1. Introduction
EUSTAK ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
2. Data We Collect
2.1 Registration Data
- Full name
- Email address
- Business name
- Phone number (optional)
2.2 Financial Data
- Bank transactions (read-only, via bank integration)
- Invoices and receipts (uploaded or synced via email)
- Expense and income categories
- Products and suppliers
2.3 Technical Data
- IP address
- Browser and device type
- Service usage data
- Cookies and similar technologies
3. How We Use Your Data
- Provide service: To process and categorize your financial transactions
- Authentication: To manage your account and ensure security
- Improve service: To analyze usage and improve features
- Communications: To send you daily reports and important notifications
- Support: To respond to your support requests
4. Legal Basis for Processing
We process your personal data based on:
- Consent: When you accept this Privacy Policy
- Contract performance: To provide you with the requested service
- Legitimate interest: To improve the service and ensure security
- Legal obligations: To comply with applicable regulations
5. Data Sharing
We do not sell your personal data. We only share your data with:
- Supabase: For database hosting and authentication (EU - Frankfurt)
- OpenAI: For AI categorization of transactions (only necessary data)
- Google (Gmail): Only if you connect your Gmail account to sync invoices
- Service providers: Only to provide the service (e.g. hosting, email)
- Legal authorities: If required by law
5.1 Transfers outside the EU/EEA
Some providers (e.g. OpenAI for AI categorization) may be located outside the European Union. Where this is the case, we ensure appropriate safeguards under the GDPR (adequacy decisions, EU standard contractual clauses, or other safeguards provided by law).
6. Your Rights (GDPR)
You have the right to:
- Access: Obtain a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data
- Portability: Receive your data in a structured format
- Objection: Object to processing of your data
- Restriction: Restrict processing of your data
- Withdraw consent: Withdraw consent at any time
- Complaint: Lodge a complaint with a supervisory authority (e.g. in Spain the AEPD, in Italy the Garante per la protezione dei dati personali).
To exercise these rights, contact us at: support@eustak.com
7. Data Retention
We retain your personal data only for as long as necessary to provide the service or as required by law. Financial data (invoices, transactions) may be retained for up to 7 years for accounting obligations.
8. Security
We implement technical and organizational security measures to protect your data:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (database)
- Secure authentication
- Limited data access
- Regular backups
9. Cookies
We use cookies to operate the site and improve user experience. For more information, see our Cookie Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or through a notification in the service.
11. Contact
For questions about this Privacy Policy or to exercise your rights, contact us:
Email: support@eustak.com
Data Controller: Eustak
Address: Ibiza, Spain