Privacy Policy - Muban Document Generation Service

Last updated: April 23, 2026

This Privacy Policy explains how personal data provided via the contact and demo request forms on muban.me is processed under Regulation (EU) 2016/679 (“GDPR”). The website does not use analytics cookies, advertising cookies or tracking technologies. The forms act solely as a gateway to send an email to our business inbox — no form data is stored in any database or customer-relationship system.

1. Data Controller

The controller of your personal data is:
Radosław Żak-Brodalko, individual entrepreneur registered in CEIDG (Central Register and Information on Economic Activity, Poland)
ul. Szczytowa 4/4, 20-562 Lublin, Poland
NIP (Tax ID): 5782143815
Contact: contact@muban.me

2. Categories of Data and Source

We process only the data that you voluntarily provide in the form:

identification and contact data (name, company name, email address, phone number — if provided);
the content of your inquiry (industry, document volume, use case, message, inquiry type);
technical transport data (IP address, user-agent) that accompanies the HTTP request — used only transiently to deliver the message and prevent abuse; not stored after delivery.

Providing data is voluntary, but required fields are necessary to respond to your request. If you do not provide them, we will not be able to reply.

3. Purposes and Legal Basis

Purpose	Legal basis
Answering your inquiry and preparing a quote/demo for your organisation	Art. 6(1)(b) GDPR — steps taken at your request prior to entering into a contract; or Art. 6(1)(f) GDPR (legitimate interest of responding to correspondence) where you contact us on behalf of a legal entity
Security of the form, prevention of spam and abuse	Art. 6(1)(f) GDPR — legitimate interest in securing our services
Defence against or pursuit of potential claims	Art. 6(1)(f) GDPR — legitimate interest

We do not use your data for marketing, profiling or automated decision-making within the meaning of Art. 22 GDPR.

4. How the Form Works (No Retention by Design)

The form submission is processed by a serverless function that immediately forwards the message to our business mailbox contact@muban.me via a transactional email service and then discards the payload. No database record, CRM entry or log file containing the message body is created on our side. The only lasting copy is the delivered email in our business mailbox.

5. Retention Period

Emails received via the form are kept in our business mailbox for the time needed to handle the matter and for a maximum of 12 months after the last correspondence, after which they are deleted, unless a longer period is required to establish, exercise or defend legal claims or is mandated by applicable law.
Application-level request data on the serverless function is not persisted; transient operational logs (without message body) are retained by the hosting provider for a short technical period and then purged.

6. Recipients and Processors

Your data may be disclosed to the following categories of recipients acting as our processors under written agreements compliant with Art. 28 GDPR:

Hosting and serverless compute provider — Alibaba Cloud (Function Compute, region EU-Central-1, Frankfurt, Germany), providing the runtime that forwards the email;
Transactional email provider — Alibaba Cloud DirectMail, responsible for delivering the email to our mailbox;
Business email provider — the provider operating the muban.me mailbox;
competent public authorities, where disclosure is required by law.

7. Transfers Outside the EEA

Our primary processing takes place within the European Economic Area (EEA). Some of the providers listed above are part of international groups that may, for support or operational purposes, access data from outside the EEA. In such cases, transfers take place on the basis of Standard Contractual Clauses adopted by the European Commission pursuant to Art. 46(2)(c) GDPR, supplemented where appropriate by additional technical and organisational safeguards. You may request a copy of the applicable safeguards by writing to contact@muban.me.

8. Your Rights

Under GDPR you have the right to:

access your personal data and obtain a copy (Art. 15);
rectify inaccurate data (Art. 16);
erase your data (Art. 17) — “right to be forgotten”;
restrict processing (Art. 18);
data portability (Art. 20), where applicable;
object to processing based on legitimate interest (Art. 21);
lodge a complaint with the supervisory authority — in Poland: President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

To exercise your rights, write to contact@muban.me. We will respond within one month of receipt of the request.

9. Cookies and Tracking

This website does not use analytics, advertising or tracking cookies. Only strictly necessary technical state (if any) is used for rendering the interface.

10. Security

Transmission is protected by TLS. Access to the business mailbox is restricted and protected by strong authentication. We apply the data minimisation principle and do not store form payloads in any persistent system controlled by us.

11. Changes to this Policy

We may update this Policy to reflect changes in the law or in the way we operate the forms. The current version is always published at this URL, with the “Last updated” date above.