Privacy policy

This privacy policy explains how Pavel Kaliadziuk ("we") processes personal data when you use kaliadziuk.lt and purchase services/products or gift cards.

Last updated: 2026-02-10.

Data controller: Pavel Kaliadziuk (individual activity).

Email for privacy requests: pavel@kaliadziuk.lt.

During checkout we process: email address, phone number (if provided), full name (if provided), locale (lt/en), product/service information (cart items, quantities, prices, discounts), consent statuses (terms/privacy acceptance), and marketing opt-in (if selected).

We do not receive or store your card details. Card data is processed by Stripe.

We also process technical data needed for operation and security: IP address (may be visible to us and/or our providers), browser/device information, payment identifiers (e.g., Stripe PaymentIntent ID), audit logs and error logs.

If you purchase a gift card, we process: recipient name/email (if provided), buyer name/email (if provided), gift card amount, expiry, and a hashed gift card code. We do not store the full gift card code long-term in plain text.

We receive data (a) from you when you provide it during checkout or contact us, and (b) from our systems and providers when we receive payment confirmations (e.g., Stripe webhook events) and technical logs.

To accept, process, and fulfill orders (including delivering plans/services and issuing gift cards).

To initiate and confirm payments (including status management and fraud prevention).

To send required transactional communications (e.g., “order paid” emails).

For customer support and dispute/refund handling.

For legal compliance and accounting recordkeeping.

For security and service reliability (access control, incident prevention, audit logs).

Contract performance for accepting and fulfilling your order.

Legal obligation for accounting and other mandatory records.

Consent for marketing emails if you opt in; you can withdraw consent at any time.

Legitimate interests for security, fraud prevention, reliability, and auditability.

Stripe for payment processing and payment confirmations (e.g., webhooks). Stripe may act as an independent controller for certain processing under its own privacy policy.

Transactional email provider (e.g., Resend) strictly for sending emails required to operate the service.

Infrastructure/database provider (e.g., Supabase) to store orders and operate the service.

We share data with providers only to the extent necessary. Where required, we enter into data processing agreements (DPAs).

Some providers (e.g., Stripe or email delivery providers) may process data outside the European Economic Area. Where applicable, transfers rely on GDPR-approved safeguards such as the European Commission’s Standard Contractual Clauses.

Order and payment records (totals, statuses, timestamps, payment identifiers) are retained as needed for accounting and legal obligations (often up to 10 years, depending on applicable law).

Contact details are retained as needed to fulfill and support orders. On justified request, we can anonymize personal identifiers while keeping mandatory financial records.

Gift card data is retained through validity and additionally as needed for accounting/disputes.

Technical logs are retained for a limited period for security and troubleshooting.

We use organizational and technical measures to protect personal data (e.g., access controls, secrets management, least privilege, auditability).

No online system can guarantee absolute security; if you suspect an incident, contact us by email.

You have the right to request access, rectification, erasure (where applicable), restriction, object to processing based on legitimate interests, and data portability where applicable.

If processing is based on consent (marketing), you can withdraw it at any time; this will not affect processing carried out before withdrawal.

To exercise rights, contact: pavel@kaliadziuk.lt. We typically respond within 1 month unless law allows an extension.

You also have the right to lodge a complaint with a supervisory authority. In Lithuania: State Data Protection Inspectorate (https://vdai.lrv.lt/).

We use essential browser storage (e.g., localStorage and sessionStorage) for core functionality such as language selection, cart persistence, and payment session continuity.

During payment, Stripe may use its own cookies or similar technologies for fraud prevention and payment security under Stripe’s policies.

We do not perform automated decision-making with legal or similarly significant effects, except where such processing is performed by the payment provider for fraud prevention/payment security.

We may update this policy from time to time. The latest version will be published on this page and the “Last updated” date will be changed accordingly.