Privacy Policy

Effective from 2026-03-27

Hello!

If you are here, you probably want to know what happens to your data when you use Logo aboutu.app. We completely understand that, which is why we are providing you with a document that brings together, in one place, the rules for the processing of personal data and the use of cookies, localStorage, sessionStorage, and other technologies related to the functioning of the application.

The most important information at the outset is that Logo aboutu.app operates on a zero-knowledge basis. This means that the content of your Vault is encrypted locally on your device and, as a rule, does not reach our database or servers in a form that would allow us to read it. We do not know your Master Password and we do not have the technical ability to decrypt the contents of your Vault.

The controller of personal data processed in connection with the use of the application is:

Wojciech Marosek
ul. Swietokrzyska 30 lok. 63
00-116 Warsaw
Tax ID (NIP): 5253064174
e-mail: contact@aboutu.app

This Privacy Policy has been prepared in a question-and-answer format so that you can more easily find the information you are looking for.

If you have any questions regarding privacy or personal data protection, you can write to us at: contact@aboutu.app.

1. Who is the controller of your personal data?

The controller of your personal data processed in connection with the use of Logo aboutu.app is Wojciech Marosek, conducting business activity using the business details provided above.

2. Who can you contact regarding personal data?

In matters related to privacy, personal data protection, and the exercise of rights arising from the GDPR, you can contact us at: contact@aboutu.app.

In our case, we have not appointed a Data Protection Officer, because there is no legal obligation to do so.

3. What information about you do we have?

Data we generally do not receive

The most important point is that we do not receive the content of your Vault. The data you enter into the various sections of the application, such as finances, documents, medical information, contacts, personal data, or notes, is encrypted locally in your browser before being stored on your device.

We also do not know your Master Password. That password is used solely for the local derivation of the encryption key and is not transmitted to us.

Technical data that we may process

In connection with your use of the application, we may process the following technical data:

  • IP address,
  • date and time of the request,
  • information about the browser and operating system,
  • request URLs and basic technical logs related to the operation of the application,
  • basic statistical information about the use of public parts of the service, such as page views, visited pages, referring domain, approximate information about the device, browser, operating system, and country or region,
  • data contained in e-mail correspondence, if you contact us.

In addition, the application may use browser technologies such as:

  • localStorage - to store the encrypted content of the Vault on your device,
  • sessionStorage - to store temporary information related to the current session, such as the unlocked state or returning to the last-used subpage,
  • essential cookies and preference cookies - to the extent necessary for the proper functioning of the interface and for remembering selected settings such as theme or language.

We do not use analytics cookies or marketing cookies. However, we may use a simple analytics tool that operates without cookies and without access to the contents of your Vault. This tool is used solely to create aggregated statistics, improve the service, and analyse security and performance.

4. Where do we get your personal data from?

In most cases, you provide the data to us yourself.

This happens when:

  • you contact us by e-mail,
  • you send a question, complaint, or report concerning the operation of the application.

Some technical data may be collected automatically in connection with the operation of the website and the technical infrastructure through which the application is made available, in particular by means of server logs and tools necessary for the provision of the service.

At the same time, we remind you that the content of your Vault remains on your device and is not obtained by us in a way that would allow us to read it.

5. Is your data safe?

We make every effort to ensure an appropriate level of security for data processed in connection with the operation of the application.

The application has been designed so that the content of the Vault is encrypted on the client side, that is, in your browser, before it is stored in browser storage. As a result, we do not have access to the contents of the Vault in plain text.

In practice, this also means that we cannot recover your Master Password or decrypt your Vault on your behalf if you lose access to your device or forget your password.

Please remember, however, that the security of your data also depends on you, in particular on the strength of your Master Password, the security of your device, keeping your browser up to date, and protecting against third-party access.

6. For what purposes do we process your personal data?

The purposes of personal data processing are described in detail in the table constituting Appendix No. 1 to this Privacy Policy.

Most often, these purposes are:

  • ensuring the operation of the application and its technical security,
  • creating aggregated statistics on visits and the use of public parts of the service,
  • handling correspondence and reports,
  • storing interface and session settings in the browser,
  • fulfilling legal obligations,
  • pursuing or defending against claims.

7. How long do we keep your data?

The storage period depends on the purpose of the processing.

In particular:

  • we generally store technical logs no longer than necessary to ensure the security and stability of the application, usually up to 90 days, unless longer storage proves necessary for security reasons or due to legal obligations,
  • we store statistical data relating to the use of public parts of the service for the period resulting from the current analytics tool configuration, no longer than necessary to analyse trends, develop the product, and ensure security,
  • we store e-mail correspondence for the time necessary to handle the matter, and then for the period needed to secure possible claims, generally no longer than 3 years from the last contact,
  • data stored in localStorage or sessionStorage remains on your device until you delete it, clear your browser data, end the session, or it is overwritten by a new encrypted version of the data.

