Privacy Policy

1. Information We Collect and Process

Guided by the principle of data minimization, we process only the information that is absolutely necessary for the stable operation and functionality of the application:

• Basic profile information: Your name and email address (provided upon registration).
• Location data (IP address): When you access the site, we temporarily process your IP address to automatically detect your country and adjust the interface language and regional settings (locale).
• Passwordless authentication: Our system does not use or store passwords. Account access is granted exclusively through secure magic links or external OAuth providers.

2. Legal Basis and Purpose of Processing

Under the GDPR, we process your data based on the following legal grounds:

• Performance of a contract: Processing your name and email address is necessary to allow you to create an account and use the Plexo platform.
• Legitimate interest: Processing your IP address for localization (language selection) and system security represents our legitimate interest in providing you with an optimal and secure user experience.

3. Data Sharing and Third-Party Processors

We do not sell, rent, or share your personal data with third parties for marketing purposes. To operate the platform, we use carefully selected external services that apply high security standards:

• Payment Processing: We do not collect or store your credit card information. All payments, tax collection, and invoicing are securely handled by our authorized Merchant of Record, Lemon Squeezy.
• Email Delivery: We use Google services to deliver system messages, notifications, and login links.
• Localization (Geolocation): Country recognition based on your IP address is performed using the MaxMind GeoLite2 database. This processing is executed entirely locally on our servers, and your IP address is never sent to MaxMind or any other third party.

4. Analytics and Tracking

To monitor visits and analyze how users interact with the site, we use Umami Analytics. Umami is a privacy-focused platform that does not use cookies, does not track users across other websites, and does not collect any personally identifiable information. All statistical data is completely anonymized and aggregated.

5. International Data Transfers

Because we utilize a global infrastructure (such as Google and Lemon Squeezy services), your data may be transferred to and processed in countries outside the European Economic Area (EEA), including Serbia and the United States. These transfers are protected by appropriate legal mechanisms, including the European Commission's Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

6. Data Retention

We retain your data only for as long as your user account is active. If you choose to close your account, your name and email address will be permanently and irreversibly deleted from our active servers within 30 days. IP addresses used for locale detection are processed in the system's memory at the time of the visit and are not permanently stored for this purpose.

7. Your GDPR Rights

As a user, you have the following rights at any time:

• The right to access the data we hold about you.
• The right to correct inaccurate or incomplete data.
• The right to erase your data (the "right to be forgotten").
• The right to restrict or object to data processing.
• The right to data portability in a structured format.

To exercise any of these rights, or if you have any questions regarding your privacy, please use the Contact link located in the website footer, which will open a direct chat form with our administrator. You also have the right to lodge a complaint with your local Data Protection Authority.