Privacy policy

1. Data controller

The controller of personal data processed in Allegro Automate is Przemyslaw Lapinski. Contact for privacy matters: contact@marketdeck.app.

2. Scope of processed data

The application processes user account data, in particular full name, email address, encrypted password, accepted document versions, and acceptance dates. After connecting Allegro, the application processes the Allegro account identifier and login, encrypted OAuth tokens, offer information loaded from the Allegro API, and the history of price operations, schedules, and automations.

3. Purposes and legal bases

Data is processed to create and operate the account, authenticate the user, handle the OAuth connection, perform price operations requested by the user, support schedules and automations, maintain security, diagnose errors, keep operation history, and handle reports. The processing basis is performance of the service, legitimate interest in securing and developing the application, and legal obligations where applicable.

4. Data recipients

Data may be shared with providers of hosting infrastructure, databases, error monitoring, and technical tools used to maintain the application. Data related to offers and operations is sent to Allegro to the extent necessary to perform authorized operations through the official Allegro API.

5. Sentry and error diagnostics

If Sentry is configured for a given deployment, the application may send diagnostic error data, such as environment, application version, URL, technical identifiers, error messages, and limited user context. This data is used only to diagnose and improve service stability.

6. Retention period

Account data is stored for the period of using the application. Operation history, schedules, automations, and technical logs are stored for the period needed to ensure accountability of actions, security, complaint handling, and error diagnostics. OAuth tokens are removed or deactivated after disconnecting the Allegro account or deleting the user account, unless short-term data retention is technically or legally required.

When the user deletes the account in the application, the application removes the user account, Allegro OAuth credentials, password reset tokens, operation history, scheduled changes, automations, user audit records, and pending queue records linked to that account. Data sent earlier to external providers may remain in their own technical retention systems according to their terms and legal obligations.

7. User rights

The user may request access to data, rectification, deletion, restriction of processing, data portability, and objection to processing based on legitimate interest. Requests may be sent to contact@marketdeck.app. The user also has the right to lodge a complaint with the Polish data protection authority.

8. Security

The application uses per-user data isolation, HTTP sessions, CSRF protection, encryption of Allegro tokens before database storage, and access limited according to the logged-in user. In production, the application requires HTTPS for the application URL and OAuth callback.

9. Automated decisions and profiling

The application does not make automated decisions about users that produce legal effects. Price automations are rules defined by the user and executed at the user's request.

10. Changes to the privacy policy

A new version of the privacy policy is published in the application. If a change requires renewed confirmation that the user has read the document, the application may request such confirmation before further account use.