Privacy policy

Last updated: 21 April 2026

We respect your privacy. We only collect the data we actually need to reply to your enquiry and to keep the site running safely.

1. Data controller

The controller of your personal data is Kostecki Labs Sp. z o.o., based in Kraków, Poland (Stare Miasto), VAT ID (NIP) 6762718733, REGON 544606827, KRS 0001238188 ("we", "us").

For any question about your personal data, email us at kontakt@kosteckilabs.com.

2. What we collect and why

Contact form: your name, email, optionally your company name, and the content of your message. We use it solely to reply to your enquiry.

AI chat widget: the content of the conversation and technical metadata (including your IP address) used to prevent abuse and enforce rate limits. The content of the conversation is sent to an external language-model provider in order to generate a reply (see section 4).

Server logs: standard technical data (IP address, timestamp, browser type, request path) recorded automatically for diagnostics and security.

3. Legal basis

Responding to your enquiry and taking steps prior to entering into a possible contract - Article 6(1)(b) GDPR.

Business communication, keeping the site secure and preventing abuse (logs and rate limiting) - Article 6(1)(f) GDPR, our legitimate interest.

Meeting legal obligations (e.g. tax and accounting) - Article 6(1)(c) GDPR.

4. Recipients of your data

AI chat messages are transmitted to OpenRouter (OpenRouter, Inc., USA), which routes them to a language model to generate a reply. Transfers outside the EEA are covered by Standard Contractual Clauses.

We also use standard IT service providers (hosting, email), which process data strictly as needed to deliver their services. We do not sell your data and do not share it with third parties for marketing.

5. Retention

Contact-form submissions are kept for as long as we need them to handle your request, and then for the period required by Polish tax and civil-law provisions (up to 6 years from the end of our contact).

Server and chat technical logs are kept for up to 12 months and then deleted or anonymised.

6. Your rights

You have the right to access your data, to rectify, erase or restrict its processing, to data portability, and to object to processing based on our legitimate interest.

You also have the right to lodge a complaint with the Polish Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl) if you believe we are processing your data unlawfully.

To exercise any of these rights, email us at kontakt@kosteckilabs.com.

7. Cookies and analytics

This site does not use cookies for marketing or analytics purposes and does not use third-party analytics tools (Google Analytics, Meta Pixel and similar). We do not profile visitors.

8. Providing your data

Providing data through the contact form is voluntary, but necessary for us to reply - without your email we have no way to reach you.

9. Changes to this policy

We may update this policy if the law or the way the site works changes. The current version is always available at this address, with the last-updated date visible at the top.