Back to home Stable Guard Technologies

Legal · Privacy notice

Personal Data Processing Terms

Version 2.0 Last updated: 6 April 2026 GDPR · EU 2016/679

These Personal Data Processing Terms (the "Terms") describe how [Stable Guard Technologies s.r.o.], with its registered office at [Registered office address], Company ID [Company ID], registered in [Commercial register] (the "Company", "we" or "us") processes your personal data in connection with the operation of the Stable Guard Technologies application for stable management, equine care, training records and competition logistics (the "Application" or "Services") at stablegt.com.

§ 01

Who we are

For the personal data described in these Terms, the Company acts as the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR") and Czech Act No. 110/2019 Coll. on the processing of personal data.

We take your privacy seriously. We process only the personal data we genuinely need to operate the Services, and every processing activity is tied to a specific legal basis listed below.

Person responsible for data protection
[Name of responsible person]
[Address of responsible person]
privacy@stablegt.com

If you have any questions about this document or wish to exercise any of your rights under the GDPR, please contact us in the manner described in Section 14 below.

§ 02

What personal data we collect and why

We collect the following personal data ("Personal Data") depending on how and to what extent you use our Application and Services.

2.1   Data necessary for registration and access to the Application

For the purpose of registering in our Application and subsequently logging in and accessing personalized services, we process the following Personal Data: (i) username, (ii) password (stored as a bcrypt hash, never in plain text), (iii) optionally an email address, (iv) the chosen role and (v) language preference.

Processing this data is necessary for the performance of a contract to which you are a party. The legal basis for processing this information is Article 6(1)(b) GDPR.

2.2   Data necessary for providing the Services

For the purpose of providing our Services (stable management, horse records, training plans, competition entries and other operational features), we process the operational data you enter: (i) information about your horses, (ii) feeding logs, (iii) health and farrier records, (iv) training plans and videos, (v) competition entries, (vi) photographs and (vii) course diagrams. You decide what you record in the Application.

Processing this data is necessary for the performance of a contract to which you are a party. The legal basis for processing this information is Article 6(1)(b) GDPR.

2.3   Data collected for marketing purposes

For the purpose of sending our newsletter and information about news, discounts, improvements and offers by email, we process: (i) your email address, (ii) optionally your name and (iii) language preference.

We process this Personal Data on the basis of your explicit consent. The legal basis for processing this information is Article 6(1)(a) GDPR.

If you decide that you no longer wish to receive such messages, you have the right to withdraw your consent at any time by clicking the unsubscribe link in the footer of any email. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

2.4   Data collected when you use the Application

For the purpose of continuously improving our Services and developing your user experience, we process information about: (i) anonymized IP address, (ii) browser type and version and operating system, (iii) pages visited and duration of visit, (iv) traffic source (UTM parameters) and (v) usage patterns of the Application. To understand where users get stuck, we use the open-source rrweb library hosted on our own servers (more in Section 2.7).

We process this Personal Data only on the basis of your explicit consent given through the cookie banner. The legal basis for processing this information is Article 6(1)(a) GDPR. No analytics script runs until you give consent.

2.5   Data collected when you communicate with us

For the purpose of communicating with us for any reason (support, bug reports, questions about Services, problem resolution), we process: (i) your name, (ii) email address, (iii) the content of the communication, (iv) metadata associated with the communication and (v) any other data you choose to include.

Processing this data is necessary for the performance of a contract or for taking steps prior to entering into a contract. The legal basis for processing this information is Article 6(1)(b) GDPR.

2.6   Data necessary for payment processing

If you purchase a paid service or subscription within the Application, we process the following data for the purpose of completing the payment: (i) first and last name, (ii) billing address, (iii) email and (iv) data necessary for invoicing. We never process or store actual payment details (card number, expiry date, CVV) — these are processed directly by the payment service provider (see Sections 4 and 11).

