Privacy Policy

Partheon ("Partheon", "we", "us") is operated by Seneko d.o.o., a limited liability company registered in Slovenia. This policy explains, in plain language, what personal data we collect on partheon.me and partheon.vip, why we collect it, and what your rights are under the EU General Data Protection Regulation (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Who we are (controller & imprint)

Under GDPR Article 4(7), the controller of your personal data is:

• Company: Seneko d.o.o.
• Registered seat: Liminjanska cesta 25, 6320 Portorož, Slovenia
• Registration number (matična številka): 2296365000
• Tax ID (davčna številka): SI40032132
• VAT-registered: Yes, VAT ID SI40032132
• Registry: Sodni register Republike Slovenije (AJPES)
• Contact: [email protected]

We have not appointed a Data Protection Officer because we are not required to under GDPR Article 37 — our processing does not involve large-scale or systematic monitoring at this stage. If that changes, we will update this policy.

2. What we collect, why, and on what legal basis

Waitlist signups

When you join the launch waitlist via the form on our site, we collect:

• Your email address (you provide it)
• The IP address the request came from
• Your browser's user-agent string
• The timestamp of your signup
• The source label of the form you used (e.g. "landing")

Purpose: to let you know when Partheon launches, to prevent duplicate signups, and to detect abuse of the form.

Legal basis: your consent (GDPR Art. 6(1)(a)) for the email itself, and our legitimate interest (Art. 6(1)(f)) in protecting the form from abuse for the IP / user-agent log.

Server logs

Our reverse proxy (Caddy) keeps short-lived access logs containing request paths, IP addresses, and user-agent strings, used solely for debugging and protecting the service. Legal basis: legitimate interest (Art. 6(1)(f)). Retention: rolling 14 days.

Cookies / local storage

We currently store one item locally on your device — a record of your cookie-consent choice — so we don't pester you with the banner on every page load. Full breakdown on our Cookie Policy page. We do not run analytics, advertising, or third-party tracking on this site at the time of writing. When that changes, this page updates first.

3. Who we share data with

We do not sell your data. We share it only with the providers we need to run the service:

• Contabo GmbH (Germany, EU) — hosting our VPS, including the database where waitlist signups live.
• Cloudflare, Inc. (USA) — CDN and DNS in front of our domains. Cloudflare may briefly process IP addresses to deliver requests. Transfer relies on Standard Contractual Clauses (Commission Decision 2021/914) and the EU–US Data Privacy Framework where applicable.
• Law enforcement or regulators — only when legally required.

Email notifications about new signups are sent through our own mail server on the same VPS — no third-party email provider sees them.

4. How long we keep it

• Waitlist email: until you ask us to delete it, or until 90 days after public launch, whichever comes first.
• IP / user-agent log: 30 days, then anonymized.
• Server access logs: 14 days.
• Cookie-consent record: 12 months on your device, renewed on each visit.

5. Your rights (GDPR Articles 15–22)

You have the right to:

• Access the data we hold about you.
• Rectification if it's wrong.
• Erasure ("right to be forgotten").
• Restrict or object to processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time, without affecting the lawfulness of earlier processing.

To exercise any of these, email [email protected]. We respond within 30 days, free of charge.

If you believe we've mishandled your data, you can lodge a complaint with the Slovenian Data Protection Authority:

• Informacijski pooblaščenec RS
• Dunajska cesta 22, 1000 Ljubljana, Slovenia
• www.ip-rs.si · [email protected]

6. Security

Data lives on encrypted disks on our Slovenian-operated EU VPS, behind a firewall and Caddy with auto-renewing TLS certificates. Access is limited to founders. We use bcrypt-class hashing for any future credentials, parameterized queries against the database, and apply security updates promptly. We can't promise perfect security — no one can — but we treat your data like we'd want ours treated.

7. Age

Partheon is intended for users 18 and older. If you're under 18, please don't sign up. If you're a parent or guardian and believe a minor has joined the waitlist, email [email protected] and we will delete the record.

8. Mobile app (not yet live)

The Partheon mobile app is in development. When it ships, this policy will be updated to cover account creation, location data, push notifications, and event RSVPs. Until then, only the website / waitlist scope above applies.

9. Changes

We'll update this policy when our practices change. Material changes get an email to everyone on the waitlist. The "Last updated" date at the top of this page always reflects the current version.

10. Contact

• Privacy questions: [email protected]
• General contact: [email protected]