Privacy Policy
Effective Date: January 1, 2026
Last Updated: January 11, 2026
1. Introduction
This Privacy Policy describes how Sinfin s.r.o. ("Company", "we", "us") collects, uses, and protects personal data when you use the Scorika API and related services.
Company Information:
- Sinfin s.r.o.
- Website: sinfin.digital
- Contact: info@scorika.com
2. Data Controller vs. Data Processor
When we are the Data Controller:
For data related to your account (registration, billing, support communications), we act as the Data Controller. We determine the purposes and means of processing this data.
When we are the Data Processor:
For data you submit via the API (emails, IPs, phone numbers for fraud scoring), we act as the Data Processor. You (our customer) are the Data Controller and determine how this data is used. Our processing is governed by the Data Processing Agreement.
3. Data We Collect
3.1 Account Data (Controller)
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Email address | Account access, communications | Contract performance | Account lifetime + 2 years |
| Name, Company | Account identification | Contract performance | Account lifetime + 2 years |
| Billing information | Payment processing | Legal obligation | 7 years (tax law) |
| Usage logs | Service improvement, billing | Legitimate interest | Per plan retention |
| Support communications | Customer support | Contract performance | 2 years |
3.2 API Data (Processor)
Data submitted via the API is processed on your behalf. See our Data Processing Agreement for details.
4. Data Sharing & Subprocessors
We share data only with trusted subprocessors necessary to provide the Service:
View Subprocessor List →5. Your Rights (GDPR)
Under GDPR, you have the right to:
📋 Access
Request a copy of your personal data
✏️ Rectification
Correct inaccurate data
🗑️ Erasure
Request deletion ("right to be forgotten")
📦 Portability
Receive your data in machine-readable format
⏸️ Restriction
Limit how we process your data
❌ Object
Object to processing based on legitimate interest
To exercise these rights, contact us at info@scorika.com. We will respond within 30 days.
6. Cookies
We use the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| _scorika_session | Session management | Essential | Session |
| remember_token | "Remember me" login | Essential | 2 weeks |
We do not use third-party tracking cookies or analytics that track individual users across websites.
7. Security
We implement appropriate technical and organizational measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication
- Regular security audits
- Incident response procedures
- Employee training
See our Security Documentation for details.
8. International Data Transfers
Data is primarily processed within the European Union (AWS eu-central-1).
For any transfers outside the EU, we use Standard Contractual Clauses (SCCs) as approved by the European Commission.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect.
10. Contact
For privacy-related inquiries:
Data Controller: Sinfin s.r.o.
Email: info@scorika.com
You also have the right to lodge a complaint with your local supervisory authority (e.g., ÚOOÚ in Czech Republic).