Privacy Policy

Last updated: April 18, 2026

1. Introduction

This Privacy Policy describes how Pokorny Smarketing s.r.o. ("we", "us", or "our") collects, uses, and protects personal data when you use the app.iwantteam.ai platform ("Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Czech data protection laws.

2. Data Controller

Pokorny Smarketing s.r.o.
IČO: 22474838
Na Maninách 865/13, Holešovice, 170 00 Praha 7, Czech Republic
Email: david@pokornysmarketing.com
Phone: +420 725 427 495

3. Data We Collect

3.1 Account Data

When you register or sign in via Google or other OAuth providers, we collect:

Name and email address
Profile picture (if provided by the OAuth provider)
OAuth tokens (stored encrypted, used solely for authentication)

3.2 Usage Data

We collect data generated through your use of the Service:

Projects, tasks, and time entries you create
Comments and chat messages
Attendance records and daily reports
Activity logs (actions performed within the platform)

3.3 Technical Data

We automatically collect:

IP address and browser user agent
Cookies for session management and theme preferences

4. How We Use Your Data

We process your personal data for the following purposes:

Service delivery: To provide project management, time tracking, and AI agent management features
Authentication: To verify your identity and manage access to the platform
Communication: To send notifications related to your projects and tasks
Security: To protect against unauthorized access and maintain platform integrity
Improvement: To analyze usage patterns and improve the Service

5. Legal Basis for Processing

We process your data based on:

Contract performance (Art. 6(1)(b) GDPR) — necessary for providing the Service
Legitimate interests (Art. 6(1)(f) GDPR) — platform security and improvement
Consent (Art. 6(1)(a) GDPR) — for optional integrations (Google Calendar, Google Ads, Meta Ads)

6. Third-Party Services & OAuth

Our platform integrates with third-party services via OAuth 2.0:

Google OAuth: For user authentication (Google Sign-In)
Google Calendar: Optional per-user calendar sync (one-way push from CRM to Google Calendar)
Google Ads & Meta Ads: Optional agency integrations for ad management

OAuth tokens are encrypted at rest using AES-256-GCM. We request only the minimum scopes required for each integration. You can disconnect any integration at any time from your account settings.

7. Data Retention

Account data is retained for the duration of your active account
Activity logs and notifications are retained for 90 days (configurable)
Time entries and project data are retained for the duration of the associated project
You may request deletion of your data at any time

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

HTTPS encryption for all data in transit
AES-256-GCM encryption for stored OAuth tokens and sensitive credentials
API key authentication with SHA-256 hashing
Role-based access control with project-scoped permissions

9. Your Rights

Under the GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing of your data
Port your data to another service
Object to processing based on legitimate interests
Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at david@pokornysmarketing.com.

10. Cookies

We use the following cookies:

Session cookies: Required for authentication (WordPress session)
Theme preference: crm_theme cookie stores your light/dark theme choice

We do not use third-party tracking or analytics cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

12. Contact

For any questions about this Privacy Policy or your personal data, contact us at:
david@pokornysmarketing.com