Privacy Policy

Last updated: March 23, 2026

Introduction

Perier Sp. z o.o. (“we”, “us”, “our”), operating as Kommt, operates the kommt.dev website and API. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our service. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Polish data protection law.

Data We Collect

Account Data

When you create an account, we collect your email address and name. This data is necessary to provide you with access to the service and manage your subscription.

API Usage Data

We log API requests including timestamps, endpoints called, request parameters (carrier and postal code), response codes, and your IP address. This data is used for rate limiting, billing, debugging, and service improvement.

Payment Data

Payments are processed by Stripe. We do not store your credit card number or bank details on our servers. Stripe processes your payment information in accordance with their own privacy policy. We receive and store a Stripe customer ID, subscription status, and billing history.

How We Use Your Data

  • Providing and maintaining the delivery prediction API
  • Processing payments and managing subscriptions
  • Enforcing rate limits and usage quotas per your plan
  • Monitoring for abuse, fraud, and security threats
  • Improving prediction accuracy and service reliability
  • Communicating service updates and changes

Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) — Processing your account and API usage data is necessary to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — We process usage data for security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a)) — Where required, we obtain your explicit consent before processing (e.g., optional analytics cookies).

Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers, each bound by data processing agreements:

  • Stripe — Payment processing
  • Infrastructure providers — Hosting and database services (EU-based)

Data Retention

We retain your account data for the duration of your active account. API usage logs are retained for 90 days. Payment records are retained as required by Polish tax law (typically 5 years). Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access — Request a copy of the data we hold about you
  • Rectification — Correct inaccurate or incomplete data
  • Erasure — Request deletion of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Restrict processing of your data
  • Objection — Object to processing based on legitimate interests

To exercise any of these rights, contact us at the email below. You also have the right to lodge a complaint with your local data protection supervisory authority.

International Transfers

Our infrastructure is hosted within the European Union. Where data is transferred to third parties outside the EU (e.g., Stripe's US operations), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses.

Contact

For privacy-related inquiries, contact us at [email protected].