Privacy Policy

Tsvetan Emil Vasilev
Neuer Selbständiger gem. § 2 Abs. 1 Z 4 GSVG
Hietzinger Hauptstraße 150/4, 1130 Wien, Austria
Email: office@redot.io

We collect personal data only when you voluntarily provide it through our website. This includes:

Audit Scorecard: Name, email address, store URL (optional), and your answers to the audit questions (monthly revenue range, email setup details, platform).

Newsletter Signup: Email address only.

Strategy Call Booking: Name, email address, and selected time slot.

Contact via Email: Any information you include when emailing us directly.

We use the data we collect for the following purposes:

To deliver your audit scorecard results and personalized recommendations.

To send you our newsletter if you subscribed (you can unsubscribe at any time).

To schedule and conduct strategy calls.

To follow up with relevant information about our services.

To improve our website and services based on aggregated, anonymized usage patterns.

We process your personal data based on:

Consent (Art. 6(1)(a)): When you submit the audit scorecard, sign up for our newsletter, or book a call, you actively consent to the processing of your data for the stated purposes.

Legitimate Interest (Art. 6(1)(f)): For follow-up communication related to services you expressed interest in, and for improving our website.

Contract Performance (Art. 6(1)(b)): When processing is necessary to deliver services you have engaged us for.

We share your data only with the following service providers who process data on our behalf:

Klaviyo, Inc. (Boston, USA) — Email marketing platform. Stores subscriber profiles, audit data, and sends email communications. Data transferred to the US under EU-US Data Privacy Framework. Klaviyo Privacy Policy

Notion Labs, Inc. (San Francisco, USA) — Internal project management. Stores lead and subscriber data for our operational use only. Notion Privacy Policy

Vercel, Inc. (San Francisco, USA) — Website hosting platform. May process server logs containing IP addresses and request data. Vercel Privacy Policy

HighLevel, Inc. (Dallas, USA) — CRM and client communication platform. Used for client management and communication. GoHighLevel Privacy Policy

Google LLC (Mountain View, USA) — We plan to implement Google Analytics for website usage analysis. If enabled, Google will process anonymized usage data. Google Privacy Policy

Meta Platforms, Inc. (Menlo Park, USA) — We may implement the Meta Pixel for advertising measurement. If enabled, Meta will process anonymized interaction data. Meta Privacy Policy

All US-based processors participate in the EU-US Data Privacy Framework or have Standard Contractual Clauses in place to ensure adequate data protection.

Audit data: Retained for 24 months from submission, then deleted unless you become a client.

Newsletter subscribers: Retained until you unsubscribe. Upon unsubscription, your email is suppressed (not deleted) to prevent re-enrollment.

Client data: Retained for the duration of the business relationship plus 7 years as required by Austrian tax law (BAO §132).

Server logs: Automatically deleted after 30 days by our hosting provider.

Under the GDPR, you have the right to:

Access — Request a copy of the personal data we hold about you.

Rectification — Request correction of inaccurate data.

Erasure — Request deletion of your data ("right to be forgotten").

Restriction — Request that we limit processing of your data.

Data Portability — Receive your data in a structured, machine-readable format.

Objection — Object to processing based on legitimate interest.

Withdraw Consent — Withdraw previously given consent at any time.

To exercise any of these rights, contact us at office@redot.io. We will respond within 30 days.

Our website currently uses only essential cookies required for the website to function. We do not use tracking or advertising cookies. If we implement analytics tools in the future, we will update this policy and request your consent before setting any non-essential cookies. See our Cookie Policy for details.

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (HTTPS/TLS), access controls on all systems, and regular review of our data processing practices.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
www.dsb.gv.at
Email: dsb@dsb.gv.at

We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.