Processing this data is necessary for the performance of a contract. The legal basis for processing this information is Article 6(1)(b) GDPR. Data arising from accounting and tax obligations is also processed under Article 6(1)(c) GDPR.

2.7   Self-hosted session recordings (rrweb) — no third party

To understand where users get stuck on our public pages, we run the open-source rrweb library on our own infrastructure. Form inputs are masked, no audio or video is captured, and recordings are automatically deleted after 7 days by a daily cleanup job. No data ever leaves our servers — no third party is involved.

The recorder does not start until you accept analytics in the cookie banner. The legal basis is Article 6(1)(a) GDPR (consent).

§ 03

On what other grounds may we process your Personal Data

In addition to the above, we have the right to process your Personal Data for the purpose of complying with our legal obligations under Article 6(1)(c) GDPR (in particular accounting and tax law) or to protect our legitimate interests under Article 6(1)(f) GDPR — typically fraud prevention, network and information security, the establishment, exercise and defence of legal claims, and direct marketing to the extent permitted by Recital 47 GDPR.

We will process your Personal Data in accordance with applicable law and will protect it against misuse and unlawful disclosure.

§ 04

With whom we share your Personal Data

For the purpose of operating the Application and providing the Services, we have the right to disclose Personal Data, in line with the data minimization principle, only to a limited circle of persons — our employees, contractual processors and service providers — to the extent necessary to achieve the purpose. Each processor has signed a Data Processing Agreement (DPA) with us and processes data only on our documented instructions. Specifically:

  • Stripe Payments Europe, Limited, North Wall Quay, Dublin 1, Ireland — online payment and subscription processing.
  • Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA (processing in EU/Ireland) — delivery of transactional and marketing emails.
  • [Cloud hosting provider], [Address], Frankfurt, Germany — operation of application servers and PostgreSQL database.
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — traffic measurement (Google Analytics 4) and conversion measurement for paid search (Google Ads). Only after your consent in the cookie banner.
  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland — measurement of paid Facebook and Instagram ad effectiveness (Meta Pixel). Only after your consent in the cookie banner.
  • Seznam.cz, a.s., Radlická 3294/10, 150 00 Praha, Czech Republic — conversion measurement for Sklik ads. Only after your consent in the cookie banner.

We further have the right to disclose your Personal Data: (i) to the extent required by applicable law, (ii) in connection with ongoing or future legal proceedings, or (iii) to establish, exercise or defend our legal rights. We will notify users in advance before adding any new processor that touches personal data.

§ 05

Do we transfer your Personal Data to third countries

Your account and operational data is primarily stored on servers in the European Union (Frankfurt, Germany) and never leaves the European Economic Area (EEA).

A small number of our processors (Google Analytics, Meta Pixel, Google Ads) are operated by parent companies in the United States. Transfers of Personal Data to these providers rely on the European Commission's adequacy decision under the EU–US Data Privacy Framework adopted on 10 July 2023, supplemented by Standard Contractual Clauses (SCCs) where required. These services run only after you have given consent in the cookie banner.

The current list of countries with an adequate level of protection is published by the Czech Office for Personal Data Protection at uoou.cz.

§ 06

How long we keep your Personal Data

We keep Personal Data only for as long as we need it for the purpose for which it was collected:

  • Account and operational data — for the lifetime of your account. Permanently deleted within 30 days of account deletion.
  • Newsletter contacts — until you unsubscribe, then anonymized.
  • Self-hosted session recordings (rrweb) — 7 days, then automatically deleted by a daily cleanup job.
  • Google Analytics 4 data — 14 months (Google's default retention).
  • Server access logs — 30 days, kept for security and abuse investigation.
  • Support communication — until your request is resolved, then up to 12 months for service-quality evidence.
  • Invoices and accounting records — as required by Czech accounting law (typically 5 to 10 years).

