Privacy Policy

Last Updated: October 16, 2025

Metanoia Ops (operating name of Kryštof Ekl, sole trader) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Who We Are

Data Controller:

Kryštof Ekl (sole trader)

Email: krystof@metanoia-ops.com

Business ID (IČO): 07089066

VAT ID: CZ9308230030

For privacy-related inquiries, contact us at: krystof@metanoia-ops.com

2. What Data We Collect

We collect only the data necessary to deliver our services and communicate with clients.

Personal Information:

Name
Email address
Phone number (if provided)
Company name and role
Billing address (for invoicing)
Payment information (processed securely via Stripe—we do not store card details)

Workspace & Project Data:

Access to your Notion workspace (as a data processor, see Section 5)
Process documentation, workflows, and organizational structure shared for consulting purposes
Communication records (emails, call notes, project correspondence)

Technical Data:

IP address and browser information (via website analytics, if applicable)
Cookies (if used on our website—see Cookie Policy if applicable)

3. How We Use Your Data

We use your data solely for:

Service Delivery:

Providing Notion consulting, workspace building, and automation services
Communicating about projects, scheduling calls, and delivering support
Invoicing and payment processing

Business Operations:

Managing client relationships and project timelines
Improving our services based on feedback and project outcomes
Complying with legal and tax obligations (e.g., invoicing, VAT reporting)

Marketing (with consent):

Sending occasional updates, case studies, or offers (opt-in only)
You may unsubscribe at any time

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Who We Share Your Data With

We share data only with trusted service providers necessary for service delivery:

Legal Obligations: We may disclose data if required by law, court order, or regulatory authority

No Data Selling: We never sell or monetize your personal information

5. Data Processing Role (Notion Workspaces)

When we access your Notion workspace to deliver consulting services, Metanoia Ops acts as a data processor on your behalf.

What This Means:

You (the Client) remain the data controller of all content in your workspace
We access only the data structure, workflows, and configuration—not sensitive business data unless necessary for the project
We do not transfer, store, or disclose workspace content to third parties
Access is limited to the duration of the project and removed upon completion

Data Security:

We use secure access methods (passwords, two-factor authentication)
Team members sign confidentiality agreements
Workspace access is granted on a need-to-know basis

6. Data Retention

We retain personal data only as long as necessary:

Active Clients:

Data is retained for the duration of the service relationship and project delivery

Past Clients:

Communication records and invoices are retained for 7 years (required by Czech tax law)
Project documentation may be retained as reference material (anonymized where possible)

Deletion Requests:

You may request deletion of your data at any time (subject to legal retention requirements)

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your data ("right to be forgotten")
Restriction: Request that we limit how we use your data
Portability: Request a copy of your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests (e.g., marketing)
Withdraw Consent: Withdraw consent for data processing at any time (does not affect prior processing)
To exercise these rights, contact us at: krystof@metanoia-ops.com
Response Time: We will respond within 30 days.

8. Data Security

We take data security seriously and implement industry-standard measures:

Secure communication channels (encrypted email, HTTPS)
Password protection and two-factor authentication
Limited access to client data (need-to-know basis)
Regular security reviews and updates

However, no system is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any breaches.

9. International Data Transfers

Our services are delivered remotely, and data may be processed in the European Union. Some service providers (e.g., Stripe, Google) may transfer data to the United States under appropriate safeguards (e.g., Standard Contractual Clauses, GDPR compliance).

10. Cookies & Analytics

If our website uses cookies or analytics tools (e.g., Google Analytics), we will:

Notify you via a cookie banner
Provide options to accept or reject non-essential cookies
Use analytics data only to improve user experience

11. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated directly to active clients.

13. Contact & Complaints

Questions or Concerns:

Email: krystof@metanoia-ops.com

GDPR Complaints:

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Czech data protection authority:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Website: https://www.uoou.cz
Email: posta@uoou.cz

By using our services, you acknowledge that you have read and understood this Privacy Policy.