01Who we are
This Privacy Policy explains how Jakub Stonavský, a sole trader registered in the Czech Republic (IČO: 75239337, DIČ: CZ8408034954, registered seat: Meduňková 601/32, 103 00 Praha 10 — Kolovraty), trading as VirtuProbe Studio, collects and processes personal data. We act as the controller of the personal data described in this policy under the EU General Data Protection Regulation (GDPR) and Czech Act No. 110/2019 Coll.
Contact: legal@virtuprobe.studio
02Scope of this policy
This policy applies to the websites under virtuprobe.studio and virtuprobe.com, the VirtuProbe Studio desktop application, the optional server components, and any related services we provide.
Important: the probes, chains, scripts, and history you create with the application are stored locally on your device. We do not collect their contents. The application only contacts our license server to validate licenses and to fetch updates, and it only contacts your chosen test targets when you instruct it to.
03What we collect & why
Category
What & why
Legal basis
Account data
Name, email, organisation, password hash, License assignment. Used to create and operate your account, to assign Licenses, and to send service emails.
Contract (Art. 6(1)(b))
Billing data
Billing name, address, VAT ID, country, payment metadata, invoices. Processed by Paddle (see below); we receive a minimum copy for accounting and tax purposes.
Contract / legal obligation (Art. 6(1)(b), 6(1)(c))
License activation
License key, anonymised device identifier, application version, OS, last seen timestamp. Used to enforce per-user licensing (including the three-device limit) and to ship updates.
Contract / legitimate interest (Art. 6(1)(b), 6(1)(f))
Support & comms
Emails you send us, attachments you choose to share, application logs you upload to a support ticket. Used to answer your questions and fix bugs.
Contract / legitimate interest
Crash & usage telemetry
Crash reports and aggregated, non-identifying usage metrics (e.g. "feature X used N times this week"). Sent only if you have it enabled in the app.
Consent (Art. 6(1)(a))
Website analytics
Aggregated, privacy-friendly metrics (pages viewed, country-level traffic). No cross-site tracking, no advertising profiles.
Legitimate interest (Art. 6(1)(f))
Academic License verification
Information you submit on the Academic License application form (institutional .edu email, enrolment letter, or faculty page). Used only to verify eligibility.
Contract / consent
GA launch notification
Email address submitted via the "Notify me at GA" form on the website. Used to send a single email when downloads open at General Availability. You may request deletion at any time by emailing us.
Consent (Art. 6(1)(a))
We do not sell your data and we do not use it for advertising profiling. The contents of your probes, requests, payloads, and chains are not transmitted to us by default.
04Legal basis (GDPR)
We process personal data on one of the following legal bases, as shown in the table above:
- Performance of a contract (Art. 6(1)(b)) — to give you what you paid for.
- Legal obligation (Art. 6(1)(c)) — to keep accounting and tax records as required by Czech and EU law.
- Legitimate interest (Art. 6(1)(f)) — to prevent fraud and abuse, secure our systems, and run our business.
- Consent (Art. 6(1)(a)) — for crash and usage telemetry, and for any optional marketing emails.
05Billing & Paddle
We use
Paddle.com Market Limited as our
Merchant of Record to process all paid Orders. Paddle is an independent controller for the payment, fraud-prevention, and tax data they collect at checkout. Paddle handles your card details directly — we never see your full card number. See
paddle.com/legal/privacy for Paddle's privacy notice.
From Paddle we receive: your billing email, billing country, an order ID, plan, amount, and tax line items. We use these to provision your account, issue receipts, and keep tax-compliant records.
06Third-party processors
We rely on the following categories of processors. Each is bound by a data-processing agreement (DPA) and only processes data on our instructions:
- Payments & tax — Paddle (Merchant of Record).
- Email — our transactional email provider for service emails (account confirmations, receipts, security alerts).
- Hosting — cloud provider hosting the website, license server, and update server.
- Error monitoring — crash-report and error-monitoring service, processing anonymised stack traces.
- Analytics — a privacy-friendly, cookie-free website analytics service.
The current list of named subprocessors is available on request from legal@virtuprobe.studio.
07International transfers
Some of our processors are based outside the European Economic Area (EEA). Where this is the case, transfers are protected by an adequacy decision of the European Commission, by Standard Contractual Clauses (2021/914), or by another lawful transfer mechanism under Chapter V of the GDPR.
08Retention
- Account data: kept for the duration of your account and deleted within 90 days after termination, unless we are required to keep it longer.
- Billing / tax records: kept for the period required by Czech tax law (currently up to 10 years).
- Support correspondence: kept for up to 3 years to handle related follow-up.
- Crash & telemetry: kept in aggregated form for up to 24 months.
- Web analytics: kept in aggregated form for up to 24 months.
09Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate personal data corrected.
- Have personal data erased ("right to be forgotten"), subject to legal retention obligations.
- Restrict or object to certain processing.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with a supervisory authority. In the Czech Republic, this is the Úřad pro ochranu osobních údajů (uoou.cz).
To exercise any of these rights, write to legal@virtuprobe.studio. We respond within one month.
10Cookies & analytics
Our marketing website uses a minimal set of strictly necessary cookies (for example, to remember that you dismissed a banner). We do not use third-party advertising cookies or cross-site tracking. If we deploy analytics, we use a privacy-friendly, cookie-free service that does not build personal profiles.
The desktop application itself does not use cookies.
11Security
We use industry-standard measures to protect personal data, including TLS in transit, encryption of credentials at rest, hardened cloud infrastructure, role-restricted access, and regular updates. No system is perfectly secure; if a breach happens that is likely to result in a risk to your rights, we will notify you and the supervisory authority as required by the GDPR.
12Children
The Service is intended for users aged 16 or older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
13Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows the latest version. Material changes will be communicated by email or in-product notice where appropriate.
For privacy-related questions, data-subject requests, or general legal questions, write to legal@virtuprobe.studio.
Jakub Stonavský
IČO: 75239337
DIČ: CZ8408034954
Seat: Meduňková 601/32, 103 00 Praha 10 — Kolovraty, Czech Republic
Email: legal@virtuprobe.studio