ENPL

LiteTMS.eu Privacy Policy

Version 1.0 · Effective as of May 24, 2026

This Privacy Policy sets out the rules for the processing and protection of personal data of users of the website and the LiteTMS.eu B2B SaaS platform (the "Platform"). It has been drafted based on the principle of data protection by design (Privacy by Design) and in compliance with applicable laws, including the GDPR, the Digital Services Act (DSA), the EU Data Act, and the Artificial Intelligence Act (AI Act).

I. Data Controller and Data Processor

  1. Data Controller: With respect to the data of website visitors (landing page), data of company representatives registering an account, and billing and settlement data, the Controller is CodeJungle Sp. z o. o. with its registered office in Kawki (Kawki 51, 42-140 Panki), NIP (Tax ID): 5742064222, KRS (National Court Register): 0000722231, REGON (National Business Registry): 369658794.
  2. Data Processor: With respect to any data entered into the System by the Client (including data of employees, drivers, contractors, and fleet geolocation), the Client (transport company) remains the Controller of such data. CodeJungle Sp. z o. o. acts exclusively in the capacity of a Data Processor, acting upon the documented instructions of the Client on the basis of a Data Processing Agreement (DPA).

II. Purposes and Legal Bases of Data Processing by the Controller

We process your personal data for the following purposes:

  1. Provision of services and account management: Registration of a workspace (tenant) and technical communication. The legal basis is the necessity for the performance of a contract (Article 6(1)(b) of the GDPR).
  2. Billing and accounting: Processing of payment data. The legal basis is compliance with a legal obligation (Article 6(1)(c) of the GDPR).
  3. Security and analytics (Privacy by Design): We use our own instance of the Umami statistics system (self-hosted) and Cloudflare Turnstile protection to secure forms against bots without excessive user tracking and without sharing data with external advertising networks. We also process audit logs of system activity. The legal basis is our legitimate interest in ensuring the security and optimization of the platform (Article 6(1)(f) of the GDPR).

III. Data Recipients and Sub-processors

To ensure the highest quality of the Platform, we cooperate with the following service and technology providers:

  • Infrastructure and cloud: OVH (servers), Cloudflare (Proxy, Turnstile, Cloudflare R2 for files), Amazon S3 (backups).
  • Billing and Invoicing: Stripe payment operator (which, under financial law, also acts as an independent Controller) and API integration via Fakturownia.pl.
  • Communication: EmailLabs (transactional emails), SMSAPI.pl (SMS gateway), Google Firebase (push notifications in the mobile app).
  • External interfaces: OpenRouter to support Artificial Intelligence functionalities.

IV. Anonymized Maps and Telematics Integrations

The System utilizes a diversified API ecosystem (including HERE Maps, Google Maps, Mapbox) for routing and search. For the purpose of data minimization, the Platform transmits solely geographic coordinates to these providers, without any driver or vehicle identifiers. Furthermore, in the event of integrating the System with the Client's external GPS providers, the responsibility for obtaining employees' consent to location tracking rests strictly with the Client as the employer.

V. Artificial Intelligence (AI Act)

The Platform utilizes Smart Assistant functionalities. Please be advised that as part of this service, the User interacts directly with a generative system. Queries (prompts) transmitted via the OpenRouter API are processed confidentially and, pursuant to separate provisions, are not used by foundational model providers (e.g., OpenAI, Google) to train their public algorithms.

VI. Data Retention Period and Export (Data Act)

  1. Soft-Delete Mechanics: Upon the deletion of data (or a workspace), they enter a protective mechanism (quarantine) for 30 days. After this period, they are irreversibly deleted from servers and backups.
  2. Accounting: We retain billing data for 5 years from the end of the calendar year.
  3. Data Export (EU Data Act): We provide Clients with the freedom of data portability. During the term of the agreement and up to 30 days following its termination, the Client may export their datasets from the system free of charge in a commonly used machine-readable format.

VII. Data Transfers outside the EEA

Any potential transfers of information to third countries (e.g., AWS, Stripe, Cloudflare, OpenRouter services) are based on Standard Contractual Clauses (SCC) approved by the European Commission or other legal guarantees ensuring the highest EU level of protection.

VIII. Your Rights

In accordance with the GDPR, you have the right to request access to your data, their rectification, erasure, restriction of processing, the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority (PUODO - President of the Personal Data Protection Office). Please direct any privacy-related questions to kontakt@litetms.eu.

Related: Terms of Service · Data Processing Agreement (DPA)

Back to homepage