Sign in Subscribe

PRIVACY POLICY

Effective date: 12 March 2026

1. Who we are

This Privacy Policy explains how TOMEK AI sp. z o.o., ul. Bóżnicza 15/6, 61-751 Poznań, Poland, NIP: 7831827065 (“we”, “us” or “our”) processes personal data in connection with the Websites and related services operated under deushomo.com, tomek.ai and any related domains, subdomains, member areas or tools.

The controller of personal data is TOMEK AI sp. z o.o., ul. Bóżnicza 15/6, 61-751 Poznań, Poland, NIP: 7831827065. You can contact us at support@tomek.ai.

2. Scope of this Policy

This Policy applies to personal data processed in connection with visiting the Websites; subscribing to a newsletter or free membership; purchasing a paid or founding membership; booking a call or consultation; submitting forms; registering for Meetings, webinars or events; sending partnership, sponsorship or other business inquiries; using member areas; and interacting with our communications, analytics or advertising technologies.

3. Categories of personal data

We may process, depending on context, the following categories of personal data:

  • identity and contact data, such as name, email address, phone number, company name, website, city, country, job title and social profile links;
  • account and membership data, such as membership tier, subscription status, billing status, plan history, source of signup, tags, preferences and interaction history;
  • payment and billing data handled through our payment providers, such as billing country, transaction identifiers, subscription records, invoice data and limited card-related metadata made available to us;
  • meeting and event data, such as registration details, attendance status, submitted topics, session proposals, waitlist status, participation records and recording-related notices or consents;
  • communications data, such as messages sent through forms, emails, support requests, feedback, applications and meeting proposals;
  • technical and usage data, such as IP address, browser type, device information, cookie identifiers, session identifiers, referral URL, page views, email interaction data and similar usage information;
  • marketing and campaign data, such as lead-source information, campaign identifiers, audience-segment data, attribution data and consent status;
  • verification and risk data, such as eligibility checks, anti-abuse flags, fraud-prevention indicators and access-control records.

4. Sources of personal data

We collect personal data directly from you, automatically through your interaction with the Websites and communications, and from service providers that support hosting, billing, scheduling, forms, analytics, advertising, security, support and event management.

We may also receive your data from campaigns or lead-generation flows where you explicitly requested content, membership information, a meeting, contact or follow-up from us.

5. Purposes and legal bases

We process personal data for the following purposes and legal bases under the GDPR:

  • to provide the Websites, memberships, newsletters, events, member access and related digital services — Article 6(1)(b) GDPR;
  • to process payments, manage subscriptions, issue invoices and maintain billing records — Article 6(1)(b) and 6(1)(c) GDPR;
  • to communicate with you regarding memberships, Meetings, requests, support matters, registrations, access issues and operational notices — Article 6(1)(b) and 6(1)(f) GDPR;
  • to review applications, proposals, hosted-session requests, partnership inquiries and similar submissions — Article 6(1)(b), 6(1)(f) and, where applicable, 6(1)(a) GDPR;
  • to verify identity, eligibility and access status, prevent abuse, maintain security and defend legal claims — Article 6(1)(f) GDPR;
  • to improve the Websites, communications and offerings, including through analytics and performance measurement — Article 6(1)(a) or 6(1)(f) GDPR, depending on the technology used and applicable law;
  • to run advertising, remarketing, lead-generation and conversion-measurement activities where permitted and, where required, on the basis of consent — Article 6(1)(a) or 6(1)(f) GDPR;
  • to comply with tax, accounting, consumer-protection and other legal obligations — Article 6(1)(c) GDPR.

6. Cookies, analytics and advertising technologies

We use cookies and similar technologies for essential website functionality and, where enabled, for analytics, measurement, performance, functionality, audience creation, campaign attribution, remarketing and advertising.

Where required by law, non-essential cookies or similar technologies are used only after obtaining your consent through our consent-management interface.

Further details are provided in our Cookie Policy.

7. Meetings, events and recordings

We may process registration details, attendance data, submitted topics, access approvals, participation records and related communications in connection with Meetings and events.

Where a Meeting or event is recorded, we may also process your name, voice, image, screen-sharing content, chat messages, submitted questions or participation metadata to the extent relevant to the recording and its administration.

Recordings may be used internally for documentation, quality control, moderation, training, security, member access or content delivery, or externally where this is made clear in the relevant flow or agreed separately.

8. Recipients and categories of processors

We may share personal data with service providers that support the operation of the service, including hosting providers, membership and CMS platforms, payment processors, scheduling providers, videoconferencing providers, form providers, email providers, CRM tools, analytics tools, advertising platforms, customer-support tools, security providers, professional advisers and event or venue partners.

Examples of tools that may be used now or in the future include Ghost, Stripe, Tally, Calendly, Zoom, Google Analytics, Google Ads, Meta Ads, LinkedIn Ads and similar providers selected by us. The use of a specific provider may change over time without requiring a new policy each time, provided the purpose of processing remains materially similar.

We may also disclose personal data where required by law, to protect rights or safety, to enforce our terms, in connection with a corporate transaction, or with your request or consent.

9. International transfers

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we will use an appropriate transfer mechanism required under applicable law, such as an adequacy decision, Standard Contractual Clauses or another lawful safeguard.

10. Data retention

We retain personal data for as long as necessary for the purpose for which it was collected, including to provide services, maintain records, handle disputes, enforce agreements, comply with legal obligations and protect against abuse.

Retention periods may vary depending on the nature of the data, the relationship with you, legal obligations, limitation periods, consent status, billing history and the operational needs of the service.

If you withdraw consent where consent is the legal basis, we will stop the relevant processing going forward, unless another legal basis applies.

11. Your rights

Under the GDPR, and subject to the conditions and limitations set by law, you may have the right to request access to your personal data, rectification, erasure, restriction, objection, portability and withdrawal of consent at any time where consent is the legal basis.

You may also have the right to lodge a complaint with the competent supervisory authority, including in Poland the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), if you believe your personal data is processed unlawfully.

12. Data security

We use organisational and technical measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children

The service is not directed to children, and we do not knowingly collect personal data from children where this is prohibited by law.

14. Changes to this Policy

We may update this Privacy Policy to reflect changes in law, providers, technologies, workflows or the structure of the service. The current version will be published on the Websites with its effective date.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at support@tomek.ai.