Privacy Policy
Effective: 2026-05-21 · GDPR-compliant · Magyar verzió
1. Data Controller
Polyák Csaba individual entrepreneur
Address: Kölcsey Ferenc utca 11, 4324 Kállósemjén, Hungary
EU VAT ID: HU68747961
Email: [email protected]
2. Data We Process
Registration:
- Email address (required — login + communication)
- Display name (optional — shown in your account)
- Registration timestamp
Payment (via Stripe):
- Card details — stored EXCLUSIVELY at Stripe; we never see them
- Purchase history (amount, date, plan)
- Billing info (for companies: name, VAT ID, address)
Usage (automatic):
- Reading progress (which episodes, how much)
- Login and activity timestamps
- Anonymous web analytics (visit count, page views)
3. Purposes and Legal Basis
Email: contract performance (login, purchase confirmation). GDPR Art. 6(1)(b).
Billing data: legal obligation (tax). GDPR Art. 6(1)(c).
Reading progress: legitimate interest + UX improvement. GDPR Art. 6(1)(f).
Feedback: consent. GDPR Art. 6(1)(a).
4. Data Processors (sub-processors)
We use these third-party services to operate vesperaseven.com:
- Cloudflare, Inc. (USA) — hosting + database. cloudflare.com/privacypolicy
- Stripe Payments Europe Ltd. (Ireland) — payment processing. stripe.com/privacy
- Resend (USA) — transactional email. resend.com/legal/privacy-policy
For data transfers outside the EU, the European Commission's Standard Contractual Clauses ensure EU-level protection.
5. Retention
- Account data: while account active + 1 year after deletion (legal obligation)
- Billing data: 8 years (Hungarian accounting law)
- Reading progress: until account deletion
- Magic-link tokens: 20 minutes after creation
6. Your Rights (GDPR)
You may at any time:
- Request info about data we hold about you
- Request correction of inaccurate data
- Request deletion ("right to be forgotten") — except where legal obligation requires retention (e.g. invoices)
- Restrict processing
- Request portability — export your account data
- Withdraw consent at any time
- Lodge a complaint with the Hungarian Data Protection Authority (NAIH, naih.hu) or your local EU DPA
Email [email protected] — we respond within 30 days.
7. Cookies
vesperaseven.com uses ONLY essential cookies:
- core7_session (essential) — identifies your logged-in session. 30 days. HttpOnly, Secure.
- core7_admin (essential, admin only) — admin panel access. 7 days.
- core7_lang (preference) — your language choice (en/hu).
No third-party tracking cookies. No Google Analytics, no Facebook Pixel, no advertising trackers.
8. Security
All communication and storage uses HTTPS/TLS encryption. We use passwordless magic-link email login — your password is never stored. Data lives on Cloudflare D1 (SQLite) on ISO 27001-certified infrastructure.
9. Modifications
Material changes to this policy will be communicated by email to registered users 30 days before taking effect.