Back to Home

Privacy Policy

Last updated: December 17, 2025

1. Introduction

Welcome to FumoForge (“we”, “our”, or “us”). This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website and join the FumoForge waitlist.

2. Data Controller

The data controller responsible for the processing of personal data under this Privacy Policy is:

FUMO – MATEUSZ FAJST
Business name: FumoForge
NIP: 7292752057
REGON: 526628843
Registered address: al. Jana Pawła II 43A, 01-001 Warsaw, Poland

Contact email: [email protected]

3. Data We Collect

We collect only the minimum amount of data necessary to operate the waitlist:

  • Email Address – provided voluntarily when you join the waitlist.
  • Technical Data – including IP address, browser type and version, time zone setting, operating system, and server logs used for security, abuse prevention, and debugging.

4. Legal Basis for Processing (GDPR – Article 6)

We process your personal data based on:

  • Your consent (Article 6(1)(a) GDPR), given by submitting your email address to the waitlist.
  • Our legitimate interest (Article 6(1)(f) GDPR), to ensure website security, prevent abuse, and maintain system stability.

You may withdraw your consent at any time.

5. How We Use Your Data

Your personal data is used exclusively to:

  • Manage and operate the FumoForge waitlist.
  • Send notifications regarding product availability, launch status, and access details.
  • Maintain website security and prevent spam or fraudulent signups.

We do not use your email for unrelated marketing campaigns or third-party advertising. We do not sell your personal data.

6. Third-Party Services (Data Processors)

We use the following trusted service providers:

  • Resend – for sending transactional emails (waitlist notifications).
  • skillhost.pl – for hosting our website, servers, and databases.
  • Cloudflare – for DNS, security, and performance optimization.

All providers process data solely on our behalf and in accordance with applicable data protection laws.

7. Data Transfers Outside the European Union

We do not intentionally transfer personal data outside the European Economic Area (EEA). If any processing involves data transfer outside the EEA, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), as required by GDPR.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy (i.e., until the product launch or until you unsubscribe).

You may unsubscribe at any time using the “Unsubscribe” or “Remove me” link included in our emails. Upon unsubscription, your data will be permanently removed from our active waitlist.

9. Cookies and Technical Logs

We do not use advertising or tracking cookies. Only strictly necessary cookies and technical logs required for functionality, performance, and security are used.

10. Your Rights Under GDPR

You have the following rights:

  • Right of access to your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a data protection authority.

In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).

To exercise your rights, contact us at: [email protected]