Privacy & Data Processing Policy
This Privacy Notice explains how Engeto s.r.o. ("Controller", "we", "us") processes personal data of visitors of rutvi.com and users of app.rutvi.com.
Effective date: October 20, 2025
1. Data Controller
Engeto s.r.o. Registered office: Nové sady 988/2, Staré Brno, 602 00 Brno, Czech Republic Company ID (IČ): 04671317 Privacy e-mail: hello@rutvi.com GDPR & security contact: security@rutvi.com
2. Scope
This Notice applies to:
- rutvi.com (marketing website)
- app.rutvi.com (web application and service delivery)
3. What Personal Data We Process
Depending on whether you are a website visitor or an application user, we may process:
3.1 Data You Provide to Us
- Identification and contact data (e.g., email, name/nickname, billing details if applicable)
- Communication content (support requests, emails, forms)
3.2 Data Generated by Using the Website/App
- Technical and operational data (IP address, user agent, device/browser identifiers, logs)
- Product usage data (in-app events and interactions), typically aggregated or pseudonymised
- Cookies and similar technologies (see Section 9)
4. Purposes and Legal Bases
4.1 Waiting List (Voluntary Sign-up)
Scope: Email address, date and time of sign-up, IP address/technical logs.
Purpose: Records of people interested in the Rutvi launch; sending updates and invitations (pre-launch communication).
Legal basis: Consent. You may withdraw consent at any time at security@rutvi.com.
4.2 Basic Website Analytics (GA4)
Scope: Cookies/online identifiers, truncated/anonymised IP, technical data.
Purpose: Measuring website traffic and improving content.
Legal basis: Cookie consent for statistics/marketing; legitimate interests for strictly necessary cookies.
4.3 Providing the Service (app.rutvi.com)
Purpose: Account creation and management, authentication, service provision, customer support.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest in secure and reliable operations (Art. 6(1)(f)).
4.4 Payments and Invoicing
Purpose: Payment processing, invoicing, accounting.
Legal basis: Performance of a contract (b) and legal obligation (c).
4.5 Product Analytics and Improvements
Purpose: Measuring usage, improving UX, debugging and quality.
Legal basis: Legitimate interest (f) and/or consent (a), depending on cookie/tracking settings.
4.6 Marketing (rutvi.com)
Purpose: Campaign measurement, remarketing.
Legal basis: Typically consent (a) for marketing cookies/pixels (as configured in the cookie banner).
4.7 AI/LLM Features
Purpose: Processing user inputs to deliver AI features (e.g., generation/summarisation/recommendations).
Legal basis: Performance of a contract (b) and/or legitimate interest (f), depending on implementation.
5. Recipients and Processors (Sub-processors)
We share personal data only as necessary with vetted service providers (processors) and, where required by law, with public authorities.
| Company | Purpose / Service | Operational Note |
|---|---|---|
| Stripe, LLC. | Payments & invoicing | Payment processing and receipts |
| Fly.io | IaaS / app hosting | Main application runs on Fly.io |
| Google (Google Cloud) | Infrastructure + analytics + Keycloak hosting | Some services on GCP; Keycloak self-hosted on Google |
| Vercel Inc. | Website hosting | rutvi.com is hosted on Vercel |
| OpenAI | LLM API calls | AI features in the product |
| OpenRouter | LLM API calls | Routing / alternative LLM providers |
| Facebook Ireland Ltd. (Meta) | Marketing | Measurement and remarketing (subject to consent) |
| PostHog, Inc. | Product analytics | Product usage analytics |
| CookieScript | Cookie banner / consent management | Consent banner and records |
6. International Transfers (Outside the EU/EEA)
Some providers may process data outside the EU/EEA (e.g., in the US) or may be accessed from third countries. Where applicable, we ensure transfers comply with GDPR, typically via Standard Contractual Clauses (SCC) and, where needed, supplementary measures.
7. Retention Periods
7.1 Waiting List
Until consent is withdrawn or for a maximum of 24 months.
7.2 Analytics
According to GA4 settings (recommended 14 months). Raw events: 12 months. Aggregated/anonymised statistics: 24 months.
7.3 Logs and Security Records
- Application and infrastructure logs (operational): 90 days
- Security logs (auth, admin, IAM, WAF, firewall, anomalies): 12 months
- Admin/audit logs (privileged access, role/setting changes): 12–24 months
- Incident data / forensic exports: during the incident + 12 months after closure
7.4 Account and Customer Data in the App
For the duration of the account/contract, then 30–90 days and then deletion/anonymisation. Data necessary for legal claims may be stored longer under restricted access.
7.5 Invoicing and Accounting
As required by applicable law.
8. Security
We implement appropriate technical and organisational measures (access control, least privilege, encryption in transit, logging, contractual safeguards with processors, etc.).
Keycloak is operated self-hosted on Google Cloud.
9. Cookies and Consent Management
We use cookies and similar technologies on rutvi.com and potentially on app.rutvi.com:
- Strictly necessary — functionality, login, security (stored without consent)
- Analytics — measurement and improvement (stored only with consent)
- Marketing — remarketing/campaign measurement, e.g., Meta (stored only with consent)
Cookie banner and consent management are provided by CookieScript. You can change your cookie preferences at any time via the footer link or CookieScript widget.
10. Your Rights
You have the right to access, rectify, erase, restrict processing, data portability (where applicable), object, and withdraw consent (where processing is based on consent).
Requests should be sent to security@rutvi.com.
You also have the right to lodge a complaint with a supervisory authority — in the Czech Republic: Úřad pro ochranu osobních údajů (uoou.cz).
11. Contact
Privacy e-mail: hello@rutvi.com GDPR & Security: security@rutvi.com
Engeto s.r.o. Nové sady 988/2, 602 00 Brno, Czech Republic