§ 07

How you can withdraw your consent

You can withdraw your consent to the processing of personal data at any time. Specifically:

• You can withdraw newsletter consent by clicking the unsubscribe link in the footer of any email. • You can withdraw analytics and marketing cookie consent in the cookie banner, which you can reopen from the footer of any page. • To withdraw any other consent or for general questions, contact us at privacy@stablegt.com.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

§ 08

What rights you have

Under the GDPR you have the following rights with respect to the Personal Data we process about you:

  • Right of access (Art. 15) — obtain confirmation as to whether we process your Personal Data and, if so, a copy together with information about the purposes, categories, recipients and retention period.
  • Right to rectification (Art. 16) — correct inaccurate or complete incomplete Personal Data.
  • Right to erasure (Art. 17) — request deletion ("right to be forgotten") if the data is no longer necessary, consent has been withdrawn, or processing was unlawful.
  • Right to restriction of processing (Art. 18) — restrict how we process your data, particularly while accuracy is being verified or an objection is pending.
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used and machine-readable format and transmit it to another controller.
  • Right to object (Art. 21) — object to processing based on legitimate interest or to direct marketing.
  • Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint with a supervisory authority — in the Czech Republic this is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, uoou.cz.

You can exercise most of these rights directly inside the Application — edit or delete your account, your horses and your records at any time. For anything that requires our involvement, write to privacy@stablegt.com; we respond without undue delay and at the latest within 30 days as required by Article 12(3) GDPR.

§ 09

Do we use automated decision-making and profiling

When providing our Services, we do not use automated decision-making or profiling within the meaning of Article 22 GDPR — that is, decisions which produce legal effects concerning you or similarly significantly affect you and are based solely on automated processing without human involvement.

We do not use machine-learning algorithms to profile users or to personalize prices or feature availability. The recommendation logic in the Application (such as training or exercise suggestions) is based solely on parameters you have entered and does not process your personal characteristics.

§ 10

Do we process the personal data of children

We consider the protection of children's privacy particularly important. We do not knowingly collect any Personal Data from persons under 16 years of age. If you are under 16, please do not send us any of your Personal Data and do not create an account in the Application without your legal guardian's consent.

If we discover that any Personal Data we process relates to a person under 16 for whom no legal guardian's consent has been given, we will delete such data without delay. If you suspect that we may be processing information about persons under 16, please contact us at privacy@stablegt.com.

§ 11

How we cooperate with third-party websites

The Application and our website may contain hyperlinks to third-party websites and services (such as video hosts, social networks, partner stores). We have no control over the content of these sites and bear no responsibility for their personal data practices. We recommend that you carefully read the privacy policies of any such third parties before providing them with any personal data.

§ 12

What cookies we use

A cookie is a small file containing an identifier sent by a web server to your browser and stored on your device. We use cookies in three categories:

Strictly necessary cookies — without these the Application cannot function correctly (login, session preservation, CSRF protection). These cookies do not require consent and cannot be disabled.

Analytics cookies — help us understand how the Application is used and improve it. They include our self-hosted rrweb recorder and Google Analytics 4. They are activated only after your consent.

Marketing cookies — used by our advertising partners (Meta, Google Ads, Sklik) to measure ad effectiveness. They are activated only after your consent.

A full list of every individual cookie — name, provider, purpose and expiry — is available at any time by clicking Cookie settings (also linked in the footer of every page).

§ 13

How we update these Terms

We reserve the right to change these Terms. For material changes, we update the version number and date at the top of this page, and for changes that affect how we process your Personal Data we will notify logged-in users via an in-app banner before the change takes effect.

It is important that you review these Terms from time to time so that you are aware of any changes. Older versions of these Terms are available on request.

§ 14

Have other questions? Contact us

If you have any question about the processing of your Personal Data, wish to exercise any of your rights under the GDPR, or wish to lodge a complaint about how we handle your data, please contact us by email or in writing at the following address:

[Stable Guard Technologies s.r.o.]
[Registered office address, Czech Republic]
Company ID: [Company ID]
privacy@stablegt.com