Privacy Policy
Last updated: 1 January 2025
This Privacy Policy explains how MyFlat collects, uses, and protects personal data. We are committed to transparency and to complying with the EU General Data Protection Regulation (GDPR) and applicable Polish data protection law.
1. Who We Are
MyFlat (operated by MyFlat Sp. z o.o., Warsaw, Poland) is a property management SaaS platform. We are the data controller for the personal data we collect directly from you. Your company (the property management company using MyFlat) may be the controller for resident data processed through the platform.
2. What Data We Collect
We collect: (a) Account data — name, email, phone, company details; (b) Usage data — pages visited, features used, IP address, browser type; (c) Content data — complaints, messages, events, and other content you create on the platform; (d) Payment data — processed by our payment provider; we do not store card numbers.
3. How We Use Your Data
We use your data to: provide and improve the Service; send transactional emails (account setup, notifications); provide customer support; detect and prevent fraud or abuse; comply with legal obligations; and with your consent, send marketing communications. We do not sell your personal data to third parties.
4. Legal Basis (GDPR)
For EEA/UK users, we process data under the following bases: contract performance (providing the Service); legitimate interests (improving the Service, fraud prevention); consent (marketing emails, analytics cookies); and legal obligation (tax records, law enforcement requests).
5. Data Sharing
We may share data with: cloud infrastructure providers (AWS, Google Cloud); payment processors (Stripe); analytics providers (anonymised); and law enforcement when required by law. We require all processors to maintain adequate security and process data only on our instructions.
6. Data Retention
We retain account data for as long as your subscription is active, plus 12 months. Resident data managed through the platform is retained per your company's configuration. Logs and analytics data are kept for up to 24 months. You can request deletion at any time.
7. Your Rights
You have the right to: access your personal data; correct inaccurate data; request deletion ('right to be forgotten'); restrict or object to processing; receive your data in a portable format; and withdraw consent at any time. Submit requests to privacy@myflat.io. We respond within 30 days.
8. Cookies
We use essential cookies (required for the Service to function), functional cookies (preferences), and optional analytics cookies. You can manage cookie preferences via our cookie banner. Rejecting non-essential cookies will not affect core functionality.
9. International Transfers
Your data is primarily stored in the EU. If we transfer data outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
10. Security
We implement industry-standard security measures including TLS encryption in transit, encryption at rest, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure.
11. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy. We will notify you of significant changes by email or in-app notice at least 30 days before they take effect.
13. Contact & DPO
For privacy questions or to exercise your rights, contact us at privacy@myflat.io or write to: MyFlat Sp. z o.o., Złota 44, 00-120 Warsaw, Poland. You also have the right to lodge a complaint with the Polish Data Protection Authority (UODO).