Privacy Policy
Last updated: December 12, 2025
General information
This Privacy Policy defines the rules for processing and protecting personal data provided by Users in connection with using the sophina.com website (the "Website") and making purchases in the store available in the App.
The data controller is: Business & Finance Solutions Paweł Nowecki, registered at: Aleksandria 33, 96-330 NIP: 8381820281, REGON: 364419062. Contact email: kontakt@sophina.pl.
Scope of collected data
When using the service, we may collect the following data:
- User account data: email address, username (login), password (stored in encrypted form).
- Order fulfillment data (Store): full name, delivery address, phone number, invoice data (if applicable), order history.
- Hydration planner subscription data: information about the selected plan, recurring payment data, subscription invoice history, Stripe customer ID.
- Technical data: IP address, device information, system logs (necessary for App security and stability).
Purpose and legal basis
Personal data is processed for the purpose of:
- Service provision (Art. 6(1)(b) GDPR): enabling account creation and maintenance, login, and access to App features.
- Sales contract performance (Art. 6(1)(b) GDPR): accepting orders, shipping goods, processing payments, and order-related contact.
- Hydration planner subscription performance (Art. 6(1)(b) GDPR): managing subscriptions, processing recurring payments via Stripe, and providing services under the selected plan.
- Legal obligations (Art. 6(1)(c) GDPR): issuing and storing invoices/receipts (tax requirements).
- Legitimate interest (Art. 6(1)(f) GDPR): pursuing claims, defending against claims, and ensuring App security.
Data retention
According to our App rules:
- Account data: personal data related to your account is stored in our database for as long as the account is active.
- Account deletion: when a User uses the "Delete account" option, all personal data related to the User profile is permanently and irreversibly removed from our database in real time.
- Exception (Purchase data): for Users who made purchases in the store, we are legally obliged to retain transaction data (invoices, order data) for the period required by tax law (usually 5 years from the end of the calendar year), even if the User account is deleted.
Data recipients
Your data may be shared with third parties only to fulfill the service:
- Payment operators: [e.g., Stripe, Przelewy24, PayU] – to process order payments.
- Stripe: hydration planner subscription payments operator – for recurring payment processing, payment method management, and subscription invoice issuance.
- Courier companies: [e.g., InPost, DPD] – to deliver orders.
- Hosting/database provider: [e.g., AWS, Google Cloud, OVH] – to store data on servers.
- Accounting office: for tax settlements (applies only to buyers).
Data security
We take care of your data security. We use SSL encryption, passwords are hashed (not stored in plain text), and only authorized persons have access to the database.
Cookies
The Website may use cookies or similar technologies (e.g., local storage) to maintain the logged-in session and remember the cart. Users can manage cookie settings in their device.
User rights
Each User has the right to:
- Access their personal data
- Correct inaccurate data
- Delete data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
Privacy Policy changes
We reserve the right to make changes to this Privacy Policy. Users will be informed of any changes within the Website or by email before the changes take effect.