HeadlinesForge Privacy Policy
1. Data controller
The controller of your personal data is Dominik Czarnota, conducting business activity under the firm Arroba Dominik Czarnota (a sole proprietorship registered in the Polish CEIDG), address: Wrocławska 7/10, 30-006 Kraków, Poland, NIP 6371980875 (the „Operator”, „we”). Data protection contact: [email protected].
2. Scope of this policy
This policy describes how we process personal data in connection with: use of the headlinesforge.com website (visitors), use of the HeadlinesForge service (users — editors logging into the tool), and contacting us and our business relationship (counterparties, correspondence, billing).
„Editorial” data processed in the course of providing the service (data of persons mentioned in sources, queries and the articles prepared) is processed by us as a processor on behalf of the Client (Publisher), who is its controller; this is governed by the data processing agreement (DPA). This policy covers data for which the Operator is the controller.
3. What data we process, for what purposes and on what basis
| Category of persons / data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Website visitors — IP address, device/browser identifiers, cookie data, usage data | operation and security; statistics and improvement; (with consent) analytics and marketing | Art. 6(1)(f); Art. 6(1)(a) (consent — non-essential cookies) |
| Service users (editors) — identifier, name, email, login data, activity logs | account management, authentication, provision of the service, security, billing | Art. 6(1)(b); Art. 6(1)(f) |
| Counterparties and Client contacts — name, business email/phone, position, invoicing data | conclusion and performance of the contract, contact, billing | Art. 6(1)(b) and (f) |
| Billing and accounting data | invoices, tax obligations | Art. 6(1)(c) |
| Correspondence (email, contact form) | handling enquiries | Art. 6(1)(f); possibly (b) |
| Leads / business contacts (prospective Clients) — name, company, business email/phone, position, source, contact history, lead score and status | lead sourcing and qualification, sales contact, CRM, B2B direct marketing | Art. 6(1)(f) (legitimate interest); Art. 6(1)(a) (consent — where required) |
| Remarketing data (visitors who gave consent; logged-in users are not tracked) — cookie identifier (vs_vid), advertising/online identifiers (_fbp, _fbc), IP address, visit data and UTM | building audiences and showing our ads on third-party platforms (Meta, Google, LinkedIn) | Art. 6(1)(a) (consent) |
4. Recipients and processors
Data may be shared with processors (providers of infrastructure, authentication, language models, search, content retrieval), advisers (legal, accounting) and public authorities where required by law. Current list of main processors:
| Entity | Role |
|---|---|
| Amazon Web Services EMEA SARL | cloud infrastructure, hosting, databases, backups (EEA) |
| Google Cloud EMEA Ltd. | cloud infrastructure and AI models (Gemini via Vertex AI) (EEA) |
| Hetzner Online GmbH | infrastructure, servers (Germany/Finland, EEA) |
| Jina AI | reading/retrieving page content (EU) |
| Kinde, Inc. | authentication and identity management (Ireland, EEA) |
| OpenAI Ireland Ltd. | language models (EU) |
| Serper | search (USA) |
In addition, for remarketing (only after you give consent) we share data with advertising platforms which, in respect of ad delivery, act as separate or joint controllers under their own privacy policies:
| Advertising platform | Role |
|---|---|
| Meta Platforms Ireland Ltd. | audiences and remarketing (Facebook/Instagram) |
| Google Ireland Ltd. | Google Ads / remarketing; Google Consent Mode |
| LinkedIn Ireland Unlimited Company | remarketing |
5. Transfers outside the EEA
As a rule we process data within the European Economic Area (EEA). The exception is the search service (Serper, USA), where queries may be processed outside the EEA — on the basis of standard contractual clauses (SCCs) together with a transfer impact assessment and supplementary measures (incl. data minimisation). The advertising platforms (Meta, Google, LinkedIn) may also process data outside the EEA (USA) — on the basis of an adequacy decision (Data Privacy Framework) or standard contractual clauses (SCCs). A copy of the transfer safeguards is available on request.
6. Retention
- account and user data — for the term of using the service and until settlement/limitation of claims;
- billing and accounting data — for the period required by law (as a rule 5 years);
- correspondence — for as long as necessary to handle the matter and defend claims;
- cookie data — for the period stated in the cookie settings or until consent is withdrawn.
7. Your rights
You have the right to: access, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw it at any time (without affecting the lawfulness of processing before withdrawal). You also have the right to object at any time to processing for direct marketing (including profiling for that purpose); after your objection we will stop such processing. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland. To exercise your rights, contact us at [email protected].
8. Cookies and similar technologies
The website uses cookies and similar technologies.
- Essential (login, session, security) — on the basis of legitimate interest; no consent required.
- Marketing / remarketing — only with your consent. After you consent, we set a first-party
vs_vidcookie (device recognition), collect advertising identifiers (incl._fbp,_fbc), IP address and visit events, and share them with advertising platforms (Meta, Google, LinkedIn) to build audiences and show our ads on other sites. We use Google Consent Mode v2 (advertising signals stay off until you consent).
You give and withdraw consent via the consent management platform (CMP) — the cookie icon in the corner of the page, available at any time. We do not show ads on this site, and logged-in users of the app (/app) are not tracked.
9. Automated decision-making
We do not make decisions about you based solely on automated processing that would produce legal effects or similarly significantly affect you (Art. 22 GDPR). Lead scoring is used solely for internal prioritisation of sales activities — it does not produce legal or similarly significant effects on you. You may object to profiling for marketing (§7).
10. Security
We apply appropriate technical and organisational measures protecting data (incl. encryption in transit and at rest, access control, backups, monitoring).
11. Changes to this policy
We may update this policy. We will announce material changes on the website or electronically. The binding version is the one published on headlinesforge.com bearing the current date.
12. Contact
For personal data matters: [email protected]; postal address: Wrocławska 7/10, 30-006 Kraków, Poland.