← Back to home

Privacy Policy

Version 1.0 · Effective 2026-04-30

1. Who we are

ResiApp Cloud ("we", "us") is operated by Filip Vnenčák, a sole proprietor based in the Slovak Republic. We provide managed cloud hosting for OpenResiApp, an open-source application for housing-association management.

For privacy questions or to exercise your rights, contact privacy@resiapp.cloud.

2. What personal data we collect

Account data (you give us directly):

  • Email address
  • Community / organization name
  • Hashed password (we never see your plaintext password)
  • Language preference

Billing data (handled by Stripe): name on card, card details (tokenized — we never see card numbers), billing address, VAT ID if applicable. Stripe is the data controller for payment-card processing.

Operational data: IP addresses in server logs, audit log entries (admin actions), error logs.

Resident data inside customer instances: When you create an instance, you may upload personal data of your housing-association members (names, addresses, voting records, etc.). For that data, you are the data controller and we are your data processor — see our Data Processing Agreement.

3. Why we process it (lawful basis)

  • Performance of contract (GDPR Art. 6(1)(b)) — to deliver the service you signed up for: hosting your instance, billing you, sending operational emails.
  • Legitimate interest (Art. 6(1)(f)) — to keep the service secure (rate-limiting, abuse detection, audit logs).
  • Legal obligation (Art. 6(1)(c)) — to keep accounting records as required by Slovak tax law.

We do not rely on consent for service delivery. We do not use your data for marketing without separate opt-in.

4. Who we share it with (sub-processors)

We use a small number of trusted providers to operate the service. The full list, with regions and roles, is at our sub-processors page. In summary:

  • Amazon Web Services (Ireland) — infrastructure hosting in eu-central-1 (Frankfurt, Germany).
  • Stripe (Ireland / United States) — payment processing. Transfers to the US are covered by EU Standard Contractual Clauses.
  • Brevo (France) — transactional email delivery.

5. How long we keep it

  • Account data: while your subscription is active and for 90 days after termination, then deleted.
  • Backups: daily encrypted backups in S3, retained for 30 days, then automatically deleted.
  • Audit logs: 24 months.
  • Billing records: 10 years, as required by Slovak accounting law.
  • Resident data inside instances: kept as long as you (the controller) decide; deleted within 30 days after instance deletion (subject to backup retention above).

6. Where we host data

Application data is hosted exclusively in the EU (AWS eu-central-1, Frankfurt, Germany). Some sub-processors (Stripe) may transfer data outside the EEA under adequacy decisions or Standard Contractual Clauses. Brevo and AWS process within the EU.

7. Your rights

Under GDPR, you have the right to:

  • access your personal data (Art. 15)
  • correct inaccurate data (Art. 16)
  • request erasure (Art. 17, "right to be forgotten")
  • restrict processing (Art. 18)
  • data portability — get your data in a machine-readable format (Art. 20)
  • object to processing based on legitimate interest (Art. 21)
  • lodge a complaint with the Slovak data protection authority (Úrad na ochranu osobných údajov SR) at dataprotection.gov.sk

To exercise any of these rights, email privacy@resiapp.cloud. We respond within 30 days.

See Your Rights for a step-by-step guide.

8. Security

We protect your data using industry-standard measures: AES-256 encryption at rest, TLS 1.3 in transit, isolated databases per customer, principle-of-least-privilege IAM, daily encrypted backups, and audit logging of admin actions. Despite these measures, no system is 100% secure — we will notify you within 72 hours of becoming aware of a personal data breach affecting your data, as required by GDPR Art. 33.

9. Children

The service is not directed to children under 16. If you upload personal data of minors as part of your housing-association records, you are responsible for confirming the lawful basis for that processing.

10. Changes to this policy

We may update this policy. Material changes will be notified by email at least 30 days before they take effect. Non-material changes (typos, clarifications) will be reflected by a new "effective date" above.

11. Cookies

We use only essential cookies needed to keep you signed in. We do not set tracking cookies or use third-party analytics on this site. See Cookie Policy.

Provider: Filip Vnenčák, Slovak Republic.

Contact: privacy@resiapp.cloud

PrivacyTermsDPASub-processorsCookiesYour Rights