Start Free Trial

Privacy Policy

Last Updated: February 3, 2026

1. Introduction

This Privacy Policy, effective as of February 3, 2026, explains how Freenance ("we", "our", or "us") collects, uses, and protects your personal information when you use our financial management platform. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Polish data protection laws.

2. Definitions

  • "User" — a natural person using the Freenance platform.
  • "Controller" — Rafał Bajda conducting business activity under the name "Rafał Bajda".
  • "Personal Data" — any information enabling the identification of a user within the meaning of GDPR.

3. Data Controller

Freenance is operated as a Polish sole proprietorship (Jednoosobowa Działalność Gospodarcza - JDG) by Rafał Bajda and is the data controller responsible for processing your personal data.

  • Address: Przeworska 9b/62, 04-382 Warszawa, Poland
  • Email: support@freenance.io

4. Personal Data We Collect

We collect the following categories of personal data:

  • Personal identification data (name, email address, phone number)
  • Financial data (account balances, transactions, investment portfolios)
  • Technical data (IP address, device information, browser type, error logs, performance metrics)
  • Usage data (how you interact with our platform, features used)

5. Purpose of Data Processing

We process your personal data for the following purposes:

  • Providing and maintaining our financial management services
  • Managing your user account and authentication
  • Analyzing your financial data to provide insights and recommendations
  • Communicating with you about our services and updates
  • Complying with legal and regulatory requirements
  • Preventing abuse, fraud, and ensuring service security

6. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance - to provide our services under the terms of service
  • Consent - for marketing communications and optional features
  • Legitimate interest - for service improvement and fraud prevention
  • Legal obligation - to comply with financial regulations

7. Data Sharing and Third Parties

We may share your personal data with third parties in the following circumstances:

  • Hosting Services: We use Railway for hosting and deployment of our services, and Cloudflare for content delivery and security. Your data is stored on servers located within the European Economic Area (EEA) or in regions with equivalent data protection standards, ensuring compliance with EU data protection requirements.
  • Monitoring Services: We use Sentry for frontend error monitoring, performance tracking, and session replay to ensure service quality. This includes: (a) Error Monitoring — stack traces, error messages, and breadcrumbs of user actions leading to errors; (b) Performance Monitoring — page load times, transaction durations, and browser performance metrics; (c) Session Replay — anonymized recordings of user interactions to help diagnose errors, with all text content and form inputs masked to protect personal and financial data. Replays are captured for a sample of sessions and are retained for 30 days. Legal basis: legitimate interest in maintaining service quality (Art. 6(1)(f) GDPR). Sentry processes data as a data processor under a Data Processing Agreement (Art. 28 GDPR). Privacy Policy: https://sentry.io/privacy/
  • Communication tools and customer support providers.
  • Payment service providers – Stripe, only to the extent necessary for payment processing and subscriptions. Stripe may process data outside the European Economic Area (EEA). In such cases, appropriate safeguards are applied, including standard contractual clauses approved by the European Commission.
  • Data Minimization: We only share the minimum amount of data necessary for these services to function properly. Session replays mask all text content and form inputs — no passwords, financial amounts, or personal identifiers are captured in readable form.
  • Legal Basis: Data sharing with these third parties is based on our legitimate interest in maintaining service quality and security, as well as contractual necessity for service provision.

8. Transfer of Data Outside EEA

We do not transfer personal data outside the European Economic Area (EEA). If this becomes necessary in the future, data transfer will only occur based on appropriate safeguards, such as standard contractual clauses approved by the European Commission.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Financial data is typically retained for 7 years in accordance with financial regulations.

  • Financial data: 7 years after termination of cooperation (in accordance with financial regulations).
  • Account data: until account deletion by the user.
  • Marketing data: until consent withdrawal.
  • Error monitoring and session replay data: 30 days (Sentry default retention).

10. Anonymized and Aggregated Data Usage

We may process your personal data to create anonymized and aggregated datasets that cannot be used to identify individual users. Such anonymized and aggregated data may be used for:

  • Statistical analysis and service improvement - to understand general usage patterns and trends
  • Research and development - to enhance our platform features and user experience
  • Benchmarking and reporting - to provide industry insights and comparative analytics

Legal Basis: Processing of anonymized and aggregated data is based on our legitimate interest (Art. 6(1)(f) GDPR) in improving our services and understanding market trends. Once data is truly anonymized (irreversibly de-identified), it is no longer considered personal data under GDPR and may be used without additional consent.

No Individual Identification: We ensure that anonymized data cannot be used to identify, contact, or locate individual users. All personally identifiable information is removed or encrypted before aggregation.

11. Voluntary Nature of Data Provision

Providing personal data is voluntary, but necessary to create an account and use Freenance platform services. Failure to provide required data may prevent service provision. Where data processing is required by law (e.g., tax obligations), data provision is mandatory.

12. Your Rights

Under GDPR and Polish data protection laws, you have the following rights:

  • Right of access - to obtain a copy of your personal data
  • Right of rectification - to correct inaccurate personal data
  • Right of erasure - to request deletion of your personal data
  • Right of restriction - to limit how we process your data
  • Right of data portability - to receive your data in a structured format
  • Right of objection - to object to certain types of processing
  • Right to withdraw consent - to withdraw your consent at any time where processing is based on consent

To exercise your rights, you can contact us at support@freenance.io.

13. How to Submit a Data Subject Access Request (DSAR)

To exercise any of your data protection rights, you may submit a Data Subject Access Request (DSAR) using the following procedure:

  • How to submit: Send your request via email to support@freenance.io with the subject line 'Data Subject Access Request' or 'DSAR'.
  • Identification: To protect your privacy, we may need to verify your identity before processing your request. Please include sufficient information to identify your account (e.g., email address associated with your Freenance account).
  • Response time: We will acknowledge your request within 72 hours and provide a substantive response within 30 days of receiving your verified request, as required by GDPR Article 12.
  • Extension: In complex cases, we may extend the response period by an additional 60 days. If an extension is necessary, we will inform you within the initial 30-day period.
  • Format: Data will be provided in a commonly used, machine-readable format (e.g., JSON, CSV) unless you request otherwise.
  • Fee: There is no fee for the first request within a 12-month period. For manifestly unfounded or excessive requests, we may charge a reasonable administrative fee or refuse to act on the request.
  • Appeal: If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority (UODO).

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the supervisory authority (UODO) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.
  • Provide you with information about: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.
  • Notification will be sent via email to the address associated with your Freenance account, and/or displayed prominently on our website if direct contact is not possible.
  • We maintain detailed records of all data breaches, including facts, effects, and remedial actions taken, in accordance with GDPR Article 33(5).

15. Complaints to Supervisory Authority

You have the right to file a complaint with the supervisory authority - the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, Poland, https://uodo.gov.pl.

16. Profiling and Automated Decision-Making

The Freenance platform may analyze user financial data to provide personalized insights and investment recommendations. However, we do not make decisions that have legal effects or similarly significantly affect the user, which would be based solely on automated data processing (profiling).

17. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, access controls, and regular security audits.

  • Encryption - all data in transit and at rest is encrypted using industry-standard protocols
  • Secure storage - data is stored on servers located within the European Economic Area (EEA)
  • Access controls - strict access controls limit data access to authorized personnel only
  • Security audits - regular security audits and penetration testing ensure ongoing protection
  • Backup and recovery - encrypted backups are created regularly to prevent data loss

18. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

20. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@freenance.io

Address: Rafał Bajda, Przeworska 9b/62, 04-382 Warszawa, Poland