Privacy Policy

Last updated: April 6, 2026

1. Data Controller

The controller of your personal data is Piotr Jakubowski, a sole proprietor operating the website tolsey.io. Address: ul. Józefa Chociszewskiego 37, 64-100 Leszno, Poland. Tax identification number (NIP): 6972378930. Email: hello@tolsey.io. For any matters related to the protection of personal data, you can contact the Controller at hello@tolsey.io.

2. Scope and Purposes of Data Processing

2.1. Waitlist sign-up and newsletter

When you sign up for the waitlist, we collect your email address and information about your language preference (English or Polish), inferred from the language version of the website you are using. We process this data for the following purposes: sending the newsletter and information about updates and offers related to tolsey.io; managing the subscriber list; communicating about the launch of the tolsey application.

Legal basis: Your consent given by checking the checkbox in the sign-up form (Article 6(1)(a) GDPR).

2.2. Website analytics

Using Google Analytics 4, we collect anonymised data about your use of the website, including information about pages visited, time spent on the site, and traffic source. Your IP address is automatically anonymised.

Legal basis: Your consent to analytical cookies, given via the Cookiebot banner (Article 6(1)(a) GDPR). Analytics scripts are blocked until consent is provided.

2.3. Technical operation of the form

To ensure the proper functioning of the sign-up form, we process technical data necessary to handle the request (e.g., the language version of the page).

Legal basis: The legitimate interest of the Controller in ensuring the proper operation of the website (Article 6(1)(f) GDPR).

3. Data Recipients — Data Processors

Your personal data may be shared with the following entities that process data on behalf of the Controller:

3.1. MailerLite

  • Purpose: managing the subscriber list and sending the newsletter
  • Data shared: email address, language preference
  • Server location: European Union (Lithuania)
  • Entity: UAB "MailerLite", Lithuania

MailerLite processes data exclusively within the European Union, ensuring an appropriate level of personal data protection in accordance with the GDPR.

3.2. Google LLC (Google Analytics 4)

  • Purpose: analysing website traffic and improving service quality
  • Data shared: anonymised behavioural data, anonymised IP address, cookies
  • Server location: United States

Data transmitted to Google Analytics may be transferred outside the European Economic Area (to the USA). Such transfers are carried out on the basis of the European Commission's adequacy decision (EU-US Data Privacy Framework) and Standard Contractual Clauses (SCCs).

3.3. Usercentrics A/S (Cookiebot)

  • Purpose: managing cookie consents (CMP platform)
  • Data shared: user consent choices, date and time of consent
  • Server location: European Union (Denmark)

4. Transfers of Data Outside the EEA

Data processed by Google Analytics 4 may be transferred to the United States. Such transfers are carried out on the basis of:

  • the European Commission's adequacy decision under the EU-US Data Privacy Framework (Article 45 GDPR), or
  • Standard Contractual Clauses approved by the European Commission (Article 46(2)(c) GDPR).

All other data (MailerLite, Cookiebot) is processed exclusively within the European Union.

5. Data Retention Periods

Type of dataRetention period
Email address (newsletter)Until consent is withdrawn (unsubscribing from the mailing list)
Analytics data (GA4)Up to 26 months from last activity (Google Analytics default setting)
Cookie preferences (Cookiebot)1 year (stored in the user's browser)

After you withdraw your consent to the newsletter, your email address will be removed from the subscriber list in MailerLite.

6. Your Rights

Under the GDPR, you have the following rights:

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether your personal data is being processed, and to access your data and information about the processing.

Right to rectification (Article 16 GDPR)

You have the right to request the correction of inaccurate data or the completion of incomplete data.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data ("right to be forgotten") when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.

Right to restriction of processing (Article 18 GDPR)

You have the right to request the restriction of processing in certain circumstances.

Right to data portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to object (Article 21 GDPR)

You have the right to object to the processing of data based on the legitimate interest of the Controller.

Right to withdraw consent

You have the right to withdraw your consent to data processing at any time, without affecting the lawfulness of processing carried out before the withdrawal. You can withdraw your consent:

  • for the newsletter — by clicking the unsubscribe link included in every email,
  • for analytical cookies — by changing your settings via the Cookiebot banner (available on the website).

Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority: the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl.

To exercise any of these rights, contact the Controller at hello@tolsey.io.

7. Voluntary Nature of Data Provision

Providing your email address in the waitlist sign-up form is voluntary but necessary to subscribe to the newsletter. Giving marketing consent is required to submit the form.

8. Automated Decision-Making and Profiling

The Controller does not make decisions based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect the user.

9. Data Security

The Controller applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. Communication with tolsey.io is conducted via the HTTPS protocol. API keys and configuration data for external services are stored exclusively on the server side and are not accessible in the user's browser.

10. Cookies

Detailed information about cookies used on tolsey.io can be found in the separate Cookie Policy.

11. Changes to This Privacy Policy

The Controller reserves the right to amend this privacy policy. Users will be informed of material changes via the newsletter or a notice on the website. The current version of the privacy policy is always available at https://tolsey.io/privacy.