Privacy Policy
Last updated: 28 June 2026
This Privacy Policy explains what personal data Plesica ("we", "us") collects, why, how we use and protect it, and the rights you have. It is written to meet the requirements of the EU General Data Protection Regulation (GDPR) and similar laws.
Data controller: Vojtěch Průša, Pod Vinicí 244, 286 01 Vrdy, Czech Republic, Business ID (IČO) 07504829 — a self-employed individual registered under the Czech Trade Licensing Act (not VAT-registered). Privacy contact: support@plesica.com.
1. Data we collect
| Category | Examples |
|---|---|
| Account data | Email address, hashed password, email-verification status, and — if you sign in with Google — your Google account identifier and email. |
| Learning content | The folders, cards, decks, imports, and spaced-repetition progress you create in the app. |
| Technical data | Session token (stored in a secure cookie), IP address, browser/device information, and server logs needed to run and secure the Service. |
| Communications | Messages you send us, e.g. support emails. |
We do not sell your data, and we do not use your learning content for advertising or to train third-party models.
2. Why we use it and the legal basis
- To provide the Service — create your account, store your cards and progress, run the learning engine. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- To secure accounts and prevent abuse — authentication, session management, fraud and abuse prevention. Legal basis: legitimate interests (Art. 6(1)(f)).
- To communicate with you — verification emails, password resets, and responses to your requests. Legal basis: contract and legitimate interests.
- To comply with the law — meet legal and regulatory obligations. Legal basis: legal obligation (Art. 6(1)(c)).
3. Who we share data with
We share personal data only with processors and partners that help us run the Service, under appropriate agreements:
- Hosting and infrastructure providers that store the database and run the servers.
- Email delivery provider used to send verification and password-reset messages.
- Google, if you choose Google sign-in, to authenticate you (subject to Google's own privacy policy).
- Authorities, where required by law or to protect rights, safety, and the Service.
4. How long we keep it
We keep account and learning data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must keep certain records to meet legal obligations or to resolve disputes. One-time tokens (verification, password reset) and sessions are short-lived and expire automatically.
5. How we protect it
Passwords are stored only as salted hashes (scrypt) and session tokens are hashed at rest. Sessions use httpOnly, secure cookies. We use encryption in transit (HTTPS), parameterised database queries, least-privilege access, and validate all input at every boundary. No method of transmission or storage is completely secure, but we work to protect your data using industry-standard measures.
6. International transfers
Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
7. Your rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your data ("right to be forgotten");
- restrict or object to certain processing;
- data portability — receive your data in a structured, machine-readable format;
- withdraw consent at any time, where processing is based on consent; and
- lodge a complaint with a supervisory authority.
To exercise any of these rights, email support@plesica.com. We will respond within the time limits set by law.
8. Children
The Service is not directed at children under 16 (or the age of digital consent in your country). We do not knowingly collect their data; if you believe a child has provided us personal data, contact us and we will delete it.
9. Cookies
We use a small number of cookies that are strictly necessary to run the Service. See our Cookie Policy for details.
10. Changes
We may update this Policy. We will change the "Last updated" date and, for material changes, provide additional notice where appropriate.
11. Contact and complaints
Contact us at support@plesica.com. If you are in the EU/EEA and believe we have not handled your data lawfully, you may also complain to your local data-protection authority (in the Czech Republic, the Úřad pro ochranu osobních údajů).