Detailed storage periods are set out in Appendix No. 1.

8. Who are the recipients of your personal data?

Modern online services do not operate without external infrastructure providers. We use such services only to the extent necessary for the operation of the application.

Recipients of data may include in particular:

  • the hosting and technical infrastructure provider - Railway,
  • the provider or operator of the analytics tool used in a self-hosted model - Umami, hosted by us on Railway infrastructure,
  • providers of services related to maintaining the security and availability of the application,
  • the e-mail provider - if you contact us by e-mail,
  • entities providing legal or accounting services, if necessary,
  • public authorities, where the obligation to disclose data results from legal provisions.

If you use the application in a way that causes external resources to be loaded, such as fonts or other interface elements provided by third parties, those entities may also receive technical data such as your IP address, in accordance with their own rules.

We emphasize, however, that the above does not mean that those entities have access to the contents of your Vault in plain text. That content remains encrypted locally on your device.

9. Do we transfer your data to third countries or international organizations?

In connection with the use of infrastructure and technical services, some technical data may be transferred outside the European Economic Area, in particular to the United States.

This may concern, in particular, hosting, infrastructure, e-mail providers, or technical resources loaded by the application.

In such cases, we ensure that the transfer of data takes place on the basis of mechanisms compliant with the GDPR, in particular standard contractual clauses or other legally permitted transfer mechanisms.

At the same time, we once again emphasize that the content of your Vault is not stored by us on the server in plain text.

10. What rights do you have?

The GDPR grants you a number of rights related to the processing of personal data.

Depending on the circumstances, you have the right to:

  • access your data,
  • rectify your data,
  • erase your data,
  • restrict processing,
  • data portability,
  • object to processing based on a legitimate interest,
  • withdraw consent, where processing is based on consent,
  • lodge a complaint with a supervisory authority.

If you want to exercise your rights, write to us at: contact@aboutu.app.

Please remember, however, that these rights apply to the data that we actually process as the controller. In practice, this means that we are not able to provide you with the contents of your Vault stored exclusively locally on your device, because we do not have access to it.

You may lodge a complaint with:

President of the Personal Data Protection Office
https://uodo.gov.pl

12. Do we use cookies, localStorage, or other similar technologies?

Yes, the application uses technologies necessary for its operation.

In particular, we use:

  • essential cookies - necessary for the proper operation of the application's basic functions,
  • preference cookies - allowing selected settings such as theme or language to be remembered,
  • localStorage - to store the encrypted content of the Vault on your device,
  • sessionStorage - to store temporary information related to the current session,
  • the Umami analytics tool deployed in a self-hosted model, which in its current configuration does not rely on cookies or localStorage/sessionStorage on the user's device.

We do not use analytics, marketing, or advertising cookies. We do, however, use limited traffic analytics without cookies solely to create aggregate statistics and improve the service.

13. On what basis do we use cookies and similar technologies?

We use technologies necessary for the provision of electronic services on the basis of legal provisions that allow their use without separate consent, provided that they are necessary for the proper operation of the application.

With regard to basic analytics based on Umami, we assume that, in its current configuration, this tool does not store information on the user's device or gain access to such information, and therefore we do not treat it as analytics cookies. We rely on our legitimate interest for the related processing of technical data, namely analysing traffic, developing the product, and ensuring security.

If in the future we implement any additional technologies that require consent, we will ask you for the appropriate consent before activating them.

14. Can you disable cookies or delete local data?

Yes. You can manage cookies and locally stored data through your browser settings.

In particular, you can:

  • delete stored cookies,
  • clear localStorage and sessionStorage,
  • use private/incognito mode,
  • block selected categories of cookies.

Please remember, however, that deleting local data, in particular data stored in localStorage, may result in a loss of access to the locally stored contents of your Vault or application settings if you do not have your own backup copy.

15. For what purposes do we use localStorage and sessionStorage?

We use localStorage primarily to store the encrypted contents of your Vault on your device.
sessionStorage may be used to store short-term information needed for the proper functioning of the user session, such as a temporary unlocked state or information about returning to the last visited subpage after unlocking the application.

16. What third-party technologies or tools are used?

At present, the application may use the following external services or technical resources:

  • Railway - hosting and technical infrastructure for the application,
  • Proton.me - for handling messages sent to the contact address,
  • Umami - basic, pseudonymised traffic analytics for public parts of the service, deployed in an open source, self-hosted model on Railway infrastructure.

Details are set out in Appendix No. 2.

