FixMyCWV

Privacy Policy

Last updated: March 31, 2026

1. Data Controller

The data controller for FixMyCWV is Oleksandr Utkin, OSVČ (IČO: 24392596), Vrbenského 1640/43, 170 00, Praha 7 – Holešovice, Czech Republic. Contact email: a.utkin17@gmail.com.

2. Information We Collect

When you use FixMyCWV, we collect the following information:

  • Your email address and name (provided via Clerk authentication)
  • The URLs you submit for auditing
  • Payment details (processed securely by Stripe — we never store card numbers)
  • Standard server logs (IP address, browser type, timestamps)

3. How We Use Your Data

We use your information to:

  • Provide and improve our Core Web Vitals auditing service
  • Generate AI-powered performance recommendations based on your audit data
  • Process payments and manage your subscription
  • Send transactional emails (receipts, account notifications)
  • Analyze usage patterns to improve the product (aggregated, anonymized)

4. Legal Basis for Processing

We process your data on the following legal grounds under GDPR Article 6:

  • Contractual necessity (Art. 6(1)(b)) — authentication, audit execution, AI recommendation generation, payment processing
  • Legitimate interest (Art. 6(1)(f)) — service improvement through anonymized analytics, transactional email notifications
  • Legal obligation (Art. 6(1)(c)) — tax and accounting records retention as required by Czech law

5. Third-Party Services

We use the following third-party services that may process your data:

  • Clerk — authentication and user management
  • Stripe — payment processing (PCI DSS compliant)
  • Anthropic (Claude AI) — audit data analysis for generating recommendations (URLs, performance metrics, and screenshots are sent for processing)
  • Google PageSpeed Insights API — lab performance data collection
  • Google Chrome UX Report (CrUX) — field performance data
  • Decodo (Smartproxy) — residential proxy routing for geo-targeted audits

6. International Data Transfers

Your data may be transferred to and processed in the United States by our third-party service providers (Anthropic, Clerk, Stripe, Google, DigitalOcean). These transfers are protected by the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent safeguards in accordance with GDPR Chapter V.

7. Data Retention

Audit reports are stored for the lifetime of your account. You can request deletion of your data at any time by contacting us at a.utkin17@gmail.com. Upon account deletion, all associated audit data is permanently removed within 30 days.

8. Cookies

We use essential cookies for authentication and session management via Clerk. We do not use advertising or third-party tracking cookies.

9. Your Rights

Under GDPR, you have the right to: access your personal data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, and object to processing. To exercise any of these rights, contact a.utkin17@gmail.com. You also have the right to lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

10. Minimum Age

The Service is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

11. Security

We use industry-standard security measures including encrypted connections (TLS), secure authentication via Clerk, and PCI-compliant payment processing via Stripe. Audit data is stored in encrypted databases on DigitalOcean infrastructure.

12. Changes to This Policy

We may update this policy at any time. We will notify users of material changes via email. Continued use of the Service after changes constitutes acceptance.

13. Contact

For privacy-related questions, please contact: Oleksandr Utkin, Vrbenského 1640/43, 170 00 Praha 7, Czech Republic. Email: a.utkin17@gmail.com.