Short version: We collect only what we need to run the service. We never sell your data. You own your files. You can delete everything at any time.
The data controller is Andrej, an individual operating Culacc, based in Slovakia, European Union.
Contact: andrej@culacc.com
| Data | Why we collect it | Legal basis |
|---|---|---|
| Email address | Account login, billing emails, service notifications | Contract performance |
| Files you upload | To provide the storage service | Contract performance |
| Storage usage | To enforce quotas and calculate billing | Contract performance |
| Payment status | To know which plan you are on | Contract performance |
| IP address / logs | Security, abuse prevention, debugging | Legitimate interest |
We do not collect: card numbers (handled by Stripe), crypto wallet details (handled by NOWPayments), browsing behavior, or any analytics beyond basic server logs.
We will never sell your data, share it with advertisers, or use it for any purpose not listed above.
We use a small number of trusted third parties to operate Culacc:
| Service | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication (login/signup) | Email address |
| Stripe | Card payment processing | Email, billing status |
| NOWPayments | Cryptocurrency payment processing | Payment amount only |
| iDrive E2 | File storage infrastructure | Your encrypted files |
| Resend | Transactional email delivery | Email address, email content |
| Hetzner | Server hosting (EU) | Server data only |
All third parties are either EU-based or covered by appropriate data transfer mechanisms (Standard Contractual Clauses).
Your files are stored on iDrive E2 (S3-compatible) infrastructure. Files are encrypted in transit (HTTPS/TLS). We do not access, read, or analyze your files except when technically required to provide the service (e.g. generating a download link).
As an EU resident you have the following rights regarding your personal data:
To exercise any of these rights, email andrej@culacc.com. We will respond within 30 days as required by GDPR. You also have the right to lodge a complaint with the Slovak data protection authority (dataprotection.gov.sk).
Culacc uses only technically necessary cookies for authentication (provided by Clerk). We do not use tracking cookies, advertising cookies, or analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.
We take reasonable technical and organisational measures to protect your data, including HTTPS encryption for all connections, encrypted file storage, access controls, and regular security reviews. No system is perfectly secure — if we become aware of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR.
Culacc is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it immediately.
We may update this privacy policy from time to time. We will notify you by email at least 14 days before significant changes take effect. The current version is always available at culacc.com/privacy.html.
For any privacy-related questions or to exercise your rights:
Email: andrej@culacc.com
Response time: Within 5 business days (GDPR requests within 30 days)
This policy was last reviewed in March 2026 and is compliant with GDPR Regulation (EU) 2016/679.