Privacy Policy
1. Data Controller
Recofy is operated by Bc. Martin Vlasák, an individual entrepreneur (OSVČ) registered in the Czech Republic under Company ID (IČO) 69530319, with registered office at Studnická 2115/53, Horní Počernice, 193 00 Praha 9, Czech Republic ("Recofy", "we", "us"). We provide an AI-powered product recommendation service for e-commerce stores on the Shoptet platform. The relationship with merchants is governed by our Terms of Service; personal data processing is governed by our Data Processing Agreement (DPA).
Contact:
- Email: [email protected]
- Address: Studnická 2115/53, Horní Počernice, 193 00 Praha 9
- Data Protection Officer (DPO) is not appointed - we do not meet the thresholds under Art. 37 GDPR; data subject inquiries are handled directly by the operator at [email protected].
2. Who this policy applies to
This policy describes how we handle data of:
- Merchants (e-shop operators who install Recofy).
- End users of those e-shops (anonymous visitors).
- Google API data (specifically from Google Analytics 4, always with explicit merchant consent).
3. What data we collect
3.1 From merchants
- Identification: Shoptet shop ID, e-shop domain, primary email.
- Authentication: encrypted Shoptet OAuth tokens (AES-256-GCM at rest).
- Billing: handled by Stripe (Stripe is the controller for payment data; we receive only customer ID, subscription status, and invoice references).
- Communication: support emails (retained for 24 months).
3.2 From end users of merchant e-shops (anonymous visitors)
- Anonymous visitor ID (
_vtx_vidcookie, 12 months) - random UUID, not linked to any personal information. - Browsing events: page views, clicks on recommended products, add-to-cart, purchase events. All events are tied to the anonymous visitor ID, never to a person.
- Product context: which product page was viewed, which products were recommended.
- Attribution token: a technical identifier linking recommendations to conversions (not tied to personal identity).
We do not collect: names, emails, phone numbers, browser fingerprints, demographic data, financial data of end users, or precise geolocation. IP addresses arrive in HTTP headers, but Recofy does not actively store or process them - platform infrastructure logs may temporarily contain them (see §10).
3.3 From Google APIs (with merchant consent)
When a merchant connects their Google Analytics 4 property, we access:
- List of GA4 properties the merchant has access to (Google Analytics Admin API).
- Historical events of types
view_item,add_to_cart, andpurchasefrom the selected property over the past 90 days (Google Analytics Data API). - OAuth refresh token to maintain the connection (encrypted at rest with AES-256-GCM).
We do not access: user-level personal data, demographics, campaign or source/medium attribution, revenue breakdowns, conversions outside purchase, custom audiences, or any other GA4 dimensions.
Limited Use disclosure (Google API): Recofy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use the data exclusively for the cold-start feature of our recommendation models. We do not transfer the data to third parties except as necessary to operate the feature (Google Cloud Vertex AI Search for Commerce). We do not use the data for advertising purposes. Human access to the data is limited - only (a) with the user's explicit consent for support, (b) for security purposes, (c) to comply with applicable law, or (d) for internal operations on aggregated/anonymized data.
4. How we use the data
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Merchant identification | Provision of the service | Contract (Art. 6(1)(b)) |
| Encrypted OAuth tokens | Authentication with Shoptet and Google | Contract |
| Anonymous browsing events | Generating recommendations | End-user consent obtained by the Merchant (Art. 6(1)(a)); Recofy processes as a Processor under the DPA |
| Billing data | Subscription management | Contract |
| Support emails | Customer support | Contract |
| GA4 historical events | Cold-start of recommendation models | End-user consent obtained by the Merchant in GA4 (Art. 6(1)(a)); Recofy processes as a Processor under the DPA |
Anonymous end-user browsing events are processed by Recofy as a Processor on behalf of the Merchant (Controller), on the basis of the end-user consent obtained by the Merchant (the e-shop's cookie banner) and the Data Processing Agreement (DPA). Without consent, the Recofy widget and tracker do not set any cookies.
5. Data retention
- Merchant account - lifetime of subscription + 12 months
- Anonymous browsing events - 6 months (rolling, automated deletion via PostgreSQL partitioning)
- Encrypted Shoptet and Google tokens - until disconnection or 12 months after last use
- Billing records - 10 years
- GA4 imported events (in Vertex AI Search for Commerce) - lifetime of the account, deleted within 30 days of a disconnection request
- Support emails - 24 months
6. Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform (Cloud Run, Vertex AI Search for Commerce) | Compute, AI recommendations | EU |
| Supabase (PostgreSQL) | Database | EU |
| Upstash | Redis cache | EU |
| Stripe | Payment processing | EU + US (Stripe is its own controller; DPF) |
| Resend | Transactional email | EU |
Sub-processors are bound by data processing agreements in accordance with GDPR Art. 28. Details (including change notifications and the right to object) are set out in our DPA.
7. International transfers
Most processing occurs within the EU. Stripe processes payment data partially in the US under the EU–U.S. Data Privacy Framework (adequacy decision). Other sub-processors operate in the EU only.
8. Your rights (GDPR)
You have the right to access, rectification, erasure, restriction of processing, portability, and to object. You may lodge a complaint with the Czech Office for Personal Data Protection (www.uoou.cz). To exercise your rights, contact [email protected] - we respond within 30 days.
9. Automated decision-making
Product recommendations are generated by an automated system (Vertex AI Search for Commerce). These recommendations serve solely to display relevant products to end users of the e-shop - they have no legal or similarly significant effects on end users and do not constitute automated decision-making within the meaning of GDPR Art. 22.
10. Security
- All data in transit is encrypted with TLS 1.3.
- All authentication tokens (Shoptet OAuth, GA4 OAuth, Stripe webhooks) are encrypted at rest using AES-256-GCM with keys stored in Google Cloud Secret Manager.
- Database access is restricted to a service account with logged operations.
- Tenant data isolation at the application level (
tenant_idfiltering in all queries). - Production deployment runs on Google Cloud Platform with automatic security patches.
- Infrastructure logs (Google Cloud Run) may temporarily contain IP addresses as part of standard platform operation. These logs are automatically deleted after 30 days and are not used to identify individuals.
Breach notification: In the event of a personal data breach, we will notify affected merchants without undue delay, no later than 72 hours after becoming aware, in accordance with GDPR Art. 33. Details are set out in our Data Processing Agreement.
11. Cookies
Recofy uses a single cookie on merchant e-shops (_vtx_vid, described in §3.2) only after the visitor consents via the merchant's cookie banner.
The recofy.cz website uses only essential cookies and its own cookie banner.
12. Changes to this policy
Material changes will be notified to merchants by email at least 14 days in advance. The current version is always available at recofy.cz/privacy.
13. Disconnecting Google Analytics
A merchant can disconnect their GA4 integration at any time from the Recofy admin dashboard. Disconnection:
- Revokes the refresh token (we call Google's OAuth revocation endpoint).
- Deletes the encrypted token and connection metadata from our database.
- Imported events remain in Vertex AI Search for Commerce for the lifetime of the account; they can be deleted on request to [email protected] within 30 days.
Effective from: June 1, 2026 · Version: 1.0