Privacy Policy
Last updated: May 15, 2025
This Privacy Policy describes how 8BitJelly ("we", "us") collects, processes and protects personal data of users of 8bitjelly.com, in accordance with Regulation (EU) 2016/679 (GDPR).
1. Data Controller
The data controller is:
8BitJelly
Email: [email protected]
For any data protection matters, please contact us at the email address above.
2. Data We Collect and Why
2.1 Contact Form
When you send us a message via the contact form, we collect: your name, email address, phone number (optional), and message content.
- Purpose: to reply to your inquiry.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest — responding to contact initiated by the user).
- Retention: data is retained until the matter is resolved, no longer than 30 days from the last communication.
- Processor: messages are transmitted via Web3Forms (Intuition Machines, Inc., USA), which processes data solely for delivery and deletes it promptly.
2.2 Google Analytics (with your consent only)
If you consent, we use Google Analytics 4 to analyse website traffic. Anonymous data about visited pages, time spent, device type and browser is collected. IP addresses are anonymised.
- Purpose: understanding how users interact with the site and improving it.
- Legal basis: Art. 6(1)(a) GDPR (your consent).
- Retention: 26 months (GA4 default).
- Processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be transferred to the USA under the EU-US Data Privacy Framework.
- Withdrawing consent: you can withdraw at any time by clicking "Manage cookies" in the footer.
2.3 Umami Analytics
We also use Umami — a cookie-free analytics tool. Umami collects only anonymous, aggregated data (visit counts, pages) without any ability to identify individual users.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest — technical optimisation).
- No consent required — Umami does not process personal data.
2.4 hCaptcha
The contact form is protected by hCaptcha (Intuition Machines, Inc., USA) to prevent spam. hCaptcha may collect behavioural data and IP address to verify you are human.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest — website security).
- hCaptcha privacy policy: hcaptcha.com/privacy
2.5 Server Logs
Our hosting provider (Railway.app) automatically logs standard server data including IP addresses for technical operation. This data is retained for up to 30 days and is not used to identify individual users.
3. Cookies
We use the following cookies:
| Name | Type | Purpose | Expiry |
|---|---|---|---|
i18n_redirected | Necessary | Remember your language preference | 1 year |
cookie_consent | Necessary | Remember your cookie decision | 1 year |
_ga | Analytics (consent) | Distinguish users in Google Analytics | 2 years |
_ga_XXXXXXX | Analytics (consent) | Maintain Google Analytics session | 2 years |
You can manage your cookie consent at any time by clicking "Manage cookies" in the footer, or via your browser settings.
4. Your Rights
Under GDPR, you have the following rights:
- Right of access (Art. 15) — you may request a copy of your personal data.
- Right to rectification (Art. 16) — you may request correction of inaccurate data.
- Right to erasure (Art. 17) — you may request deletion of your data ("right to be forgotten").
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20).
- Right to object (Art. 21) — you may object to processing based on legitimate interest.
- Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
5. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. In Poland, this is:
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Tel.: +48 22 531 03 00
Email: [email protected]
uodo.gov.pl
6. International Data Transfers
Some of our data processors (Google Analytics, Web3Forms, hCaptcha, Railway.app) are based in the USA. Transfers are made under Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework (DPF), ensuring an adequate level of protection.
7. Data Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or disclosure. All communication is encrypted via HTTPS.
8. Changes to This Policy
We may update this Privacy Policy. For material changes, we will post the new version on this page with an updated date. We encourage you to check this page periodically.