaction identifier from our payment processor (Stripe), amount charged, payment method type, and the last four digits of the card for the receipt. We do not process or store full card numbers, CVC codes or bank credentials — these are submitted directly to Stripe's secured environment (PCI DSS Level 1).
  • Invoicing data: receipt number, billing address (if provided), VAT number (for business customers), VAT country.
  • Technical data: session identifier (PHPSESSID), language cookie, cookie-consent state and timestamp.
  • Logs: sign-in time and IP address for security purposes (90 days).

We do not collect location data, profiling data, advertising-tracking data or biometric data.

3. Purposes and legal basis (GDPR Art. 6)

  • Contract (Art. 6(1)(b)): creating your account, signing you in, delivering the Premium subscription, billing and handling cancellations.
  • Legal obligation (Art. 6(1)(c)): retention of accounting records under the Finnish Accounting Act (Kirjanpitolaki 1336/1997) for 6 years from the end of the fiscal year, VAT obligations and other regulatory requirements.
  • Consent (Art. 6(1)(a)): sending the newsletter and marketing messages (you can withdraw consent at any time); non-essential cookies.
  • Legitimate interest (Art. 6(1)(f)): service security, prevention of abuse and payment fraud, handling of disputed charges (balancing test performed: intrusion and fraud prevention vs. user expectations — no profiling, no automated decisions).

4. Retention

  • Account data: lifetime of the account; deleted within 30 days of a deletion request.
  • Accounting records (receipts, invoices, transaction identifiers): 6 years from the end of the fiscal year (Finnish Accounting Act 2:10).
  • Subscription metadata (start/end dates, status): for the lifetime of the subscription + 12 months for chargeback handling.
  • Sign-in logs and IP addresses: 90 days.
  • Newsletter subscription: until you unsubscribe.
  • Cookies: see the cookie policy (max. 365 days).

5. Recipients and transfers

We do not sell or rent personal data. No data is shared with third parties for marketing or analytics.

We use the following processors (GDPR Art. 28):

  • Stripe Payments Europe, Ltd. (Ireland) — payment processing, card charges, receipt generation. Stripe may transfer data to the United States under the EU Standard Contractual Clauses (SCCs) and Stripe Inc.'s EU-US Data Privacy Framework certification.
  • Hetzner Online GmbH (Germany) — servers and hosting within the EU/EEA.
  • Postmark / AWS SES (EU region) — transactional and receipt email delivery.

A data processing agreement (DPA) under GDPR Art. 28 is in place with every processor. An up-to-date list is available on request from business@srenkmedia.com.

6. Your rights (GDPR Art. 15–22)

  • Right of access to your personal data (Art. 15).
  • Right to rectification (Art. 16).
  • Right to erasure / "right to be forgotten" (Art. 17).
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — your account export is available in JSON.
  • Right to object (Art. 21), in particular to direct marketing.
  • Right to withdraw consent (Art. 7(3)) at any time.
  • Right to lodge a complaint with the Office of the Data Protection Ombudsman (tietosuoja.fi).

To exercise your rights: business@srenkmedia.com. We will identify the data subject and respond without undue delay, at the latest within 30 days.

7. Consequences of not providing data

To create an account we need a name and an email address. To subscribe to Premium you additionally need a valid payment method, whose details are submitted directly to Stripe. Without these we cannot provide Premium features or the newsletter. Public site features (results, archive, history) are available without an account.

8. Automated decision-making and profiling

We do not carry out automated decisions producing legal or similarly significant effects (Art. 22). We do not profile users.

9. Security

Passwords are stored only as bcrypt hashes. Traffic is protected by TLS. Accounts are temporarily locked after repeated failed sign-in attempts.

10. Changes to this notice

We update this notice when needed. Material changes will be announced to registered users by email or an in-site notice at least 14 days in advance.