Privacy Policy

Effective Date: March 10, 2026
Last Updated: March 10, 2026

1. Introduction

TechMR Michał Rajchel (Registered in and operating from Poland, Tax ID: PL6912557416, NBR: 520251219) ("Aucupor", "we", "us", or "our") operates the website https://aucupor.io and the Aucupor Remote Monitoring & Management (RMM) platform (collectively, the "Service").

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR" / "RODO") and other applicable European Union and national data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

2. Our Roles: Data Controller vs. Data Processor

To understand how your data is handled, it is crucial to distinguish between our two roles under the GDPR:

A. Aucupor as a Data Controller

We act as a Data Controller when we collect personal data from visitors to our website, individuals who contact us, and representatives of the organizations (our "Customers") who register for and purchase our Service. This means we determine the purposes and means of processing this data (e.g., billing, account management, marketing).

B. Aucupor as a Data Processor

We act as a Data Processor when we process the personal data of our Customers' employees, contractors, or other end-users ("End-Users") who are monitored via the Aucupor Agent installed on the Customer's endpoints.

  • The Customer is the Data Controller for all End-User data collected through the Service.
  • The Customer is solely responsible for establishing a lawful basis for monitoring their End-Users (e.g., legitimate interest, employment contract), informing their End-Users about the monitoring, and fulfilling all obligations under local labor laws.
  • Aucupor only processes this End-User data strictly according to the Customer's documented instructions (via the features of the Service) and our Data Processing Agreement (DPA).

3. Data We Collect as a Data Controller

When you visit our website, register an account, or contact us, we may collect the following data:

  • Account & Contact Data: Name, email address, company name, phone number, and password (securely hashed).
  • Billing & Financial Data: VAT/Tax ID, billing address, and transaction history. (Note: We do not store full credit card numbers; these are handled directly by our secure payment gateway providers).
  • Technical & Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, and access times collected via cookies and similar technologies.
  • Communication Data: Records of correspondence if you contact our support or sales teams.

Lawful Basis for Processing (Controller Data)

  • Performance of a Contract (Art. 6(1)(b) GDPR): To provide the Service, manage your account, and process payments.
  • Legitimate Interests (Art. 6(1)(f) GDPR): To improve our website, ensure IT security, and prevent fraud.
  • Legal Obligation (Art. 6(1)(c) GDPR): To maintain financial records for tax and accounting purposes.
  • Consent (Art. 6(1)(a) GDPR): For sending promotional emails (which you can opt out of at any time).

4. Data We Process as a Data Processor (End-User Data)

When a Customer installs the Aucupor Agent on an endpoint, the Service automatically collects data about the device and its user. Depending on the Customer's configuration, this data may include:

  • Endpoint Identity Data: Hostname, hardware UUID (e.g., BIOS UUID), IP addresses (local and public), MAC addresses, and active network interfaces.
  • Security & System Data: Status of Antivirus, TPM, Secure Boot, and disk encryption.
  • Activity Tracking Data: Active vs. Idle time calculations, daily timelines, and application usage statistics.
  • Browsing & Application History: Titles of active windows, URLs of visited websites, and names of executed processes.
  • Geolocation Data: Approximate physical location of the device based on IP or Wi-Fi triangulation.
  • Live Screen Streaming: Real-time visual data from the device's monitors (only transmitted when explicitly requested by an authorized Customer administrator; streaming data is not recorded or stored persistently by Aucupor).
Crucial Note on Storage and Access: All End-User data is processed automatically by our servers. We do not access, view, or analyze this data except as strictly necessary to provide technical support (upon the Customer's explicit request) or to maintain the security and functionality of the Service.

