Version: 1.0 | Published: 08 Apr 2026 | Effective from: 08 Apr 2026 | 📂 Download the current version in PDF [cs]
Data Controller: Sabrewave s.r.o.
Registered office: Korunní 2569/108, 101 00 Prague 10 – Vinohrady, Czech Republic
Company ID No.: 23531851
Commercial Register entry: Commercial Register maintained by the Municipal Court in Prague, file number C 428222
Contact e-mail: info@sabrewave.com
Phone: +420 720 455 533
At Sabrewave s.r.o. (hereinafter referred to as “we” or the “Controller”), we consider the protection of privacy and personal data to be our priority. These Privacy Policy principles (hereinafter the “Policy”) describe how we collect, process, and protect personal data across all of our websites, applications, services, and internal systems (collectively, the “Services”) that refer to this document.
¶ II. What data we collect and why
We process personal data only to the extent necessary and always on the basis of a legitimate legal ground under the General Data Protection Regulation (GDPR).
- When do we act as a Controller and when as a Processor?
- As the Controller, we process the data of visitors and users of our Services (including prospects/customers) to the extent necessary for business communication, contract performance, support, and operations.
- For hosting/SaaS-type Services into which customers directly store their own data, we generally act as a Processor, and the processing is governed by the Data Processing Agreement (DPA).
- Where do we obtain the data from?
- We obtain data directly from you (inquiries, registrations, communications), from public sources (e.g. the Commercial Register), and automatically from the operation of the Services (logs, technical data); in some cases also from your employer/organization if you are the contact person of our customer.
- Is providing the data mandatory?
- Providing certain personal data is a contractual requirement and a condition for entering into and performing a contract (e.g. identification, contact, billing, and authentication data). Without such data, we may not be able to conclude a contract, create an account, provide the Service, or handle a support request. For data processed on the basis of a legal obligation, providing such data is required by law.
If you are our client, business partner, or user of our Services, we process your data so that we can provide the Service to you, create your user account, and ensure the functionality of applications.
- Types of data: Identification data (first name, last name, business name, Company ID / VAT ID), contact data (e-mail, phone, address), contractual and order data, billing and payment data, authentication and account data (e.g. Microsoft Entra / SSO), operational/service data, and other data necessary for the functioning of the specific Service.
- Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
¶ II.2. Communication and support
When you contact us through forms, e-mail, the ticketing system, or call us.
- Types of data: Name, e-mail (or other contact details), message content (including any attachments, screenshots, diagnostic data, etc.), and communication history.
- Legal basis: Legitimate interest in handling your request (Art. 6(1)(f) GDPR), or performance of a contract where customer support is concerned (Art. 6(1)(b) GDPR).
¶ II.3. Security and technical operations
To ensure the security of our Services and protection against cyberattacks and fraud.
- Types of data: In particular IP address, date and time of access, server logs, audit logs, browser information, and data relating to the detection of attacks or misuse.
- Legal basis: Legitimate interest in ensuring network and information security (Art. 6(1)(f) GDPR).
¶ II.4. Analytics and service improvement
We measure traffic to the Services in order to optimize them. However, we do so with the utmost regard for your privacy.
- Types of data: Anonymized IP address, visited pages, page interactions (including error messages), time spent on the page, and basic device/browser information.
- Legal basis: Legitimate interest in improving our Services (Art. 6(1)(f) GDPR). We do not share data with third-party advertising networks.
¶ II.5. Accounting and taxes
- Types of data: Data on invoices and in accounting records.
- Legal basis: Compliance with legal obligations (Art. 6(1)(c) GDPR in conjunction with accounting and VAT legislation).
¶ III. Cookies and tracking technologies
Our websites and web applications use cookies (small files stored in your browser) and similar technologies, but to the smallest extent possible:
- Necessary (Technical) cookies: These are required for the functioning of the Service (login, saving preferences, bot protection, and security features – Cloudflare). Consent is not required for these cookies.
- Analytics cookies: Our Services may use analytics measurement designed not to store or read any identifiers from the end device other than those strictly necessary, not to perform device fingerprinting, and not to be used for advertising profiling. The specific mode depends on the settings of the given Service and the relevant cookie management settings. If analytics measurement does not meet the legal conditions for operation without consent, we use analytics cookies or similar technologies only on the basis of prior consent.
- Marketing cookies: Some of our Services may use third-party marketing cookies. These cookies or similar technologies will be set only if you give your prior consent through the relevant cookie management tool.
You can delete cookies automatically or manually in your internet browser. You can also configure your browser not to store certain cookies. Another option is to change your browser settings so that you receive a notification each time a cookie is stored. Further information about these options can be found in your browser’s help section. Please note that our Services may not function properly if all cookies (including technical cookies) are disabled.
For statistical purposes and to improve user experience, we primarily use our Sabrewave Analytics platform built on Matomo Analytics, which collects basic information about the use of our Services. If analytics measurement is configured so that it does not store or read any identifiers from the end device other than those strictly necessary, does not perform device fingerprinting, is not used for advertising profiling, and does not enable tracking visitors across different websites or over time beyond what is necessary for essential statistical evaluation, it may be operated in a limited mode without consent where permitted by law. In all other cases, we use analytics cookies or similar technologies only on the basis of prior consent through cookie management.
Although the data in our analytics is anonymized, we respect your choice not to be included in our statistics. You can opt out here:
Note: This setting applies to the domain sabrewave.com and all of its subdomains.
¶ IV. Processors and data location
Your personal data is processed primarily by us (Sabrewave s.r.o.). However, for some activities we use vetted partners (processors). Personal data protection in relation to our processors is ensured through an appropriate legal and documentation framework.
- Data recipients: Your personal data is accessible only to persons and entities that need it in order to provide our Services. This typically includes our employees and contractors bound by confidentiality, our processors (see list below) and their potential subcontractors (sharing is limited to the necessary extent), professional advisers (shared only when necessary, e.g. accountants/tax advisers, legal representatives), and public authorities if disclosure is required by law or by a binding decision. We do not sell or disclose your personal data, which we process as a data controller, to other entities for their own marketing purposes.
Below is a list of key infrastructure and service providers:
| Service / Category |
Provider |
Purpose and data location |
| Hosting and servers |
Hetzner Online GmbH (Germany) |
Main servers for operating websites and applications. Data stored in the EU (DE). |
| Web hosting and analytics |
WEDOS Internet, a.s. (Czech Republic) |
Hosting of supplementary websites and the analytics platform. Data stored in the EU (CZ). |
| Cloud infrastructure |
Microsoft Ireland Operations Ltd. |
Microsoft 365 Business, Teams, Azure, Entra ID (SSO). Data stored in data centers within the EU. |
| Server management (Deployment) |
Ploi B.V. (Netherlands) |
Tool for automated server management and application deployment. The provider has access to the infrastructure to the necessary extent for management purposes. |
| Security |
Cloudflare, Inc. (USA/EU) |
Protection against attacks (Turnstile), DNS, CDN. Data protection is ensured through mechanisms such as DPF/SCC. |
| Support (Ticketing) |
JetBrains s.r.o. (CZ/EU) |
YouTrack system for managing support and development requests. Data stored in the EU. |
| Invoicing |
Fakturoid s.r.o. (Czech Republic) |
Issuing and managing invoices (contains customer data). Data stored in the EU (CZ). |
The list may change over time. We select partners that provide appropriate safeguards for personal data protection and data security.
- Transfers outside the EU: We primarily store data within the European Economic Area (EEA). For partners with a global presence, data is protected by mechanisms such as the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC).
We implement technical and organizational measures to protect data:
- Encryption of data transmission (SSL/TLS),
- Access controls (MFA, strong passwords, limited access),
- Monitoring of security events,
- Regular backups and system updates.
We retain data only for as long as necessary for the relevant purpose:
- User data in applications and other Services: For the duration of the contractual relationship (active account) and for a reasonable period after its termination (usually 30–60 days) in case of restoration, after which the data is deleted or anonymized.
- Communication and support: For the duration of the relationship and for a reasonable period thereafter to protect legal claims.
- Technical logs: Usually deleted automatically after 30–90 days (unless required for incident investigation).
- Analytics data: We retain anonymized/aggregated data indefinitely for statistical purposes.
- Accounting documents: Archived for 10 years in accordance with the law.
¶ VII. Automated decision-making and profiling
We do not carry out automated individual decision-making or profiling within the meaning of Art. 22 GDPR that would produce legal effects concerning you or similarly significantly affect you, unless expressly stated otherwise for a specific Service.
In the European Economic Area (EEA), where we are based, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):
- Right of access to personal data
You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to obtain access to that data and related information about the processing.
- Right to rectification
You have the right to request correction of incomplete or inaccurate personal data.
- Right to erasure
You have the right to request deletion of your personal data if it is no longer necessary for the purposes for which it was collected or if its processing was unlawful.
- Right to restriction of processing
You have the right to request restriction of the processing of your personal data in the cases set out in the GDPR, for example if you contest the accuracy of the personal data or if the processing is unlawful.
- Right to data portability
You have the right to request that your personal data be provided in a structured, commonly used, and machine-readable format or transmitted to another controller, where technically feasible. The right to data portability applies within the scope set out by the GDPR (in particular where processing is based on a contract or consent and carried out by automated means).
- Right to object
In certain cases, you have the right to object to the processing of your personal data.
- Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data for the purposes for which you gave it at any time.
To exercise your rights, contact us at info@sabrewave.com. If you have any comments on how we handle your personal data, we would appreciate it if you would let us know, but you may also lodge a complaint with the supervisory authority, which in the case of the Czech Republic is the Office for Personal Data Protection.
We reserve the right to amend or supplement this Policy from time to time, in particular in response to changes in legislation, changes in the ways personal data is processed, or expansion of our Services.
- We will inform users of material changes to the Policy (usually by e-mail or by notice in the user interface of the Services) sufficiently in advance, usually 30 days before the effective date of the change.
- If you do not agree with the changes, you may stop using our Services and exercise your rights under personal data protection laws, including the right to request erasure of personal data, provided there is no legal basis for its further processing or retention.
- Continued use of the Services after the effective date of the change is deemed confirmation that you have been informed of the new version of the Policy.
The current and previous versions of this Policy are available by remote access on the website www.docs.sabrewave.com/en/terms.
If you have any questions regarding this Policy, please do not hesitate to contact us at info@sabrewave.com.
This Privacy Policy becomes effective on 08 Apr 2026.