Privacy Policy

Last Updated: March 13, 2026

1. Introduction

Welcome to Affinsy (the "Service"), operated by APUS DATA Mateusz Jerzyk ("APUS DATA," "we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Market Basket Analysis (MBA) and Analytics services, website (affinsy.com), and related tools (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

For the purpose of the General Data Protection Regulation (GDPR) and other relevant data protection laws, the Data Controller is:

APUS DATA Mateusz Jerzyk

VAT ID: PL5140344860

ul. Olsztyńska 42a/8

51-423 Wrocław, Poland

Email: hello@affinsy.com

Data Protection Officer (DPO): Mateusz Jerzyk (Contact via hello@affinsy.com)

3. Information We Collect

We may collect the following types of information:

Personal Identification Information:

  • Email address (for account creation/login, communication, receiving reports).
  • Name (Optional, provided during signup or billing).

Payment and Subscription Information:

  • We use Stripe for processing One-Time Payments and recurring Subscription payments.
  • We do not directly collect or store your full credit card details. Stripe handles this securely.
  • We receive transaction confirmations, identifiers (like Stripe Customer ID and Subscription ID), subscription status (e.g., active, canceled), and current billing period end dates from Stripe to manage your account and access level.

User-Provided Data ("User Data"):

  • Imported E-commerce Data: Order data (Order IDs, Customer IDs, Product names/SKUs, Quantities, Prices, Timestamps) uploaded via CSV file or connected via third-party integrations. This data is stored persistently in our cloud infrastructure (Google BigQuery) for ongoing analysis and report generation across multiple reports.
  • Customer Identifiers: Imported order data may include customer identifiers (e.g., customer IDs, email addresses) which are used for RFM segmentation analysis. We store these identifiers securely and use them solely for generating your requested reports.

Important Note on User Data: Imported data is stored persistently in our cloud database until you delete it. This data may contain personal data related to your customers (such as customer IDs or email addresses). You are responsible for ensuring you have the right to share this data with us for processing. We process the imported data solely to generate your requested Reports and provide the Service. You can delete all your imported data at any time from the Data page in your dashboard.

Usage Data:

Information about how you access and use our website and Service, including: IP address, Browser type, Operating system, Pages visited, Time spent on pages, Interaction patterns, Error logs. This helps us improve the Service and ensure security.

Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to track activity on our Service. See Section 10 for more details.

4. How We Use Your Information (Legal Basis)

We use the collected information for various purposes, relying on the following legal bases under GDPR:

To Provide and Maintain the Service (Contractual Necessity - Art. 6(1)(b) GDPR):

  • Processing your User Data (CSV or GA) to generate Reports and populate the Analytics Dashboard.
  • Managing your account, subscription status, and access to features based on your plan.
  • Providing customer support (using your email).
  • Processing One-Time Payments and Subscription payments via Stripe.

To Improve Our Service (Legitimate Interests - Art. 6(1)(f) GDPR):

  • Analyzing Usage Data to understand how users interact with our Service, identify areas for improvement, and enhance user experience.
  • Using anonymized and aggregated data derived from User Data (excluding Google API data) to improve our AI models. **Information received from Google APIs is explicitly excluded from this practice** and handled per the Google API Policy (Section 5).
  • Monitoring the Service for security purposes and preventing fraud.

To Communicate With You (Contractual Necessity / Legitimate Interests / Consent - Art. 6(1)(a, b, f) GDPR):

  • Responding to your inquiries and support requests via email.
  • Sending important service-related notices (e.g., updates to Terms or Policy, security alerts, subscription billing notifications).
  • Sending marketing communications or newsletters if you have opted-in. You can opt-out at any time.

To Comply with Legal Obligations (Legal Obligation - Art. 6(1)(c) GDPR):

Fulfilling legal requirements, such as responding to lawful requests from public authorities or meeting tax and accounting obligations.

5. Compliance with Google API Services User Data Policy

Affinsy's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use: The data obtained from the Google Analytics API is used solely to provide and improve the user-facing features of the Affinsy service visible to you. Specifically, this data populates your Analytics dashboard. It will not be used for other purposes like transferring/selling to third parties, advertising, or training generalized AI models.

  • Transferring or selling the data to third parties.
  • Using the data for advertising purposes.
  • Training generalized artificial intelligence or machine learning models.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., Stripe for payments, hosting providers, analytics tools, email delivery services) under strict confidentiality and data processing agreements.
  • Legal Requirements: If required by law or in response to valid legal requests (e.g., court orders, government requests).
  • Business Transfers: In connection with a merger, acquisition, or asset sale, subject to confidentiality agreements.
  • With Your Consent: For any other purpose with your explicit consent.

We do not share your raw, identifiable Imported E-commerce Data with third parties, except as necessary with infrastructure providers (such as Google Cloud Platform / BigQuery for data storage and processing) under strict confidentiality and data processing agreements for Service provision.

7. Data Security

We implement appropriate technical and organizational security measures (including encryption, access controls) designed to protect your personal information. However, no internet transmission or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information only for as long as necessary for the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Account Information (Email, Name): Retained while your account is active, then as required for legal obligations.
  • Subscription Data (Stripe IDs, Status): Retained while your subscription is active and for a necessary period afterwards for financial records and compliance (e.g., 7 years for tax purposes).
  • Imported E-commerce Data: Stored persistently in our cloud database (Google BigQuery) until you choose to delete it via the Data page in your dashboard, or until your account is closed. Upon account deletion, all associated Imported Data is permanently removed within 30 days.
  • Anonymized Data for Improvement (Non-GA): May be retained longer as it does not identify individuals.
  • Usage Data & Logs: Retained for a limited period (e.g., up to 12 months) for security and analysis.

9. International Data Transfers

Your information may be processed by us or our service providers outside the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards (like Standard Contractual Clauses or adequacy decisions) are in place to protect your data according to GDPR standards. Our primary operations are in Poland/EU.

10. Cookies and Tracking Technologies

We use cookies and similar technologies. Essential cookies are used based on legitimate interest. Performance and functionality cookies are used based on your consent, which you can manage via our cookie banner or your browser settings. Blocking essential cookies may affect site functionality.

11. Your Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to access, rectify, erase, restrict, object to processing, and port your personal data. You can also withdraw consent and lodge a complaint with your local data protection authority or the Polish DPA (UODO): https://uodo.gov.pl/

12. How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at hello@affinsy.com. We will respond to your request within one month.

13. Children's Privacy

Our Service is not for children under 18. We do not knowingly collect data from children under 18. If you believe we have, please contact us so we can remove it.

14. Changes to This Privacy Policy

We may update this policy from time to time. Changes are effective when posted on this page. We will update the "Last Updated" date and may provide additional notice for material changes. Please review this policy periodically.

15. Contact Us

If you have questions about this Privacy Policy, please use the following details:

APUS DATA Mateusz Jerzyk

Email: hello@affinsy.com

Affinsy LogoAffinsy

AI-powered e-commerce analytics to increase AOV & LTV through smart bundling and customer segmentation.

Free Tools
Company
Resources
Made with `ღ´ around the world by © 2026 Affinsy