Data Controller:
edge-tech s. r. o.
Slovak Republic
adam.horvath@edge-tech.sk

We comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

We collect and process the following categories of data:

• Account Information: name, email address, organization, and authentication identifiers (e.g., Microsoft account ID).
• Subscription & Billing Data: payment details, billing address, and transaction history (processed via secure third-party providers such as Stripe).
• Usage Data: interactions within the Service, log files, error reports, and device or browser type.
• Storage Integrations: file names, metadata, and links when connecting to Microsoft OneDrive or other storage providers. Attachment Flow never reads or stores your actual file content unless required to complete an explicit upload or action you initiate.

We use personal data to:

• Provide, operate, and improve the Service
• Authenticate users and maintain account security
• Process payments and manage subscriptions
• Communicate updates, support, and service notices
• Comply with legal obligations and prevent misuse

We do not sell or rent personal data to any third parties.

We process personal data under one or more of the following legal bases:

• Contract performance: to deliver the Service you requested
• Legal obligation: to comply with tax, billing, and record-keeping laws
• Legitimate interests: to improve our Service and prevent fraud
• Consent: where you explicitly agree (e.g., marketing emails, optional analytics)

We may share limited data with trusted third-party providers who help us operate Attachment Flow, such as:

• Microsoft, for authentication and file operations via Microsoft Graph.
• Stripe, for processing payments securely.
• Hosting and analytics providers, for maintaining and improving the service.

Each of these providers processes data in compliance with their own GDPR-compliant data processing agreements, which apply automatically when we use their services. We do not share personal data with any other third parties for marketing or unrelated purposes.

If we transfer personal data outside the European Economic Area (EEA), we rely on adequate safeguards, such as the EU Standard Contractual Clauses or equivalent legal mechanisms.

We retain personal data only as long as necessary for the purposes described above or as required by law. When you close your account, we delete or anonymize your data within a reasonable time, except for billing and legal records that must be retained.

Under GDPR, you have the following rights:

• Access – obtain a copy of your personal data
• Rectification – correct inaccurate or incomplete data
• Erasure – request deletion of your data (“right to be forgotten”)
• Restriction – limit how we process your data
• Portability – receive your data in a structured, machine-readable format
• Objection – object to processing based on legitimate interests
• Withdrawal of consent – when processing is based on consent

To exercise these rights, contact us at adam.horvath@edge-tech.sk. We respond within one month. You also have the right to lodge a complaint with your local Data Protection Authority.

We use industry-standard measures to protect data, including encryption in transit (TLS), access controls, and secure storage. While no online service can guarantee absolute security, we continuously monitor and improve our protection measures.

Attachment Flow uses Microsoft Graph API and other APIs to access your data in Microsoft 365 services (e.g., OneDrive, Outlook). Access is strictly limited to the permissions you grant and is used solely to perform the requested actions. We do not store tokens or file content longer than necessary to complete those actions.

The Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us for removal.

We may update this Privacy Policy from time to time. Material changes will be announced via the Service or email before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: adam.horvath@edge-tech.sk