STEFIT.IO LogoSTEFIT.IOInquire
Legal Documentation

Privacy Policy

Last updated: March 3, 2026

1. Privacy First Pledge

We respect your attention and your right to privacy. This website is designed to be minimized not just in aesthetics but in data footprint. We subscribe to a strict "Zero-Tracker" philosophy.

  • 01.No Tracking Cookies: We do not use cookies to track your behavior across the internet. Our clean architecture avoids setting any persistent tracking cookies on your device.
  • 02.No Third-Party Analytics: We do not send your data to Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or other data brokers.
  • 03.No Behavioral Profiling: We do not build a profile of your interests for advertising purposes.

2. Data Controller

The administrator of your personal data is STEFIT Sp. z o.o. with its registered office in Warsaw, Poland.

STEFIT Sp. z o.o.

ul. Złota 75A lok. 7

00-819 Warszawa, Poland

VAT ID: PL5273137930

KRS: 0001136373

You can contact us regarding privacy matters at: [email protected]

3. Data We Collect & Purpose

A. Inquiry Form (Direct Email Transmission)

When you use the "Inquire" form, you voluntarily provide us with your Data: Business Email Address, Project details (Service & Scale), and message content.

Note: Following our privacy-first philosophy, we do not store your inquiry in any web-accessible database. Your message is transmitted directly to our secure business email infrastructure.

Purpose: To answer your question, conduct a preliminary analysis of your challenge, present an offer, or initiate a B2B relationship.
Legal Basis: Art. 6(1)(b) and (f) GDPR: Legitimate Interest.

Retention: We keep email correspondence to maintain communication continuity and context. You have the right to request the permanent deletion of your messages at any time.

B. Technical Access Logs

Like all websites, our hosting server (Google Firebase) automatically records access logs containing your IP address, browser type, and timestamp.

Purpose: To ensure the security and stability of the system, protect against DDoS attacks, and diagnose technical errors.
Legal Basis: Art. 6(1)(f) GDPR: Security of Network and Information.

4. Local Assets & Fonts

To further protect your privacy, this website is architected to be self-contained.

  • No Cloud Fonts: We do not use Google Fonts or other third-party font providers. All typography is served locally from our own domain to prevent IP addresses from being tracked by external providers.
  • Static Assets: All images and icons are served from our secure infrastructure.

5. External Links

Our website contains links to social media platforms (e.g., LinkedIn). When you click on these links, you will be redirected to their platforms. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review their privacy policies before providing any data.

6. Voluntary Data Provision

Providing personal data is voluntary but necessary to use the contact form and receive a response. Failure to provide data will result in the inability to process your inquiry.

7. Data Recipients

We work with trusted technical partners who process data on our behalf (Data Processors) to maintain operations. We strictly limit data transfer to only what is necessary:

  • Cloud & Hosting Infrastructure Providers (USA/EU) – to securely host our applications and monitor system stability.
  • Communication & Email Service Providers (USA/EU) – to securely process, receive, and store business inquiries.
  • Security & Anti-bot Providers (USA/EU) – to protect our forms and infrastructure from malicious actors.

We ensure that all our partners are bound by strict Data Processing Agreements (DPA). Any international transfers (e.g., to the USA) are safeguarded by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCC).

8. Security Measures

We implement technical and organizational measures to protect your data against unauthorized access, loss, or misuse. These include:

  • Encrypted connections (SSL/TLS) for all data transmission.
  • Strict access control to internal systems (MFA protected).
  • Hosting on enterprise-grade infrastructure (Google Cloud).

9. Your Rights

You remain in control of your data. Under GDPR, you have the right to:

  • Access your data
  • Rectify incorrect data
  • Delete data ('Right to be forgotten')
  • Restrict processing
  • Object to processing
  • Transfer your data

To exercise these rights, simply email us at [email protected].

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland if you believe we are processing your data unlawfully.

10. Children's Privacy

Our services are strictly Business-to-Business (B2B) and are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently received personal information from a minor, we will delete such information from our records.

11. International Residents (USA, UK, UAE)

Our servers and headquarters are located in the European Union (Poland) and adhere to the strict standards of GDPR.

If you are accessing this site from outside the EU (e.g., USA, UK, UAE), note that your information may be transferred to, stored, and processed in Poland. By using our services, you consent to this transfer. We ensure that your data receives the same high level of protection as required by GDPR, regardless of your location.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The date at the top of this policy indicates when it was last updated.