Privacy Policy
Inquirail Privacy Policy
Version 1.2 — Effective date: 2026-07-02
Controller details
The data controller is Egységmester Kft., the short name of Egységmester Korlátolt Felelősségű Társaság. Registered address: 2330 Dunaharaszti, Gyóni Géza köz 8., Hungary. Company registration number: 13-09-162959. VAT / Tax number: 24291608-2-13. Privacy contact: hello@practicalapps.studio.
What personal data we collect
We may collect account data such as email address, password hash, session identifiers, selected plan, subscription status, Stripe customer or subscription identifiers, billing status, and support or contact messages. We may collect product data such as monitored site names, monitored form URLs, optional success text, email-check settings, synthetic test results, response times, screenshots, incident history, alert history, and technical logs.
Why we process data and legal bases (Art. 6 GDPR)
We rely on the following legal bases under Article 6 of the GDPR:
- Contract performance (Art. 6(1)(b)): We process account, subscription, and monitoring data to provide the software subscription, including account access, plan limits, monitoring runs, form-test scheduling, reports, alerts, and billing status.
- Legal obligation (Art. 6(1)(c)): We process billing, subscription, invoicing, and tax-related records to comply with Hungarian accounting, tax, and other legal obligations.
- Legitimate interests (Art. 6(1)(f)): We process security event logs, error logs, abuse-detection data, and diagnostic data based on our legitimate interests in operating secure, reliable, and lawful software. We balance these interests against your privacy rights and apply appropriate safeguards.
- Consent (Art. 6(1)(a)): Where no other basis applies and consent is required by applicable law, we rely on your consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Payment data
Payments are processed by Stripe, including Stripe Payments Europe, Ltd. and Stripe, Inc. where applicable. Inquirail does not receive or store full card numbers. We may store Stripe customer IDs, subscription IDs, plan status, billing status, and limited billing metadata needed to operate the software subscription.
Synthetic monitoring data
Inquirail is designed to use synthetic test data. By default, it does not store real visitor leads submitted by your customers. Screenshots may include the tested page state and synthetic form values. Customers should configure monitoring only for forms they own or are authorized to test.
Marketing communications (double opt-in)
If you ask to receive product updates, we use a double opt-in process based on your consent (Art. 6(1)(a) GDPR): you must first tick a separate, un-pre-checked consent box, and then confirm your subscription by clicking a link in a confirmation email. We store the consent version, timestamp, and the IP address and browser used to give consent, as evidence of your opt-in. We only send marketing emails to addresses that have completed this confirmation step, and you can unsubscribe at any time.
Screenshot retention
Screenshots are used for diagnostic history, incident evidence, and troubleshooting inside the software. Screenshots are retained for 30 days and then deleted automatically. Screenshot retention is the same across all plans.
Data retention
Account and subscription records are kept while the account is active and as long as needed for legal, accounting, dispute, and security purposes. Test runs, incidents, alerts, and technical logs are retained for 90 days. Lead email submissions are retained until the person withdraws consent or requests deletion, and in any case are deleted after 24 months of inactivity. Account data for deleted accounts is permanently deleted within 30 days after account deletion, except for billing, subscription, accounting, tax, dispute, or legal records that must be retained for the period required by applicable law, including Hungarian accounting and tax obligations. Payment card data is handled by Stripe. These retention periods are the same across all plans.
Processors and subprocessors
We use the processors and subprocessors below to operate the software, each under a data-processing agreement. This is the complete list:
- Hostinger International Ltd. (Lithuania, EEA) — server, application, and PostgreSQL database hosting (VPS infrastructure).
- Stripe, Inc. and Stripe Payments Europe, Ltd. — payment processing and subscription billing; acts as Merchant of Record (calculates, collects, and remits VAT/GST).
- Hostinger email (SMTP / IMAP) (Hostinger International Ltd., Lithuania, EEA) — sending of transactional, alert, and marketing-confirmation (double opt-in) emails from our own inquirail.com mailbox, and, where enabled, checking inbound test mailboxes. (Local development/test flows may use Ethereal test tooling instead.)
- Umami Analytics (self-hosted by us on Hostinger) — privacy-friendly, cookie-less, aggregated usage analytics; does not track individuals across sites or build visitor profiles.
- GlitchTip (self-hosted by us on Hostinger) — application error and crash monitoring (Sentry-compatible). It may process technical context such as IP address, URL, and stack traces to diagnose faults.
- Self-hosted heatmap / UX analytics (run by us on our own practicalapps.studio infrastructure on Hostinger) — an optional heatmap/session-analytics script that is loaded ONLY after you accept optional cookies. It helps us understand page usage to improve the UX.
- Playwright / Chromium (headless browser, run by us on Hostinger) — the synthetic monitoring engine that opens the form pages you configure, submits synthetic test data, and captures screenshots. It only visits the URLs you authorise for monitoring.
We do not currently use any third-party large-language-model (LLM) or AI subprocessor. If we introduce one, we will name it in this Policy before doing so. We do not sell, rent, or trade your personal data.
International transfers
Inquirail may be used globally. Some processors operate outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on appropriate safeguards as required by Chapter V of the GDPR, such as: adequacy decisions adopted by the European Commission, Standard Contractual Clauses (SCCs) incorporated into processor agreements, or other lawful transfer mechanisms. Stripe uses SCCs and EU-U.S. Data Privacy Framework adequacy for transfers to the United States. Email delivery and infrastructure are provided by Hostinger, based in Lithuania (EEA), so those flows stay within the EEA. Transfer mechanisms are reviewed when new processors are added or when existing mechanisms change.
Cookies and analytics
Inquirail uses only essential cookies needed for authentication, session security, account access, and basic software operation, such as a secure session cookie for logged-in users. Our analytics approach is privacy-friendly, cookie-free, and aggregated: it does not set tracking cookies, does not build individual visitor profiles, and does not use personal data for behavioral advertising. We additionally offer an optional heatmap tool for UX research purposes — this is non-essential and is only loaded after you explicitly accept via the cookie-consent banner shown on your first visit. You may decline optional cookies and the heatmap script will not be loaded. See our Cookie Policy for full details.
Your rights
Under the GDPR and applicable law, you have the following rights in relation to your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you and information on how it is processed.
- Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): You may request deletion of your personal data where it is no longer needed for the purposes for which it was collected, subject to legal retention obligations.
- Right to restriction of processing (Art. 18): You may request that we limit processing of your data in certain circumstances.
- Right to data portability (Art. 20): You may request your personal data in a structured, commonly used, machine-readable format where processing is based on contract or consent and carried out by automated means.
- Right to object (Art. 21): You may object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Logged-in customers can exercise the most common rights directly and immediately from the dashboard: export a machine-readable copy of your data (access and portability), and permanently delete your account and associated monitoring data (erasure). For any other request, or if you cannot access your account, email hello@practicalapps.studio. We will respond within 30 days of receiving your request, or within the extended period permitted by applicable law where requests are complex or numerous (up to 90 days total, with notice).
Supervisory authority
If you are in Hungary or the EU, you have the right to lodge a complaint with a data protection supervisory authority. The Hungarian supervisory authority is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH — National Authority for Data Protection and Freedom of Information), reachable at www.naih.hu. You may also lodge a complaint with the supervisory authority of your EU member state of residence or place of work.
Security
We use technical and organizational measures intended to protect account and monitoring data, including hashed passwords, session controls, access restrictions, and infrastructure security measures. No online system can be guaranteed to be completely secure.
Disclaimer
This Privacy Policy is a It is not legal advice and does not constitute a legal opinion. Before scaling operations or entering new markets, have this Policy reviewed by a qualified data protection lawyer.
Contact
For privacy requests, data subject rights requests, or privacy questions, contact the data controller: Egységmester Kft., hello@practicalapps.studio, 2330 Dunaharaszti, Gyóni Géza köz 8., Hungary.