← Back to site

Privacy Policy

Last updated: 2026-07-12

This Policy explains how Korund DOO ("we") processes personal data when you use DailyMark. For account owners and the data they provide about themselves, we act as the data controller. For staff and operational data that a workspace owner enters into the Service, the workspace owner is the controller and we process that data on their behalf as a processor. For payment data, Paddle.com acts as an independent controller as merchant of record.

1. Data we collect

Account data: name, email, password hash, workspace and location details.

Operational data you enter: staff members, schedules, checklists and completion records.

Usage and technical data: log data, device and browser information, and error diagnostics.

Payment data: handled by Paddle. We receive subscription status and limited billing metadata, not full card details.

2. How we use data

To provide and operate the Service, authenticate users, deliver notifications, provide support, ensure security, and comply with legal obligations.

We do not sell personal data.

3. Legal bases (GDPR)

We rely on: performance of our contract with you, our legitimate interests in running and securing the Service, your consent where required, and compliance with legal obligations.

4. Processors and sharing

We use service providers to run the Service: Paddle (payments; independent controller), Hetzner (cloud hosting in the EU), Cloudflare (DNS, security and content delivery), Sentry (error monitoring), Telegram (notification delivery where you enable it), and AI providers — Google (Gemini) and OpenRouter — that power the optional assistant features.

When you use the assistant, the content you submit and related workspace data may be processed by these AI providers. Apart from Paddle, each provider processes data on our behalf under a contract.

5. International transfers

Some providers, including the AI providers (Google, OpenRouter) and the error-monitoring provider, may process data outside the EEA, including in the United States. Where required, we rely on appropriate safeguards such as the European Commission’s standard contractual clauses.

6. Retention

We keep personal data while your account is active and as needed for legal, accounting and security purposes. You can request deletion, subject to those obligations.

7. Your rights

Subject to applicable law, you may access, correct, delete, restrict or port your data, and object to certain processing. To exercise these rights, contact us. You also have the right to lodge a complaint with your data-protection supervisory authority.

If your data was entered into the Service by a workspace owner (for example, your employer), that owner is the controller — we may refer your request to them and will assist as required by law.

8. Cookies

We use strictly necessary cookies for authentication and preferences. We do not use advertising cookies.

9. Security and contact

We use reasonable technical and organisational measures to protect data. Privacy questions or requests: support@dailymark.me.