Iskrena

Legal

Privacy Policy

How Iskrena Technologies collects, uses, and protects your personal data — fully compliant with the EU General Data Protection Regulation (GDPR).

Last updated: April 2026·GDPR compliant

This Privacy Policy explains how Iskrena Technologies LLC (“Iskrena”, “we”, “us”, or “our”) processes personal data in connection with our website iskrenatech.com and our services. We are established in Bulgaria and operate within the European Union. This policy is governed by the EU General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Data Controller

The data controller responsible for personal data processed through this website and our services is:

Iskrena Technologies LLC

European Trade Centre, Sofia 1784, Bulgaria

Email: info@iskrenatech.com

Phone: +359 897 980 391

Registered and operating under Bulgarian commercial law.

2. Data We Collect

2.1 Data you provide directly

When you use our contact form, we collect: Full nameEmail addressCompany name (optional)Message content. When you book a strategy call via Calendly, Calendly collects your name, email address, and scheduling preferences under their own privacy policy.

2.2 Data collected automatically

When you visit our website, we may collect: IP addressBrowser type and versionDevice type and operating systemPages visited and time spentReferring URLGeneral geographic location (country/city level). This data is collected through server logs and any analytics tools we operate.

2.3 Data collected through client projects

When you engage us for a project (Website, Webshop, or WebApp), we may process business contact data, project briefs, brand materials, and other information you share to fulfil the engagement. This data is processed under our contract with you (see Section 4).

We do not collect sensitive personal data (special categories under GDPR Article 9) and we do not use automated decision-making or profiling.

3. How We Use Your Data

Responding to contact form enquiries

Legitimate interest / Pre-contractual steps

Scheduling and conducting strategy calls

Pre-contractual steps / Contract performance

Delivering project services (design, development, deployment)

Contract performance

Sending project updates, invoices, and deliverables

Contract performance

Website analytics and performance monitoring

Legitimate interest

Legal compliance and record-keeping

Legal obligation

Protecting our rights in case of disputes

Legitimate interest

We do not sell, rent, or otherwise commercially exploit personal data to third parties.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal grounds:

6(1)(a) — Consent

Where you have freely given consent, for example by submitting a contact form or opting into communications.

6(1)(b) — Contract performance

Processing necessary to perform a contract with you, or to take pre-contractual steps at your request (e.g. preparing a project proposal).

6(1)(c) — Legal obligation

Processing necessary to comply with applicable Bulgarian and EU law (e.g. accounting records, tax obligations).

6(1)(f) — Legitimate interests

Processing for our legitimate business interests where these do not override your rights and freedoms (e.g. website security, analytics, direct follow-up to an enquiry).

5. Data Retention

Contact form enquiries2 years from last contact

To follow up on potential projects and maintain a record of communications.

Client project data7 years

Bulgarian accounting law requires retention of business records for 7 years from contract completion.

Website analytics data26 months (rolling)

Standard analytics retention window for trend analysis and performance monitoring.

Email correspondence5 years

To maintain a record of project discussions, scope agreements, and deliverable confirmations.

After the applicable retention period, personal data is securely deleted or anonymised.

6. Third Parties & Sub-Processors

We use a limited number of trusted sub-processors to operate our services. Each is bound by appropriate data processing agreements and, where applicable, by GDPR-compliant safeguards.

Calendly
USA (SCCs / adequacy)Scheduling platform

Used when visitors book a strategy call. Calendly collects name, email, and scheduling data under their own privacy policy.

calendly.com/privacy
Vercel
USA / Global (SCCs)Web hosting & CDN

Our website is deployed on Vercel infrastructure. Vercel may process visitor IP addresses through edge network logs.

vercel.com/legal/privacy-policy
Supabase
EU region availableDatabase & backend (client projects)

Used as the database layer in client web apps and webshops. Project-specific data is stored per client agreement.

supabase.com/privacy
Stripe
USA / EU (SCCs)Payment processing

Used for payment processing in client webshops and for our own invoicing. Stripe is PCI DSS Level 1 certified.

stripe.com/privacy
Nodemailer / SMTP
As configured by deploymentContact form email delivery

Form submissions are relayed via configured SMTP. No message content is retained by us beyond the inbox it delivers to.

We do not share personal data with third parties for their own marketing purposes.

7. International Data Transfers

Some of our sub-processors (Calendly, Vercel, Stripe) are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework (DPF), where the recipient is certified
  • Binding Corporate Rules or other approved transfer mechanisms

You may request a copy of the transfer safeguards applicable to your data by contacting us at info@iskrenatech.com.

8. Cookies & Analytics

8.1 What we use

Our website may use a minimal set of cookies and similar technologies for:

  • Session management (strictly necessary — no consent required)
  • Analytics (performance cookies — consent required where applicable)
  • Embedded third-party content such as Calendly widgets (functionality cookies)

8.2 Managing cookies

You can control and delete cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For browsers: Chrome → Settings → Privacy and Security → Cookies; Firefox → Options → Privacy and Security; Safari → Preferences → Privacy.

8.3 Analytics

Any analytics we operate are configured to anonymise IP addresses, respect Do Not Track headers, and retain data for no longer than 26 months. We do not use analytics data to identify individual users.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. You may exercise any of them at any time by contacting us at info@iskrenatech.com. We will respond within 30 days of receipt.

Right of Access (Art. 15)

Obtain confirmation of whether we process your data, and receive a copy of that data.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten") where no overriding legal ground exists.

Right to Restrict Processing (Art. 18)

Request that we limit how we use your data while a dispute is resolved.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format to transfer to another controller.

Right to Object (Art. 21)

Object to processing based on legitimate interests. We will cease unless we demonstrate compelling grounds.

Right to Withdraw Consent (Art. 7)

Where processing is based on consent, withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint

File a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) at cpdp.bg or your local supervisory authority.

We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline the request with justification.

10. Minors

Our website and services are directed solely at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at info@iskrenatech.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the “Last Updated” date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services after an updated policy has been posted constitutes acceptance of the updated terms, to the extent permitted by applicable law.

12. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us:

Iskrena Technologies LLC

European Trade Centre, Sofia 1784, Bulgaria

Email: info@iskrenatech.com

Phone: +359 897 980 391

If your complaint is not resolved to your satisfaction, you have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP): cpdp.bg, or with the data protection authority of your EU member state.

View Terms of Service →Contact us