Cookie Policy

1. Introduction

This Cookie Policy explains how Illumate UI, operated by Patrik Duch s.r.o., IČO: 24091090, registered in the Czech Republic, European Union ("we", "us", or "our"), uses cookies and similar technologies when you visit our website and use our services.

Strictly necessary cookies are used automatically as they are required for the operation of the Service. We do not use non-essential cookies, such as analytics, advertising, or profiling cookies, at this time.

We do not currently use non-essential cookies or similar technologies that require consent under applicable law. The cookies, Local Storage, and device identification techniques we use fall within the exemption for technologies that are strictly necessary for the provision and security of the Service under applicable ePrivacy rules.

Local Storage is used in the editor mode solely to support core functionality, such as maintaining editor state and draft configurations during your session.

2. What Are Cookies

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to:

• Make websites work properly and securely
• Remember your preferences and settings
• Improve your browsing experience

Cookies can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain on your device for a set period or until you delete them).

3. Types of Cookies and Storage We Use

3.1 Strictly Necessary Cookies

These cookies are essential for the website and the Service to function properly. Without them, you cannot use basic features such as secure login and session management. These cookies cannot be disabled.

Legal basis: Article 6(1)(b) GDPR — performance of a contract (login and session management are necessary to provide the Service you requested) and Article 6(1)(f) GDPR — legitimate interest in ensuring the secure functioning of the Service. These cookies also fall within the strictly necessary exemption under applicable ePrivacy rules.

3.2 Local Storage

We use Local Storage technology in your browser to support the operation of the Service. This data is not used for tracking, profiling, or advertising purposes. We do not store personal data in Local Storage.

3.3 Device Identification and Security

To protect user accounts and prevent unauthorized access, we use limited device identification techniques. These techniques involve processing certain technical characteristics of your device and browser that are routinely transmitted during normal web browsing.

Important: Device identification is used solely for security purposes. We do not use these techniques for:

• Tracking users across websites or sessions for non-security purposes
• Advertising, profiling, or behavioral analysis
• Building user profiles for marketing or commercial purposes
• Identifying individual users beyond what is necessary for account security

We do not employ invasive fingerprinting methods (such as canvas fingerprinting, WebGL rendering, audio context, or font enumeration). We do not use fingerprinting techniques to uniquely identify users across different services or websites. Our approach is designed to be limited, proportionate, and focused exclusively on protecting the security and integrity of user accounts.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in protecting the security of user accounts and preventing fraud. We have conducted a balancing assessment and determined that the minimal data processed is proportionate to the security benefits provided, and does not unreasonably override your rights and freedoms.

4. Third-Party Services

Some functionality of the Service relies on trusted third-party providers.

Stripe cookies are required to securely process payments and help prevent fraud. They are treated as strictly necessary where permitted under applicable law.

We do not use any analytics, advertising, social media, or profiling cookies. If this changes in the future, this policy will be updated accordingly and, where required, we will obtain your consent before deploying non-essential cookies.

5. Cookies and Storage in Tours

5.1 Editor Environment (Tour Builder)

When you use the Illumate UI editor to create tours on websites:

• The editor provides a preview environment that allows you to visually design and configure tours
• The preview environment is used solely for rendering website content for configuration and does not modify or interact with the website beyond what is necessary for visual editing
• Local Storage may be used where necessary depending on the features you interact with, such as the editor mode, to support core functionality of the Service
• Illumate UI does not store or make accessible third-party website cookies within the editor environment

5.2 Tour Slideshow (Preview and Published Tours)

When viewing tours in preview mode or when displayed on a website:

• We may use Local Storage to track tour progress (such as current step and completion status) on the viewer's device
• Illumate UI does not intentionally collect personally identifiable information from tour viewers
• Tour progress data is stored locally on the viewer's device and is not transmitted to our servers
• Tour auto-fill actions may temporarily populate form fields for demonstration purposes; no form data is automatically submitted or stored by Illumate UI

5.3 Embeddable Snippet (Future)

If we provide embeddable tour scripts for third-party websites in the future:

• The snippet will not set any cookies on the host website
• The snippet may use the host website's Local Storage for tour progress tracking
• You will be responsible for disclosing the use of the Illumate UI snippet in your own privacy and cookie policies where required by law
• We will provide documentation on what data the snippet stores and processes

6. Your Rights

Under GDPR and applicable data protection laws, you have the following rights in relation to device identification and any personal data processed through cookies and similar technologies:

• Right to be informed — this policy serves as our notification to you about how and why we process your data
• Right of access — you may request information about device data associated with your account
• Right to erasure — you may request deletion of device identification data by contacting us or by using the "Remove device" feature in your account settings
• Right to object — you may object to the processing of device identification data; however, this may affect the security features available to you
• Right to lodge a complaint — you may file a complaint with your local supervisory authority (for Czech Republic: ÚOOÚ, www.uoou.cz)

To exercise any of these rights, please contact us at privacy@illumateui.app. We will respond within 30 days as required by GDPR.

7. Your Choices

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific sites
• Block all cookies from all sites
• Delete all cookies when you close your browser

You can also clear Local Storage through your browser's developer tools (Application > Local Storage).

You can manage recognized devices in your account settings, including removing specific devices or revoking all device authorizations.

For instructions on managing cookies, please refer to your browser's official help documentation:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

8. Do Not Track

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. We do not use cookies or similar technologies for cross-site tracking, advertising, or profiling. Our use of device identification is limited exclusively to account security and fraud prevention as described in Section 3.3 above.

9. International Data Transfers

Cookies and Local Storage data remain on your device and are not transferred to third countries by Illumate UI. Device identification hashes are stored on our servers within the European Economic Area. Where third-party services (such as Stripe) process data, they do so in accordance with their own privacy policies and applicable data transfer mechanisms (e.g., Standard Contractual Clauses, adequacy decisions).

10. Data Retention

We retain data from cookies and similar technologies as follows:

You may request earlier deletion of device identification data by contacting us at privacy@illumateui.app or by removing devices from your account settings.

11. Children's Privacy

Our Service is not directed at children under the age of 16 (or the applicable age in your jurisdiction). We do not knowingly set cookies for or collect data from children. If you believe a child has provided us with personal data, please contact us at privacy@illumateui.app and we will take steps to delete such data promptly.

12. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legal requirements, or our data practices. Any changes will be posted on this page with an updated "Last updated" date. If we introduce non-essential cookies or expand our use of device identification beyond security purposes, we will notify you and, where required by applicable law, obtain your consent before deployment.

13. Contact Us

If you have any questions about our use of cookies, device identification, or this Cookie Policy, please contact us: