Privacy & Cookie Policy

Last updated: 31 May 2026

1. Data Controller

The controller of personal data collected through this website (hereinafter: the "Website") is:

  • Name: DAKARDA STUDIO - Dawid Bińkowski, NIP: 9492074226
  • Address for correspondence: ul. Piotrkowska 35, 90-410 Łódź
  • Contact: contact@dakarda.com

2. Types of Data Collected

We collect the following categories of personal data in connection with the operation of this Website:

  • Contact form data: email address, project type, message content (legal basis: Art. 6(1)(b) GDPR — pre-contractual measures at the data subject's request). Retained for 2 years or until the matter is resolved.
  • Cookie data: consent preferences, language preferences (legal basis: Art. 6(1)(f) GDPR — legitimate interest / consent).
  • Server logs: IP address, date and time of visit, browser and device information (legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring security). Retained for 14 days.
  • Newsletter subscription data: first name, email address, IP address, and the timestamp and text of your consent (proof of consent); optionally engagement data in messages — opens, clicks (legal basis: art. 6(1)(a) GDPR — consent).

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

  • Handling contact form enquiries and responding to your messages (Art. 6(1)(b) GDPR — performance of pre-contractual measures)
  • Protecting the Website against spam and automated abuse via Google reCAPTCHA (Art. 6(1)(f) GDPR — legitimate interest in IT security)
  • Storing language preferences to ensure a consistent browsing experience (Art. 6(1)(f) GDPR — legitimate interest in website functionality)
  • Statistical analysis of website traffic, only if you have given your consent (Art. 6(1)(a) GDPR — consent)
  • Sending the free “AI Daily News” newsletter by electronic means (art. 6(1)(a) GDPR — consent; art. 398 of the Electronic Communications Law)

4. Cookie Policy

This Website uses cookies (small text files stored on your device) to ensure its proper functioning, personalise content, and — with your consent — analyse traffic. Below is a complete list of cookies used on this Website. In accordance with Polish Electronic Communications Law (PKE) and the GDPR, only technically necessary cookies are installed without your prior consent.

Cookie NameProviderPurposeRetentionCategoryLegal Basis
dakarda_consentDakarda StudioStores your cookie consent decision to avoid repeated banner display1 yearNecessaryArt. 6(1)(f) GDPR — Legitimate interest (proof of consent)
NEXT_LOCALENext.js (next-intl)Stores your preferred interface language (e.g. en, pl) to ensure consistent navigationSession / 1 yearFunctionalPKE Art. 173(3) — Technical necessity
_GRECAPTCHA, rc::*GoogleSession identification and bot risk analysis by Google reCAPTCHA. Not used for advertising in our configuration.6 months (persistent) / session (technical)SecurityArt. 6(1)(f) GDPR — Legitimate interest (IT security)

Managing Cookies

When you first visit the Website, a consent banner is displayed at the bottom of the page. You may click "Accept All" or "Only Necessary" to make your choice, or select "Cookie Settings" to customise your preferences by category.

You may withdraw or change your consent at any time by clicking the "Cookie Settings" link in the website footer. You may also delete cookies through your browser settings.

5. External Services and Data Recipients

Google reCAPTCHA

To protect our contact forms from spam and automated abuse, we use Google reCAPTCHA v3, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). reCAPTCHA analyses user behaviour on the page (mouse movements, time spent, clicks), IP address, operating system, browser, and other technical parameters to assess bot risk.

As of April 2026, under the updated reCAPTCHA service model, Google operates as a Data Processor under the Google Cloud Data Processing Addendum (DPA). Data collected by reCAPTCHA in this configuration is not used by Google for advertising purposes. Google is certified under the EU–U.S. Data Privacy Framework.

Discord (Notification Webhook)

Contact form submissions are forwarded to Discord via a secure webhook for internal team notification. The data transmitted includes the email address, project type, and message content. Discord Inc. (San Francisco, USA) acts as a sub-processor. Transfers are governed by Standard Contractual Clauses (SCCs).

Hosting

The site is hosted on the Vercel platform (Vercel Inc.) — functions run in the Frankfurt region (Germany, EEA). The provider processes server logs (IP addresses, access times) as a data processor. Data is stored within the EEA; Vercel Inc. is a US company, so any access from outside the EEA is safeguarded by Standard Contractual Clauses (SCC) and a data processing agreement (DPA).

Database (Supabase)

Newsletter subscriber data (first name, email address, IP address, consent log) is stored in a PostgreSQL database with Supabase, in the Ireland region (EEA). Supabase acts as a data processor under a data processing agreement (art. 28 GDPR). Any access from outside the EEA is safeguarded by Standard Contractual Clauses (SCC).

Email delivery (Resend)

To send emails (subscription confirmation and the newsletter) we use Resend (Resend, Inc., USA), acting as a data processor under a data processing agreement (art. 28 GDPR). Resend processes the email address and message delivery data. Transfers outside the EEA are safeguarded by Standard Contractual Clauses (SCC, art. 46 GDPR).

