LEGAL ↘
Privacy Policy
Current as of · 25 May 2026
Your privacy is important to us at Továrna na absolutno s.r.o. (operating as makropulo), with registered office at Korunní 2569/108, 101 00 Prague 10, Czech Republic, ID No. 24383171, registered in the Commercial Register kept by the Municipal Court in Prague under file no. C 439513 (hereinafter "makropulo" or "we"). This policy explains how we handle your personal data in line with Regulation (EU) 2016/679 (GDPR), Act No. 110/2019 Coll. on personal data processing, and other applicable laws.
makropulo is a personal portfolio site at makropulo.com. It is a static showcase, there are no user accounts, no logins, no payments, and no products to subscribe to. The only place where you can actively share personal data with us is the contact form on the homepage. If you have any questions about how we handle your data, write to privacy@makropulo.com. We are not required to appoint a Data Protection Officer under Art. 37 GDPR.
What personal data we process and why
Because the site does so little, this is short.
01 ↘ PURPOSE
Contact form
When you use the "Let's talk" form on the homepage, we store:
- email address, so we can write back to you,
- technical metadata, the URL where the form was submitted from, your browser's user-agent string, a submission ID, and the timestamp of submission. This is recorded automatically by our database (Supabase) and helps us tell genuine submissions apart from spam or automated abuse.
We do not ask for your name, phone number, or any message body, the form is intentionally a one-line "drop us your email" field. If you write anything else in the email you send afterwards, that subsequent email is processed as ordinary correspondence.
The legal basis for processing the email address is performance of a contract or pre-contractual steps at your request (Art. 6(1)(b) GDPR), you submit the form because you want to talk to us. The legal basis for the technical metadata is our legitimate interest in keeping the form functional and free from abuse (Art. 6(1)(f) GDPR).
02 ↘ PURPOSE
Technical operation and security
When you simply visit the site, our hosting and security providers automatically process technical data needed to deliver the page and keep it online:
- access logs, IP address, time of request, requested URL, and HTTP status code,
- device information, browser type and operating system,
- bot-management signals, used by Cloudflare to tell humans apart from automated traffic.
We do not run analytics, advertising, marketing trackers, or session-replay tools on this site. We do not use Google Analytics, Google Tag Manager, Meta Pixel, TikTok Pixel, FullStory, or anything comparable. Details of the strictly-necessary cookies that are set are covered separately in our Cookie Policy.
The legal basis is our legitimate interest in operating the site securely and reliably (Art. 6(1)(f) GDPR).
Recipients of personal data
To run the site we use the third-party providers listed below. We have data-processing agreements in place with each of them. We do not sell your data and we do not pass it to anyone for their own purposes.
| Provider | Location | Services | Policy |
|---|---|---|---|
| Lovable | Sweden, EU | Website hosting and runtime | Privacy Policy |
| Supabase | USA / Ireland, EU region | Database storage for contact-form submissions. Our project runs in an EU region. | Privacy Policy |
| Cloudflare | USA, with EU edge presence | CDN, DDoS protection, and bot management | Privacy Policy |
If a legal obligation or a binding decision of a public authority requires it, recipients may also include those authorities.
Transfers outside the EU/EEA
Primary processing happens inside the European Union, the Supabase project runs in an EU region and Lovable is EU-based. Cloudflare is a US-headquartered provider with European infrastructure; where transfers to the US occur in connection with their services, those transfers rely on the EU-US Data Privacy Framework adequacy decision and, where applicable, on Standard Contractual Clauses approved by the European Commission. We also apply reasonable technical and organisational measures (encryption in transit, access controls) to protect data during any such transfer.
Marketing communications
We do not run newsletters, drip campaigns, or any kind of automated marketing from this site. If you contact us through the form, the reply you receive is one-to-one correspondence, not a marketing list. We will not add your email to any list or send you bulk communications.
How long we keep your data
We keep your personal data only for as long as we need it.
- Contact-form submissions (email + technical metadata), kept for as long as our conversation with you is active, and deleted on request without delay. If a thread goes cold and clearly leads nowhere, we delete the record within 12 months.
- Hosting and security logs, kept by our providers (Lovable, Cloudflare) for as long as their own policies define, typically up to 90 days, for the purpose of operational diagnostics and abuse prevention.
We may exceptionally keep data longer if a law, a public authority, or an active legal dispute requires it. Once that reason falls away, we delete the data without undue delay.
Your rights
We want you to be in control of your data. Under GDPR you have the following rights:
- Access, you can ask what data we hold about you and get a copy.
- Rectification, you can ask us to correct inaccurate data or complete incomplete data.
- Erasure, you can ask us to delete your data when there is no longer a reason to keep it. We cannot erase data we need to keep for legal obligations or to defend legal claims.
- Restriction, you can ask us to temporarily stop using your data, for example while we verify its accuracy.
- Portability, you can ask for an export of the data you gave us, in a machine-readable format.
- Objection, you can object to processing that we base on legitimate interest. When you object, we re-assess that processing.
- Not to be subject to automated decision-making, we do not use automated decision-making or profiling on this site.
To exercise any of these rights, send a request from the email address the data relates to, to privacy@makropulo.com. We will reply without undue delay and at the latest within 30 days; for more complex requests we may extend that period by up to two months and will tell you if we do. Exercising your rights is free of charge, only for manifestly unfounded or excessive requests may we charge a reasonable fee or refuse the request.
If you believe we are processing your data in breach of the law, you have the right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Prague 7, +420 234 514 111, posta@uoou.cz, www.uoou.cz). You can also lodge a complaint with the supervisory authority in another EU member state, the list is on the European Data Protection Board website. We would, however, appreciate the chance to address your concerns first.
Final provisions
We may update this Policy from time to time, particularly when the law, the site, or the way we handle data changes. We will publish material changes here in advance, with a new "Current as of" date at the top. If a change is required by law or by a public authority, the new Policy may take effect immediately.
The site is intended for visitors aged 16 or over. If we discover that the form was used by someone younger than 16, we will delete the related data.
If any provision of this Policy turns out to be invalid or ineffective, the remaining provisions stay in force. This Policy is governed by the laws of the Czech Republic.
GET IN TOUCH ↘
If you have any questions about how we handle your data, feel free to contact us at privacy@makropulo.com.