Privacy Policy
This Privacy Policy describes how Blue Strings Company, s.r.o. ("we", "us", "our") collects, uses, and protects your personal information when you use exmee.com ("Service").
US We comply with the California Consumer Privacy Act (CCPA) and California Online Privacy Protection Act (CalOPPA).
EU We comply with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.
1. Data Controller / Business
Blue Strings Company, s.r.o.
Štefánikova 871/1, 058 01 Poprad, Slovakia
IČO: 51794268 · DIČ: 2120801122
Email: support@exmee.com
2. Information We Collect
| Category | Data | When |
|---|---|---|
| Identifiers | Email address | When you submit the result form |
| Demographics (optional) | Age group, gender | If you choose to provide them in the result form |
| Test data | Answers, score, per-question timing | On test completion |
| Internet activity | IP address, browser type, referrer | Automatically on each request (server logs) |
| Payment info | Order ID, amount (no card data) | If you purchase a Premium Report |
We do not collect Social Security numbers, financial account numbers, precise geolocation, biometric data, or health information.
3. How We Use Your Information
- Sending your result report by email via our transactional email provider (Resend).
- Delivering the Premium Report if purchased.
- Aggregated, anonymised analysis of test performance to improve the Service.
- Rate limiting, fraud prevention, and server security.
- Responding to your support requests.
We do not sell your personal information to third parties. We do not use your data for targeted advertising or automated decision-making with legal effects.
4. Legal Basis for Processing
EU GDPR basis
- Contract performance (Art. 6(1)(b)) — delivering the service you requested (report, premium product).
- Legitimate interest (Art. 6(1)(f)) — server logs, rate limiting, fraud prevention.
- Consent (Art. 6(1)(a)) — optional demographic data you voluntarily provide.
US Business purpose (CCPA)
All data is collected and used for the business purposes described above. We do not sell or share personal information as defined under the CCPA.
5. Third-Party Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Resend (resend.com) | Transactional email delivery | USA (DPA / SCCs for EU data) |
| GitHub | Code hosting & deployment | USA (SCCs for EU data) |
| Server hosting provider | Website hosting | EU |
These providers act as our service providers / data processors and are contractually prohibited from using your data for their own purposes.
6. Data Retention
Test session logs (including email and results) are retained for a maximum of 24 months, after which they are permanently deleted. You may request earlier deletion at any time.
7. Your Rights
US California residents (CCPA)
- Right to know — request disclosure of the personal information we have collected about you.
- Right to delete — request deletion of your personal information.
- Right to opt out of sale — we do not sell personal information, so this right does not apply.
- Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.
EU EEA residents (GDPR)
- Access — request a copy of your data.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion ("right to be forgotten").
- Restriction — ask us to limit processing.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — withdraw consent at any time without affecting prior processing.
To exercise any right, email us at support@exmee.com. We will respond within 45 days (US) / 30 days (EU). EU residents may also lodge a complaint with the Slovak Data Protection Authority: dataprotection.gov.sk.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at support@exmee.com and we will delete it promptly.
9. Security
We implement appropriate technical and organisational safeguards including HTTPS encryption for all data in transit. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
10. Cookies & Tracking
We use only technically necessary session storage (cleared when you close the tab). We do not use tracking or analytics cookies. See our Cookie Policy for details.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy with a new "Last updated" date. For material changes we will make reasonable efforts to notify you. Continued use of the Service after changes constitutes acceptance.
See also: Terms & Conditions · Cookie Policy