Privacy Policy

Teosmart sp. z o.o. ("Teosmart", "we", "us") designs and manufactures architectural furniture and operates the website at teosmart.app (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

We are the data controller of personal data processed through the Service. You can reach our data team at [email protected].

Account data. First and last name, email address, hashed password, country, and the credit balance associated with your account.

Order and billing data. Items purchased, credit packages, applied promo codes, currency selection, billing address, and bank transfer references. We do not store full card numbers; card payments, once available, will be tokenised by our payment provider.

Communications. Messages you send through our contact forms or by email, and the metadata of those messages.

Technical data. IP address, browser type, device information, referring URL, pages viewed, and timestamps — collected via server logs and (where you have consented) analytics cookies.

We rely on the following GDPR lawful bases:

• Contract. To create your account, process credit top-ups and fulfil orders.
• Legal obligation. To retain invoices and tax records.
• Legitimate interests. To secure the Service, prevent fraud, and improve our products. We balance these against your rights.
• Consent. For analytics and marketing cookies, and for any optional newsletter you subscribe to. You can withdraw consent at any time.

We use personal data to:

• Provide and operate your account and the catalogue.
• Process credit purchases, refunds and bank transfers.
• Send transactional emails (order confirmations, password resets).
• Respond to inquiries and provide customer support.
• Detect and prevent fraud, abuse and security incidents.
• Comply with our legal and tax obligations.

We share personal data only with carefully selected processors who act under written contracts: our cloud hosting provider, our email delivery provider, our analytics provider (when consented), and the banks processing your transfers. We do not sell personal data.

We may disclose data when required by law, a court order, or to protect the rights, property or safety of Teosmart, our customers or others.

Teosmart is based in Poland and primarily processes data inside the European Economic Area. Where processors are located outside the EEA we rely on the European Commission's Standard Contractual Clauses and additional safeguards as required.

• Account data: for the lifetime of your account, plus 12 months.
• Order and invoice data: 7 years (statutory accounting period).
• Support correspondence: 24 months from the last interaction.
• Server logs: 30 days for operational logs, 12 months for security logs.

Subject to GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. Where processing relies on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. You also have the right to lodge a complaint with your local supervisory authority (in Poland: UODO).

We use TLS in transit, encrypted storage at rest, principle-of-least- privilege access, audit logging and regular penetration testing. Passwords are hashed with a memory-hard algorithm and we never have access to your plaintext credentials.

The Service is not directed to children under 16 and we do not knowingly collect data from them. If you believe a child has provided us with personal data, please contact [email protected].

We may update this policy as the Service evolves. Material changes will be announced by email or via a prominent notice in the Service before they take effect. The "Last updated" date above always reflects the current version.