Effective Date: 2026-02-07

Introduction

At DBConvert Streams, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This policy explains how we process and protect personal data for users in the European Economic Area (EEA).

Data Controller

Slotix s.r.o. acts as the data controller for personal data collected through DBConvert Streams. You can contact our data protection team at:

Email: [email protected]

Address: Steinov dvor 2, 81107 Bratislava, Slovakia

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: Processing necessary for the performance of our contract with you
Legal Obligation: Processing required to comply with our legal obligations
Legitimate Interests: Processing necessary for our legitimate business interests
Consent: Processing based on your specific consent

Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access: Obtain confirmation of whether we process your personal data and request copies of this data
Right to Rectification: Request correction of inaccurate personal data
Right to Erasure: Request deletion of personal data in certain circumstances
Right to Restrict Processing: Limit how we use your personal data
Right to Data Portability: Receive your personal data in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or direct marketing
Rights Related to Automated Decision Making: Not be subject to decisions based solely on automated processing

Data Retention

We retain personal data only for as long as necessary to:

Provide requested services
Comply with legal obligations
Resolve disputes
Enforce our agreements

Data Processing Details

We process and store the following types of data:

Important: Data Processing Role
- We act solely as a data processor for database migrations, replications, and file/object storage transfers
- We DO NOT store any customer database content or transferred data
- Database credentials remain exclusively on the customer's infrastructure
- Our service facilitates secure data transfer without persistent storage
Account Information:
- Email address
- Name
- Authentication identifiers
- Subscription details
- API keys (when generated)
Usage Data:
- Stream session information
- Data processing volumes
- API usage logs
- Subscription period metrics
Technical Data:
- Data types used (MySQL, PostgreSQL, Snowflake, files, S3)
- Stream modes (CDC, convert)
- Processing timestamps
- Basic telemetry (environment information, deployment type)

Data Processing Monitoring

To ensure compliance and transparency, we:

Track and monitor data processing volumes per subscription period
Maintain audit logs of API key usage and creation
Record stream session metrics and status
Monitor subscription status and usage limits

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place through:

Standard contractual clauses
Adequacy decisions
Other legal transfer mechanisms

Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Zero persistent storage of transferred database content
No storage of customer database credentials

Data Breach Notification

In the event of a personal data breach, we will:

Notify relevant supervisory authorities within 72 hours
Inform affected individuals without undue delay if the breach is likely to result in high risk
Document all breaches and our response measures

Contact Us

For any GDPR-related queries or to exercise your rights, please contact us at:

Slotix s.r.o.