📖 Browse Documentation

Getting Started

Features

Troubleshooting

Legal

Privacy Policy

PRIVACY POLICY

(hereinafter: "Privacy Policy")

1. Introduction

1.1. Purpose and characteristics of Privacy Policy

Your privacy is very important to Service Provider because you give him your information in confidence, and the services he offers rely on it. This document explains what information is collected by the NotiCord application ("Application" as defined in the Terms of Use) and by the Service Provider while providing Services ("Services" as defined in the Terms of Use - especially services of support and feedback) - how Service Provider secures it, how and why it uses it, and what rights you have in connection with it.

1.2. Who is the Controller?

The controller of your personal data is Łukasz Wiatrak, doing business as "Łukasz Wiatrak Firnity" (the "Service Provider" as defined in the Terms of Use) with its registered seat in Kraków (address: ul. Zamknięta 10, loc. 1.5, 30-554 Kraków, Poland), having Tax Identification Number (NIP): 5130127144 and Statistical Number (REGON): 520124248 (hereinafter referred to as "Service Provider"). You can contact Service Provider by phone: +48 693 066 020, and also via e-mail at: contact@firnity.com.

Controller / Processor roles. For Personal Data flowing between Notion and Discord via the Application (including page content and properties, Discord messages and command inputs, user identifiers, delivery logs, and identity links), the User (Customer) is the Controller and Service Provider is the Processor acting on the User's documented instructions, as set out in the Data Processing Addendum (DPA). Service Provider is an independent Controller for account administration, subscription and invoicing data, support communications, service telemetry under its control, and marketing lists (where lawful). The Parties acknowledge they are not joint controllers for the data flows processed by the Application; the Service Provider acts solely as Processor to the User for those flows.

1.3. Who does Privacy Policy apply to?

Privacy Policy applies to Users, as defined in our Terms of Use, meaning any business entity or organization that purchases, accesses, or uses Application for business purposes, including individuals acting on behalf of such entities.

If a User grants access to Application and Services to User's related entities (Personnel and User's Clients as defined in Terms of Use), Service Provider processes their Personal Data as Processor for integration flows, and as Controller only for the Service Provider's own administrative/support/telemetry/marketing records.

By using Application and related Services, the User acknowledges that they have read and understood this Privacy Policy. If the User does not agree with its terms, they must refrain from using Application and Services.

1.4. Definitions

Capitalised terms in this Privacy Policy have the meanings given to them in this document or in the Terms of Use. In case of inconsistency, the meaning given here prevails.

2. How and why Your Personal Data is processed?

2.1. Reasons for Personal Data Processing

Service Provider processes your personal data in order to perform the Agreement between him and you with respect to accessing the functionality of Application and providing Services, as well as to fulfil tax obligations and accounting requirements.

Your personal data may also be processed for marketing purposes if you have consented to Service Provider sending you commercial information.

2.2. How does Service Provider use Personal Data?

Service Provider uses Personal Data to:

2.2.1. Facilitate integration: enable seamless communication and task management between Discord and Notion for User's organization, including displaying user information and page content in notifications and messages sent to Discord.

2.2.2. Create tasks and pages in Notion: transmit the content submitted in Discord to the connected Notion workspace to create corresponding tasks or pages.

2.2.3. Process webhook notifications: receive and process notifications from Notion when pages are created or updated, and post relevant information to Discord channels based on User's configured notification rules.

2.2.4. Identity linking: connect Discord user identities with Notion user accounts to enable personalized mentions and task assignments.

2.2.5. Provide support and improve services: respond to support requests and enhance Application based on user feedback.

2.2.6. Marketing: send you commercial information, if you have given your express consent.

3. Which Personal Data are processed?

Service Provider processes only the minimum Personal Data necessary to provide and improve Application and related Services or for marketing purposes. This may include:

3.1. Data from Notion

3.1.1. Notion User Display Names and User IDs: retrieved from User's Notion workspace and used within Application to facilitate communication between Notion and Discord, including for identity linking and mentions.

3.1.2. Notion Page Content: includes page titles, properties, and other field values processed by Application, which may contain Personal Data.

3.1.3. Notion Database Information: database names, property definitions, and structure information used to configure notification rules and display options.

3.2. Data from Discord users

When Discord users interact with Application to create tasks or pages in Notion, or use other Application features, Service Provider processes:

3.2.1. Discord User IDs, User Names, Discord Messages and Bot Command Values: includes any content submitted, such as task descriptions, page content, and attachments, which may contain Personal Data.

3.2.2. Discord Server Information: server (guild) ID, server name, and channel information used to route notifications and configure Application.

3.3. Authentication and Identity Data

3.3.1. Auth0 Authentication Data: email address, Discord user ID, and authentication tokens provided through Auth0 authentication service to enable secure access to Application dashboard.

3.3.2. Identity Links: associations between Discord user IDs and Notion user IDs created when users link their accounts for personalized features.

3.4. Subscription and Payment Data

3.4.1. Stripe Customer Information: payment-related data processed by Stripe, including customer ID and subscription status. Service Provider does not store credit card information - all payment data is handled by Stripe.

3.4.2. Usage Data: notification counts, rule usage, and quota tracking information used for subscription management and billing.

3.5. Other Services (support and feedback) data

While providing support and improving Services, Service Provider may collect Personal Data that User voluntarily provides, such as:

3.5.1. Support Request Information: when User contacts Service Provider for support, we collect User's name, email address, and any other Personal Data provided during communications.

3.5.2. Feedback and Communications: any information User provides when giving feedback or communicating directly with Service Provider.

3.6. Marketing data

If you have given consent for receiving marketing content (commercial information), Service Provider may collect Personal Data that you have provided, such as:

3.6.1. Contact information, especially e-mail address, user's name or any other Personal Data provided with the consent.

4. To whom Your Personal Data is exposed?

4.1. Sub-processors and entrusting Personal Data

Service Provider may engage trusted third-party service providers (Sub-processors) to assist in delivering Application and related Services. These Sub-processors process Personal Data on behalf of Service Provider and are contractually obligated to maintain data security and confidentiality. Sub-processors include Microsoft Azure (hosting) and Auth0 (authentication). A list of Sub-processors is available on the Sub-Processors page.

4.2. Third-party platforms

Personal Data may be sent to Third-Party Platforms strictly on the User's instructions via the Application. Those platforms process such data under their own terms with the User, and are not the Service Provider's sub-processors. User's organization is responsible for ensuring that such transfers comply with applicable data protection laws.

4.2.1. Discord and Notion: These platforms are selected and controlled by the User. Their role (controller or processor) vis-à-vis the User is determined by the User's agreements with those platforms. The Application transmits data between them according to User's configuration, but Service Provider has no control over processing within those platforms. Once transferred, Service Provider has no control over how these platforms process, store or secure the data.

4.2.2. Payment Service Provider (Stripe): Stripe processes subscription payments. Stripe's role as controller and/or processor is governed by Stripe's own privacy notices and DPA. Service Provider does not store credit card information.

4.3. International Data transfers

While Service Provider stores and processes Personal Data within the EU, data transferred to third-party platforms (e.g., Discord, Notion) or Payment Service Providers (e.g., Stripe) may be stored outside the EU. The User's organization is responsible for ensuring appropriate safeguards are in place for such international data transfers.

4.4. Legal Obligations

Service Provider may disclose Personal Data when required to do so by law or to comply with legal obligations, such as responding to court orders, legal processes or governmental requests.

5. Period of processing

The period of processing depends on the nature of the data and the requirements of User's organization. Upon termination of Agreement or at the request of User's organization, Service Provider will delete Personal Data in accordance with the terms outlined below. The specific periods are:

5.1. Basic period of processing

We will process data related to your use of Application, necessary to grant you access to the full functionality of Application and Services, for the entire period of your use of Application. Also, if you have any legal or contractual rights, we must process your personal data for as long as they last so we can assist you if necessary.

5.2. Period of processing for tax purposes

In addition, we will process your personal data for as long as necessary for tax purposes (according to current Polish law, five years from the end of the year in which the tax obligation arose).

5.3. Period of processing for marketing purposes

Processing of your data for sending commercial information based on consent continues until you withdraw your consent.

5.4. Event log retention

Event log data (including notification delivery records and usage metrics) will be retained for 30 days for quota audits, debugging purposes, and service improvement.

5.5. Self-service deletion

Users may request deletion of their Personal Data at any time by using the self-service account deletion feature available in Application settings, or by contacting Service Provider at contact@firnity.com.

6. Legal basis of processing and security measures

6.1. Legal basis for processing (performance of the contract)

The legal basis for processing your personal data is Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject's request prior to entering into a contract) and Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject).

Another legal basis is Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party). This legitimate interest is the ability to prove, in the event of a dispute, the content of the contract and that it was performed properly.

6.2. Legal basis for processing (marketing purposes)

If you have consented to receiving marketing content, the legal basis for processing is Article 6(1)(a) GDPR (the data subject has given consent). You may withdraw your consent at any time (without affecting the lawfulness of processing carried out before withdrawal) by unchecking the appropriate checkbox in your account settings.

6.3. Legal basis for processing (legal obligations)

Processing may also be necessary to comply with legal obligations (Article 6(1)(c) GDPR).

6.4. Service Provider as Processor

When acting under the DPA, Service Provider processes Personal Data on behalf of the User's organization, which is the Controller.

6.5. Security measures

Service Provider is committed to protecting Personal Data and implements appropriate technical and organisational measures to safeguard it against unauthorised access, alteration, disclosure or destruction. These measures include:

6.5.1. Data Encryption: Personal Data is encrypted both in transit and at rest.

6.5.2. Access Controls: strict controls limit access to Personal Data to authorised personnel only.

6.5.3. Regular Security Assessments: Service Provider conducts regular reviews and assessments of security practices.

6.5.4. Secure Hosting: Personal Data is hosted on secure servers within the EU with reputable providers such as Microsoft Azure.

6.5.5. Authentication Security: User authentication is handled through Auth0, a trusted authentication platform with industry-standard security measures.

6.5.6. Payment Security: Payment information is processed exclusively by Stripe and is not stored by Service Provider. All payment transactions use Stripe's PCI DSS compliant infrastructure.

7. How to exercise Your rights?

7.1. Range of rights

Service Provider is committed to ensuring that you are satisfied with your cooperation with us. Remember that you have a number of rights that allow you to influence how we process your personal data and, in some cases, cause us to stop such processing. These rights are:

7.1.1. Right of Access: To request confirmation of whether Personal Data is being processed and to access that data - regulated by Article 15 of GDPR.

7.1.2. Right to Rectification: To request correction of inaccurate or incomplete Personal Data - regulated by Article 16 of GDPR.

7.1.3. Right to Erasure: To request deletion of Personal Data under certain circumstances - regulated by Article 17 of GDPR.

7.1.4. Right to Restrict Processing: To request limitation on the processing of Personal Data under specific conditions - regulated by Article 18 of GDPR.

7.1.5. Right to Data Portability: To receive Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller - regulated by Article 20 of GDPR.

7.1.6. Right to Object: To object to the processing of Personal Data based on legitimate interests - regulated by Article 21 of GDPR.

To exercise any of these rights, please contact Service Provider by e-mail at contact@firnity.com or by phone at +48 693 066 020. For security reasons, Service Provider may need to verify your identity.

Alternatively, you may use the self-service account deletion feature available in Application settings to exercise your right to erasure.

Where Service Provider receives a request from a data subject regarding processing performed as a Processor, Service Provider will promptly forward the request to the relevant User (Customer) and assist the User in responding, in accordance with the DPA.

7.2. Complaint to the supervisory authority

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes UODO) - https://uodo.gov.pl/. A list of other EU authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

8. Final provisions

8.1. Is providing data necessary to enter into an Agreement?

We collect your personal data to the extent necessary to conclude and perform the Agreement. Some data are also necessary for us to fulfil legal obligations (tax, accounting). Failure to provide the required data will make it impossible to conclude and perform the Agreement.

8.2. Where does Service Provider get your personal data from?

We obtain personal data from the following sources:

  • Directly from you when you create an account, configure Application, or use Services,
  • From Discord when you authenticate via Auth0 or use Discord commands,
  • From Notion when you authorize Application to access your workspace,
  • From Stripe when you subscribe to paid services,
  • From your organization (User) when they grant you access to Application as Personnel or User's Client.

8.3. Special category data and children

The Application is not intended to process special categories of data (Article 9 GDPR) or data about children under 16. Users must not use the Application to process such data unless they have established a lawful basis and appropriate safeguards and have informed Service Provider in writing.

8.4. Changes to Privacy Policy

Service Provider reserves the right to update or modify this Privacy Policy at any time. Any changes will be sent to Users via e-mail. Continued use of Application and Services 30 days after notification constitutes acceptance of the revised Privacy Policy. Disapproval may be expressed by discontinuing use of Application in accordance with the Terms of Use.

Last updated: [TO BE UPDATED]