Legal documents

Privacy Policy

Effective from January 1, 2026. Last updated: July 11, 2026.

1. Data Controller

The data controller within the meaning of Art. 4(7) of Regulation (EU) 2016/679 (GDPR) is:

SHPERKA s.r.o.
Železničná 3, 900 27 Bernolákovo, Slovak Republic
Company ID: 56 193 955 · VAT ID: 2122248579
E-mail: info@bizlaboratory.sk

2. What data we process

  • FounderCode™ users: name, e-mail, city, age, audience type (teen/adult), quiz answers, language, generated persona (Builder/Visionary/Connector/Strategist), Founder ID and PDF report.
  • Parents / legal guardians: name, e-mail, phone, city.
  • Students (Academy, SK only): name, age, attendance, project portfolio.
  • Payment data: handled exclusively by Stripe; we store only the payment ID, amount, currency and status.
  • Technical data: truncated IP, browser, language, cookies, error logs.

Personal data of a child under 16 years of age is processed solely with the consent of their legal guardian (Art. 8 GDPR).

3. Purposes and legal bases

  • Performance of the contract for supply of digital content (FounderCode™ report) — Art. 6(1)(b) GDPR.
  • Automated report generation using the Anthropic Claude model — contract performance. The report does not produce legal effects and is not an autonomous decision within the meaning of Art. 22 GDPR.
  • Accounting and tax obligations — Art. 6(1)(c) GDPR.
  • Marketing and follow-up e-mails — consent, or legitimate interest for existing customers.
  • Google Analytics 4 and Meta Pixel + CAPI — only after explicit consent (cookie banner).
  • Security, abuse prevention, error logging — legitimate interest (Art. 6(1)(f) GDPR).

4. Retention periods

  • Incomplete quizzes and pre-registrations: max. 12 months.
  • FounderCode™ reports and answers: 24 months, then anonymised.
  • Academy participants: 5 years after the contract ends.
  • Accounting records: 10 years (Slovak Act 431/2002).
  • Marketing consents: until withdrawn, max. 5 years.

5. Recipients and processors

  • Supabase (Lovable Cloud) — database, servers in the EU.
  • Cloudflare, Inc. — CDN and DDoS protection.
  • Stripe Payments Europe, Ltd. (Ireland) — payment processor.
  • Resend, Inc. (USA) — transactional e-mail.
  • Anthropic, PBC (USA) — Claude model for FounderCode™ report generation (data is not used to train the model).
  • Google Ireland Ltd. — Google Analytics 4 (with consent only).
  • Meta Platforms Ireland Ltd. — Meta Pixel and Conversions API (with consent only).
  • External accounting firm.

We do not sell your data to third parties.

6. International transfers

Some processors (Anthropic, Resend, Meta, Google, Cloudflare, Stripe) process data outside the EU, in particular in the USA. Transfers are safeguarded by the Standard Contractual Clauses (SCCs) adopted by the European Commission and/or the EU–US Data Privacy Framework.

7. Your rights

Under the GDPR you have the right to:

  • access your data and receive a copy (Art. 15),
  • rectification (Art. 16),
  • erasure ("right to be forgotten", Art. 17),
  • restriction of processing (Art. 18),
  • data portability (Art. 20),
  • object to processing (Art. 21),
  • withdraw consent at any time,
  • lodge a complaint with your local supervisory authority. Our lead authority is the Slovak Office for Personal Data Protection (dataprotection.gov.sk).

To exercise your rights, e-mail info@bizlaboratory.sk. We will respond within 30 days.

8. Cookies

See our Cookie Policy for a full list of cookies and how to change your consent.

9. Security

Data is stored in an encrypted Postgres database with Row-Level Security. All traffic runs over HTTPS/TLS. Passwords are stored only as a one-way hash.

10. Changes

We may update this policy. We will notify you of material changes at least 14 days in advance by e-mail or a notice on the website.