6. Your Rights Under GDPR (RODO)

Under the General Data Protection Regulation (Regulation (EU) 2016/679, "RODO"), you have the following rights with respect to your personal data:

  • Right of access — obtain confirmation of whether your personal data is being processed and a copy of it (Art. 15)
  • Right to rectification — correct inaccurate or incomplete personal data (Art. 16)
  • Right to erasure ("right to be forgotten") — request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected (Art. 17)
  • Right to restriction of processing — request that we limit how your data is used in certain circumstances (Art. 18)
  • Right to data portability — receive your personal data in a structured, commonly used, machine-readable format (Art. 20)
  • Right to object — object to processing based on legitimate interest, including profiling (Art. 21)
  • Right to withdraw consent — withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7(3))
  • Right to lodge a complaint — you may file a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl)

To exercise any of these rights, please contact us at the email address specified in Section 1. We will respond within 30 days of receiving your request.

7. Data Transfers Outside the EEA

Some data may be processed outside the European Economic Area (EEA) by Google (reCAPTCHA — USA), Discord (notifications — USA), and Resend (email delivery — USA). These transfers are safeguarded by Standard Contractual Clauses (SCC) approved by the European Commission (art. 46(2)(c) GDPR) and, for Google, additionally by the EU–US Data Privacy Framework (art. 45 GDPR). Hosting (Vercel — Frankfurt) and the database (Supabase — Ireland) store data within the EEA; their providers have US parent companies, and any access from outside the EEA is safeguarded by SCC. Details of the relevant safeguards are available on request.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include: HTTPS/TLS encryption for all data in transit, hosting on a serverless platform (Vercel) with isolated execution environments, encrypted database connections, validation and sanitisation of input on all forms, automated bot protection (reCAPTCHA), double opt-in confirmation for newsletter subscriptions, and access controls limiting data access to authorised persons only.

9. Changes to This Policy

We reserve the right to update this privacy and cookie policy. When material changes are made, we will update the "Last updated" date at the top of this page and, where the changes affect cookie processing, re-request your consent via the cookie banner. We encourage you to review this policy periodically.

10. Newsletter

Subscription to the “AI Daily News” newsletter is voluntary and free, based on your consent.

  • Purpose: sending commercial information by electronic means about AI and technology.
  • Legal basis: art. 6(1)(a) GDPR (consent) and art. 398 of the Electronic Communications Law (consent to receive commercial information by electronic means).
  • Scope of data: first name, email address, IP address, and the text and timestamp of consent (proof of consent); optionally engagement data in messages.
  • Confirmation of sign-up: we use a double opt-in mechanism — your address is added to the list only after you click the confirmation link in the email.
  • Retention period: until consent is withdrawn or the subscription is cancelled; proof of consent is retained additionally for the limitation period of potential claims (accountability, art. 5(2) GDPR).
  • Withdrawal of consent: at any time, without giving a reason, via the “unsubscribe” link in every message or by emailing the controller. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

11. Newsletter Terms of Service (“AI Daily News”)

These terms set out the rules for providing the free “Newsletter” service by electronic means (art. 8 of the Act on Providing Services by Electronic Means).

§1. General provisions

The service provider is DAKARDA STUDIO – Dawid Bińkowski, NIP 9492074226, ul. Piotrkowska 35, 90-410 Łódź, email: contact@dakarda.com. These terms define the rules for signing up for, providing, and cancelling the Newsletter service.

§2. Definitions

Newsletter — a free electronic message about AI and technology; Provider — Dakarda Studio; Subscriber — a person who has signed up for the Newsletter; Form — the sign-up form available on the Site.

§3. Type and scope of the service

The service consists of the free, recurring delivery of content about AI and technology to the provided email address. Approximate frequency: Monday, Wednesday, Friday (informational, with no guaranteed delivery time).

§4. Conclusion of the agreement

The agreement is concluded after providing an email address and first name, giving consent in the Form, and confirming the sign-up via the link sent by email (double opt-in). The service is available to persons aged 16 or over; younger persons require a guardian’s consent.

§5. Technical requirements

Using the service requires: a device with internet access, an active email account, and a web browser capable of displaying HTML messages.

§6. Cancellation

The Subscriber may cancel the service at any time, without giving a reason, by clicking the “unsubscribe” link in every message or by emailing contact@dakarda.com. Cancellation is equivalent to withdrawing consent and takes effect immediately.

§7. Complaints

Complaints regarding the service may be submitted to contact@dakarda.com. We handle complaints within 14 days of receipt.

§8. Personal data

The rules for processing Subscribers’ personal data are described in this Privacy Policy (the “Newsletter” section above).

§9. Final provisions

The Provider may amend these terms for important reasons (changes in law or service scope). We will notify you of changes by electronic means. These terms are effective from 31 May 2026.