Legal documents

What we provide, what's prohibited, suspension, term, governing law (Poland — EU jurisdiction).

What we collect, why, how long, who has access. GDPR Art. 6 bases. Right-to-erasure pseudonymisation.

Full GDPR Art. 28 DPA. Subject matter, security measures, sub-processor list, 72h breach notification, data return on termination.

No abuse, no tenant-isolation circumvention, no unauthorised pen-testing. Enforcement procedure.

Session cookie (required). No third-party tracking on the marketing or app site.

RLS isolation, audit chain, encryption, MFA, OIDC/SAML, backups, key management. Honest "not yet" section (SOC 2, ISO 27001).

Cloudflare (CDN/R2/Tunnel), Backblaze B2 (backups), Microsoft Graph (email). 30-day change notification.

When and how Operator engineers may impersonate a User to diagnose a ticket. Three-layer model: Tenant-Admin Approval, Break-Glass (2h cooling), Emergency Access Event. Two-chain audit. Controller controls.

Registered details of the operating entity (METAMORFOZIS GLETSCHMANN sp. j.): legal form, KRS, NIP, REGON, registered office, contact, supervisory authority.