Privacy Policy

1. Who we are

Recofy is operated by Bc. Martin Vlasák, an individual entrepreneur (OSVČ) registered in the Czech Republic under Company ID (IČO) 69530319, with registered office at Studnická 2115/53, Horní Počernice, 193 00 Praha 9, Czech Republic ("Recofy", "we", "us"). We provide an AI-powered product recommendation service for e-commerce stores on the Shoptet platform.

Contact:

• Email: support@recofy.cz
• Address: Studnická 2115/53, Horní Počernice, 193 00 Praha 9, Czech Republic
• Data Protection Officer: Not appointed (we do not meet GDPR Art. 37 thresholds; data subject inquiries are handled directly by the operator at support@recofy.cz)

2. Who this policy applies to

• Merchant data: information about e-shop operators who install Recofy.
• End-user data: information about visitors of e-shops that use Recofy (anonymized identifiers, never personal identification).
• Google user data: data accessed via Google APIs (specifically Google Analytics 4) with explicit merchant consent.

3. What data we collect

3.1 From merchants

• Identification: Shoptet shop ID, e-shop domain, primary email.
• Authentication: encrypted Shoptet OAuth tokens (AES-256-GCM at rest).
• Billing: handled by Stripe (Stripe is the controller for payment data; we receive only customer ID, subscription status, and invoice references).
• Communication: support emails (retained for 24 months).

3.2 From end-users of merchant e-shops (anonymous visitors)

• Anonymous visitor ID (_vtx_vid cookie, 12 months) — random UUID, not linked to any personal information.
• Browsing events — page views, clicks on recommended products, add-to-cart, purchase events. All events are tied to the anonymous visitor ID, never to a person.
• Product context — which product page was viewed, which products were recommended.

We do not collect: names, emails, phone numbers, IP addresses (received in HTTP headers but not logged or stored), browser fingerprints, demographics, or precise geolocation.

3.3 From Google APIs (with merchant consent)

When a merchant connects their Google Analytics 4 property, we access:

• List of GA4 properties the merchant has access to (Google Analytics Admin API).
• Historical events of types view_item, add_to_cart, and purchase from the selected property over the past 90 days (Google Analytics Data API).
• OAuth refresh token to maintain the connection (encrypted at rest with AES-256-GCM).

We do not access: user-level personal data, demographics, campaign or source/medium attribution, revenue breakdowns, conversions outside purchase, custom audiences, or any other GA4 dimensions.

Limited Use disclosure (Google API): Recofy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use the data only to provide the cold-start feature for our recommendation models. We do not transfer the data to third parties except as needed to operate the feature (Google Cloud Vertex AI Retail). We do not use the data for advertising. We do not allow humans to read the data, except (a) with the merchant's explicit consent for support, (b) for security purposes, (c) to comply with applicable law, or (d) for internal operations on aggregated/anonymized data.

4. How we use the data

End-user browsing events are processed only with consent obtained via the merchant's Consent Management Platform. If consent is denied or not given, the Recofy widget and tracker do not set any cookies and do not collect events.

5. How long we keep the data

• Merchant account — Lifetime of subscription + 12 months
• Anonymous browsing events — 6 months (rolling, automated deletion via PostgreSQL partitioning)
• Encrypted Shoptet & Google tokens — Until disconnection or 12 months after last use
• Billing records — 10 years (CZ accounting law)
• GA4 imported events (in Vertex AI Retail) — Lifetime of merchant account, deleted within 30 days of disconnection request
• Support emails — 24 months

6. Sub-processors

Sub-processors are bound by Data Processing Agreements (DPAs) consistent with GDPR Art. 28.

7. International transfers

Most processing occurs within the EU. Stripe processes payment data partially in the US under the EU–U.S. Data Privacy Framework (adequacy decision). Other sub-processors operate in the EU only.

8. Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, portability, and to object. You can lodge a complaint with the Czech DPA (www.uoou.cz). To exercise these rights, contact support@recofy.cz — we respond within 30 days.

9. Security

• All data in transit is encrypted with TLS 1.3.
• All authentication tokens are encrypted at rest using AES-256-GCM with keys stored in Google Cloud Secret Manager.
• Database access is restricted to a service account with logged operations.
• Production deployment runs on Google Cloud Platform with automatic security patches.

10. Cookies

Recofy uses one anonymous cookie (_vtx_vid) on merchant e-shops, only after the visitor consents via the merchant's cookie banner. The cookie contains a random UUID (no personal information) with a 12-month lifetime.

The recofy.cz website itself uses only essential cookies and a cookie banner.

11. Changes to this policy

Material changes will be notified to merchants by email at least 14 days before they take effect. The current version is always at recofy.cz/privacy-en.

12. Disconnecting Google Analytics

A merchant can disconnect their GA4 integration at any time from the Recofy admin dashboard. Disconnection:

1. Revokes the refresh token (we call Google's OAuth revocation endpoint).
2. Deletes the encrypted token and connection metadata from our database.
3. Imported events remain in Vertex AI Retail for the lifetime of the account; they can be deleted on request to support@recofy.cz within 30 days.