17. Do we track your behavior in the application?

To a limited extent, we measure how public parts of the service are used by means of Umami, hosted by us on Railway. This helps us understand the number of visits, the popularity of particular pages, and general usage trends. We do not use this analytics setup for user profiling, remarketing, ad targeting, or for gaining access to the contents of your Vault.

18. How can you manage your privacy?

You can protect your privacy, among other things, by:

  • using a strong Master Password,
  • securing the device on which you use the application,
  • regularly creating your own backups,
  • deleting local browser data when needed,
  • using private/incognito mode,
  • contacting us in matters concerning personal data,
  • adjusting cookie settings in your web browser.

Please remember that, under the zero-knowledge model, a large part of the responsibility for the security of data stored locally also rests with the user and depends on the security of the user's device.

19. What are server logs?

Using the application involves sending requests to the technical infrastructure through which it is made available. Server logs may include, in particular:

  • IP address,
  • date and time of the request,
  • browser information,
  • operating system information,
  • the address of the requested resource,
  • auxiliary data related to security and diagnostics.

These logs are used primarily to ensure the security, stability, and proper functioning of the application.

20. Is there anything else you should know?

Yes. Because the application operates on the basis of local encryption and local data storage, losing your Master Password, deleting browser data, or losing your device may result in losing access to your Vault.

For this reason, we recommend that you regularly create your own backups of encrypted data and securely store the information necessary to regain access.

21. Can this Privacy Policy change?

Yes, we may update this Privacy Policy, in particular in the event of:

  • changes in the law,
  • technological changes,
  • changes in how the application operates,
  • changes of infrastructure providers or auxiliary service providers.

The new version of the Privacy Policy will be published in the application or on the website. If the change is material, we will make reasonable efforts to inform you in advance.

This version of the Privacy Policy is effective as of 2026-03-27.

Appendix No. 1 - Purposes of Personal Data Processing

Processing purposeLegal basisScope of dataRetention periodSource of data
Ensuring the operation and security of the applicationArt. 6(1)(f) GDPR - the controller's legitimate interest in ensuring the security, stability, and availability of the applicationIP address, date and time of request, user-agent, basic technical logs, request URLsgenerally up to 90 days, unless a longer period is necessary for security reasons or due to legal obligationscollected automatically during use of the application
Creating aggregated statistics on visits and the use of public parts of the serviceArt. 6(1)(f) GDPR - the controller's legitimate interest in analysing traffic, developing the product, and improving securityinformation about page views, visited pages, referring domain, approximate data about the device, browser, operating system, and country or region, as well as related technical datafor the period resulting from the analytics tool configuration, no longer than necessary for statistical and product development purposescollected automatically while using public parts of the service
Handling e-mail correspondenceArt. 6(1)(b) GDPR or Art. 6(1)(f) GDPR - depending on the nature of the contacte-mail address, first name or other data provided in the message, the content of the correspondence, data related to the matterfor the time needed to handle the matter, and then generally no longer than 3 years from the last contactprovided directly by the user
Handling complaints or reports concerning the operation of the applicationArt. 6(1)(b) GDPR or Art. 6(1)(c) GDPR, where the obligation follows from legal provisionsdata provided in the complaint or report, contact details, content of the complaint or reportfor the time needed to handle the matter and for the period necessary to demonstrate that it was handled properlyprovided directly by the user
Storing interface settingsArt. 6(1)(f) GDPR - the controller's legitimate interest in ensuring the proper operation of the application and user convenienceinformation about selected settings, e.g. language or themeuntil the user deletes the data or clears browser datacollected automatically by browser mechanisms
Maintaining the current sessionArt. 6(1)(f) GDPR - the controller's legitimate interest in ensuring the proper operation of the applicationtemporary session data, e.g. information about session state or a return pathuntil the end of the session or until session data is deleted by the user or the browsercollected automatically by browser mechanisms
Archiving and defending against claimsArt. 6(1)(f) GDPR - the controller's legitimate interest in establishing, pursuing, or defending claimsdata related to correspondence, reports, and other matters requiring documentation to be retaineduntil the expiry of limitation periods for claims or until the dispute is resolvedderived from previously obtained data

Note: The content of your Vault is stored locally on your device in encrypted form. We do not store it on our side in a form that allows it to be read.

Appendix No. 2 - List of External Services and Resources

Tool / serviceProviderPurpose of useLink to policy / information
RailwayRailwayhosting and technical infrastructure of the applicationhttps://railway.com/legal/privacy
Proton.meProton.mehandling correspondence sent to contact@aboutu.apphttps://proton.me/legal/privacy
UmamiUmamibasic self-hosted traffic analytics without advertising profilinghttps://umami.is
Copyright2026
TermsPrivacy Policy