Last updated: May 4, 2026
OpenKinematics is a brand operated by Lagodish Tech, a business registered in Poland. For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR, the data controller is:
Lagodish Tech
Warszawa Złota 75A — Biznes Hub
Złota 75A/7, 00-819 Warszawa, Poland
Privacy contact: [email protected]
We are not required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR; for any privacy-related question, please use the contact above. If you are in the EEA or UK and we do not have an establishment in your country, you may also reach us at the same address — we have not appointed a separate Art. 27 GDPR representative.
This Privacy Policy applies to personal data we process when you visit openkinematics.com, contact us, request a quote or place an order, use our software (OpenBrain, dashboard, SDK, marketplace), or otherwise interact with us.
When you submit any form on this site (including contact and pre-order forms), we record your IP-derived approximate country/city and your message together with the contact channel you provided, and forward it to our internal Telegram channel for handling. This is disclosed in §4 (Sub-processors).
| Purpose | Legal basis | Retention |
|---|---|---|
| Respond to inquiries, quotes, pre-orders. | Art. 6(1)(b) — pre-contractual steps; Art. 6(1)(f) — legitimate interest. | Up to 24 months from last contact. |
| Sell, deliver, and support hardware and software. | Art. 6(1)(b) — performance of contract. | Duration of contract + 6 years (Polish tax/accounting retention). |
| Issue invoices and meet tax/accounting duties. | Art. 6(1)(c) — legal obligation (Polish Accounting Act, VAT Act). | 5 years from end of fiscal year (statutory). |
| Operate, secure, and improve the website and platform. | Art. 6(1)(f) — legitimate interest (security, abuse prevention, analytics). | Logs: up to 12 months. Aggregated analytics: up to 26 months. |
| Marketing communications (newsletter, product updates). | Art. 6(1)(a) — consent. Withdrawable at any time. | Until you unsubscribe or 24 months of inactivity. |
| Comply with export-control and sanctions screening. | Art. 6(1)(c) — legal obligation; Art. 6(1)(f) — legitimate interest. | 10 years (US EAR & EU dual-use record-keeping). |
| Establish, exercise, or defend legal claims. | Art. 6(1)(f) — legitimate interest. | Up to 6 years (Polish civil-law limitation period). |
We do not engage in profiling that produces legal or similarly significant effects on you, and we do not use your personal data for automated decision-making within the meaning of Art. 22 GDPR.
We use the following service providers, who process personal data on our behalf under written data processing agreements (or equivalent contractual safeguards). This list is current as of the "Last updated" date and may change; we will keep it current here.
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting, edge network, deployment. | USA (EU SCCs) |
| Cloudflare, Inc. | CDN, DDoS protection, IP-based geolocation headers. | USA (EU SCCs) |
| Telegram FZ-LLC | Internal notifications: contact-form messages forwarded to our team channel. | UAE (EU SCCs / Art. 49 derogations as applicable) |
| GitHub, Inc. (Microsoft) | Open-source repositories, issue tracking, community. | USA (EU-US DPF / SCCs) |
| Google LLC | Workspace email, document storage (if applicable). | USA (EU-US DPF) |
| Sketchfab (Epic Games, Inc.) | Embedded 3D model viewer (third-party iframe). | USA |
We do not sell personal data. We may also disclose data to professional advisers (lawyers, accountants, auditors), to public authorities where required by law, and in connection with a merger, acquisition, or asset sale (with appropriate safeguards).
Some of our sub-processors are located outside the European Economic Area (EEA), notably in the United States and the United Arab Emirates. Transfers are protected by the European Commission's Standard Contractual Clauses (SCCs, Decision 2021/914), supplementary technical and organisational measures, the EU-US Data Privacy Framework (where the recipient is certified), or — in narrow cases — Art. 49 GDPR derogations (e.g. transfer necessary for the performance of a contract you initiated). You may request a copy of the relevant safeguards by emailing [email protected].
We implement appropriate technical and organisational measures (TLS in transit, encrypted backups, least-privilege access, code review, security monitoring, vendor due diligence) to protect personal data against unauthorised access, alteration, disclosure, or destruction. No system is 100% secure, and we cannot guarantee absolute security. In the event of a personal-data breach affecting your rights, we will notify the competent supervisory authority within 72 hours under Art. 33 GDPR and, if required, notify affected individuals under Art. 34 GDPR.
Subject to the conditions and exceptions in applicable law, you have the following rights:
To exercise any of these rights, email [email protected]. We will respond within one month (extendable by up to two further months for complex requests, with notice).
If you are a California resident, you have the right to know what personal information we collect, the purposes for which it is used, the categories of third parties with whom it is shared, the right to request deletion or correction, the right to opt-out of "sale" or "sharing" (we do not sell or share personal information for cross-context behavioural advertising), the right to limit use of sensitive personal information, and the right to non-discrimination for exercising your rights. To exercise these rights, email [email protected] with the subject line "CCPA Request".
Our services are not directed to children. We do not knowingly collect personal data from children under 16 in the EEA or under 13 in the United States. If you believe we have inadvertently collected such data, contact us and we will delete it.
See our Cookie Policy for the cookies and similar technologies we use, your choices, and how to manage them.
We may update this Privacy Policy from time to time. We will post the revised version on this page, update the "Last updated" date, and — for material changes — give reasonable advance notice (e.g. by email or in-product banner) before they take effect.
Privacy questions: [email protected]. General support: [email protected]. Postal address: see §1 above.