5. How We Protect Your Data

Security is foundational to our Service. We implement appropriate technical and organizational measures (Art. 32 GDPR) to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

  • 100% EU Infrastructure: All data is hosted on secure cloud infrastructure located exclusively within the European Economic Area (EEA). We do not transfer Customer or End-User data to the United States or other non-EEA jurisdictions.
  • Encryption: Data is encrypted in transit (TLS/SSL).
  • Regular backups: We regularly backup the data to ensure contionus opertation even after a major failure.
  • Access Controls: Strict Role-Based Access Control (RBAC) and mandatory Two-Factor Authentication (2FA) are implemented for accessing the Aucupor dashboard.
  • Audit Logging: All significant actions performed by Customer administrators (e.g., initiating a live screen stream, changing settings) are logged to ensure transparency and accountability.
  • 2FA: We enforce 2FA for Organisation admins and make it available for all other users.

6. Data Retention

  • Controller Data: We retain your account and billing data for as long as your account is active, and thereafter as necessary to comply with our legal obligations (e.g., tax laws typically require retention of invoices for 5-10 years), resolve disputes, and enforce our agreements.
  • Processor Data (End-User Data): We retain End-User data only for the duration specified by the Customer or as long as the Customer maintains an active subscription. Upon termination of the contract or a specific deletion request from the Customer, we will permanently delete all associated End-User data within the timeframe stipulated in our DPA (usually 30 days).

7. Sharing of Personal Data & Sub-processors

We do not sell, rent, or trade personal data. To provide the Aucupor Service, we engage carefully vetted third-party entities to process personal data on our behalf. In accordance with Article 28 of the GDPR, we maintain the following up-to-date list of our Sub-processors. We strictly ensure that all Sub-processors are bound by rigorous Data Processing Agreements (DPAs). All data processing occurs exclusively within the European Economic Area (EEA).

Sub-processor Entity & Legal Details Purpose of Processing Location
OVH SAS
2 rue Kellermann, 59100 Roubaix, France 		Cloud Infrastructure, Database Hosting, and Data Storage. France/Poland (EU)
Vercom S.A. (EmailLabs)
ul. Wierzbięcice 1B, 61-569 Poznań, Poland 		Delivery of transactional emails and system alerts. Poland (EU)
Web INnovative Software Sp. z o.o. (wFirma)
ul. Bierutowska 57-59, 51-317 Wrocław, Poland 		Invoicing, accounting, and secure processing of Customer billing data. Poland (EU)
Plausible Insights OÜ
Västriku tn 2, 50403, Tartu, Estonia 		Privacy-friendly, cookieless website analytics. Estonia (EU)

Independent Data Controllers: We may also share data with legal or regulatory authorities (such as tax offices or law enforcement) if required by law, court order, or a competent European regulatory authority. In these specific instances, these authorities act as independent Data Controllers.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our public website (https://aucupor.io) to analyze traffic, remember your preferences, and ensure the site functions correctly.

When you first visit our site, you will be presented with a Cookie Banner allowing you to consent to or reject non-essential cookies. You can manage your cookie preferences at any time through your browser settings.

9. Your Data Protection Rights under GDPR

If you are a resident of the EEA, you have the following rights regarding the personal data we hold as a Data Controller:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations.
  • Right to Restriction of Processing: Request that we temporarily halt processing your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

How to exercise your rights: Contact us at m.rajchel@aucupor.io. We will respond to your request within 30 days.

Note for End-Users: If you are an employee whose data is being monitored via the Aucupor Service, your employer is the Data Controller. Please direct any requests regarding your data rights (e.g., access, deletion) directly to your employer's HR or IT department. If we receive such a request directly, we will forward it to the respective Customer.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify Customers of any material changes via email or a prominent notice within the Service dashboard prior to the change becoming effective.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

TechMR Michał Rajchel (Registered in and operating from Poland, Tax ID: PL6912557416, NBR: 520251219)
Wrocław, Poland
Obornicka 107/5A, 51-114 Wrocław, Dolnośląskie
Email: m.rajchel@aucupor.io
Website: https://techmr.eu

If you believe we have not complied with data protection laws, you have the right to lodge a complaint with your local Data Protection Authority (in Poland: Prezes Urzędu Ochrony Danych Osobowych - PUODO).