Privacy Policy

This Privacy Policy explains how Agentura SPOTLIGHT s.r.o. ("we", "us", "our") collects, uses, stores, and protects personal data when you visit or use patheories.com and related services.

We are based in the Czech Republic and process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), where applicable. The European Commission describes EU data protection rules as covering the protection of personal data inside and outside the EU.

1. Who we are

2. What personal data we collect

We may collect the following types of personal data:

• name
• email address
• account login information
• billing details
• order and purchase history
• downloaded products
• onboarding answers and user interests
• newsletter preferences
• cookies and analytics data
• IP address
• device and browser information
• technical data related to website usage

We do not currently process user prompts or user-generated AI inputs in the MVP version of the platform.

3. How we collect personal data

We collect personal data when you:

• create an account
• download a free resource
• purchase or access a digital product
• subscribe to our newsletter
• complete onboarding questions
• contact us for support
• browse our website
• interact with analytics or marketing cookies, where enabled

4. Why we use your personal data

We use personal data for the following purposes:

• to create and manage user accounts
• to deliver digital products
• to process orders and purchases
• to provide customer support
• to send newsletters and educational content
• to send product-related communication
• to improve our website and products
• to analyze website traffic and user behavior
• to run marketing and remarketing activities
• to protect the security of our website and services
• to comply with legal and tax obligations

5. Legal bases for processing

Where GDPR applies, we process personal data based on one or more of the following legal bases:

• Contract performance — when we need your data to provide your account, products, downloads, or purchases.
• Consent — for newsletter subscriptions, optional cookies, and certain marketing activities.
• Legal obligation — when we need to keep records for accounting, tax, or legal compliance.
• Legitimate interest — for improving our services, protecting security, analyzing performance, and communicating with existing users, where appropriate.

6. Newsletter and marketing communication

If you subscribe to our newsletter, we may send you educational content, product updates, offers, and practical AI-related resources.

We currently plan to use Mailchimp for email marketing.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or by contacting us at: josef.krcil@agspotlight.cz

7. Cookies and analytics

We may use cookies and similar technologies to:

• make the website work properly
• remember user preferences
• analyze website traffic
• improve user experience
• measure marketing performance
• run remarketing campaigns

We may use tools such as:

• Google Analytics
• Google Tag Manager
• Meta Pixel
• Mailchimp tracking
• other analytics or marketing tools

Some cookies are necessary for the website to function. Others, such as analytics and marketing cookies, may require your consent depending on your location. The European Commission distinguishes between operational cookies, preference cookies, and analytics cookies in its own cookie policy guidance.

You will be able to manage your cookie preferences through the cookie banner or browser settings where applicable.

8. Third-party services

We may share limited personal data with trusted third-party service providers that help us operate the website and provide our services.

These may include:

• Lovable — website and application development platform
• Supabase — database, authentication, and backend services
• Stripe — future payment processing
• Google Analytics — website analytics
• Google Tag Manager — tag management
• Meta Pixel — marketing and remarketing
• Mailchimp — email marketing and newsletter delivery
• hosting, infrastructure, security, and technical service providers

These third parties may process personal data according to their own privacy policies and data processing terms.

9. Payments

In the MVP version, live Stripe payment processing may not yet be active.

When payment processing is implemented, payments may be handled by Stripe or another payment provider. We will not directly store full payment card details on our servers. Payment information will be processed by the payment provider according to its own security and privacy standards.

10. International data transfers

Because we use global service providers, your personal data may be processed outside your country of residence, including outside the European Economic Area.

Where required, we rely on appropriate safeguards such as contractual protections, data processing agreements, and other legally recognized transfer mechanisms.

11. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

This may include keeping certain data:

• while your account is active
• as long as needed to deliver purchased products
• as long as needed for customer support
• as long as required by tax, accounting, or legal obligations
• until you withdraw consent for newsletter or marketing communication
• as long as needed to protect our legitimate business interests

12. Your rights

Depending on your location and applicable law, you may have the right to:

• request access to your personal data
• request correction of inaccurate data
• request deletion of your data
• request restriction of processing
• object to processing
• withdraw consent
• request data portability
• lodge a complaint with a data protection authority

If you are located in the European Union or European Economic Area, these rights may apply under GDPR.

To exercise your rights, contact us at: josef.krcil@agspotlight.cz

13. Account deletion

You may request deletion of your account by contacting us.

Please note that we may need to retain certain information where required for legal, tax, accounting, fraud prevention, or legitimate business purposes.

14. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no online service can guarantee absolute security.

15. Children's privacy

Our website and products are not intended for children under the age of 16.

We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

16. AI-related data processing

In the MVP version of the platform, we do not provide an AI Playground and do not process user-submitted prompts or AI conversations.

If we introduce AI-powered features in the future, we will update this Privacy Policy to explain what data is processed, how it is used, and which AI service providers are involved.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

If we make significant changes, we may notify users through the website, email, or other appropriate means.

The updated version will always show the latest "Last updated" date.

18. Contact

For privacy-related questions, requests, or concerns, contact us at: