1. Data Controller
The data controller responsible for the processing of personal data described in this Privacy Policy is:
Maciej Rychlicki, trading as Context Management
Poland
Email: [email protected]
Maciej Rychlicki / Context Management is subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data.
2. Scope of This Policy
This Privacy Policy applies exclusively to the bellmark.ai website and any direct communications with us (such as support emails or waitlist sign-ups). It covers:
- Visitors to bellmark.ai
- Individuals who submit their email address to the waitlist or contact form
- Individuals who purchase a commercial license (via our payment processor)
- Anyone who contacts us at [email protected]
This policy does not govern data processed by BeLLMark installations running on customer infrastructure — that is entirely under the control and responsibility of the customer.
3. Personal Data We Collect
We collect only the minimum personal data necessary to operate the website and respond to inquiries.
| Category | Data Collected | Purpose | Source |
|---|---|---|---|
| Waitlist / Contact | Email address; optionally, name or message text | To notify you of product launch, updates, or respond to your inquiry | Provided directly by you via the website form |
| Purchase / Payment | Email address, invoice details; billing information processed exclusively by Creem | License delivery, invoicing, purchase records, tax compliance | Provided by you at checkout; received from Creem (Merchant of Record) |
| Support Correspondence | Email address, name (if provided), message content | To respond to and resolve support requests | Provided directly by you via email |
| Website Analytics | Anonymised / aggregated visit data (page views, referrer, country-level location, device type, browser) | To understand how visitors use the website and improve it | Automatically collected via web analytics (see Section 7) |
Data We Do Not Collect
We do not collect, access, or process any data from BeLLMark installations running on customer infrastructure, including prompts, model responses, API keys, benchmark results, or any other usage data.
4. Legal Basis for Processing
Under GDPR Article 6, we rely on the following legal bases:
Consent (Article 6(1)(a))
When you voluntarily submit your email address to the waitlist or contact form, you consent to us processing that data to communicate with you about BeLLMark. You may withdraw this consent at any time by emailing [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Contract Performance (Article 6(1)(b))
When you purchase a commercial license, we process your email address and related purchase information to deliver the license, provide receipts, handle support requests arising from the purchase, and fulfil our contractual obligations to you.
Legitimate Interests (Article 6(1)(f))
We process anonymised and aggregated website analytics data on the basis of our legitimate interest in understanding how visitors use bellmark.ai in order to improve the website. This processing does not involve identifying individual visitors, and the interests of data subjects are not overridden by this purpose.
Legal Obligation (Article 6(1)(c))
We may process personal data where necessary to comply with applicable legal obligations, such as tax record-keeping requirements for commercial transactions.
5. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by applicable law.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Waitlist email addresses | Until you request removal, or 24 months after the last relevant product communication, whichever is earlier | Consent-based; purpose ends when product launch communications are complete or consent withdrawn |
| Support correspondence | Up to 2 years from the date of resolution | Legitimate interest in maintaining a record of resolved issues for quality and legal reference |
| Purchase / transaction records | 5 years from the date of transaction | Legal obligation — Polish accounting and tax law requires retention of financial records for 5 years |
| Website analytics data | Up to 13 months (aggregated / anonymised; no individual retention) | Legitimate interest; data is not attributable to individual persons |
When data reaches the end of its retention period, it is securely deleted or irreversibly anonymised.
6. Third-Party Processors
We use a limited set of third-party services to operate the website and process payments. Each acts as a data processor (or, in the case of Creem, as Merchant of Record) under appropriate data processing terms.
| Processor | Role | Data Involved | Location | Privacy Reference |
|---|---|---|---|---|
| Cloudflare, Inc. | Website hosting (Cloudflare Pages), CDN, DDoS protection, email routing | IP addresses, request metadata (processed transiently for network routing and security) | USA (SCCs / adequacy basis) | cloudflare.com/privacypolicy |
| Creem | Payment processor and Merchant of Record (MoR). Creem handles the entire checkout and payment flow on our behalf as the seller of record. | Billing name, email, payment instrument details, purchase amounts, country. Creem is the data controller for payment data it collects directly. | Estonia / EU | creem.io/legal/privacy |
| GitHub, Inc. | Source code repository (public). Visitors who click the GitHub link interact with GitHub's platform directly. | No personal data is sent by us to GitHub beyond standard web browsing metadata collected by GitHub when you visit github.com. | USA | GitHub Privacy Statement |
Payment Processing — Creem as Merchant of Record
Payments for BeLLMark commercial licenses are processed by Creem, an Estonian company acting as the Merchant of Record. This means Creem is the legal seller in the transaction: they collect payment, issue VAT-compliant invoices, handle refunds, and bear liability for applicable sales taxes. Your payment details (card numbers, banking data) are processed exclusively by Creem and its payment network partners and are never transmitted to or stored by us. By purchasing a license, you also agree to Creem's Terms of Service and Privacy Policy.
International Data Transfers
Some of the third parties listed above are based outside the European Economic Area (EEA). Where personal data is transferred to countries not recognised as providing an adequate level of protection (such as the USA), such transfers are subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) as adopted by the European Commission. Please refer to the privacy policies of the respective third parties for details of the safeguards they employ.
7. Cookies and Tracking
What Are Cookies?
Cookies are small text files placed on your device by a website. They are widely used to make websites function correctly or more efficiently, and to provide information to website operators.
Cookies We Use
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
Cloudflare technical cookies (e.g., __cf_bm, _cfuvid) |
Strictly necessary | Bot management, DDoS protection, load balancing — required for the website to function securely | Session / up to 30 minutes |
| Web analytics (anonymised, cookieless or privacy-respecting implementation) | Analytics (legitimate interest) | Aggregate page-view statistics, referrer data, browser/device type — no individual profiling, no cross-site tracking | Session or short-lived (up to 13 months aggregated) |
Strictly Necessary Cookies
Cookies placed by Cloudflare for security and performance purposes are strictly necessary for the website to function and cannot be opted out of while using the site. They do not track you for marketing purposes.
Analytics
Where analytics are used, we implement them in a privacy-respecting configuration: IP addresses are anonymised, data is not shared with advertising platforms, and no personal profiles are built. You may opt out of analytics by enabling the "Do Not Track" signal in your browser, or by using a browser extension that blocks analytics scripts. You may also object to analytics processing by contacting us (see Section 9).
Managing Cookies
You can control and delete cookies through your browser settings. Instructions for major browsers:
Note that blocking strictly necessary cookies may affect the functionality of the website.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights in relation to your personal data. These rights apply to data processed by us and are subject to certain limitations and exemptions under applicable law.
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of it along with information about how it is used.
You have the right to have inaccurate or incomplete personal data about you corrected or completed without undue delay.
You have the right to request deletion of your personal data ("right to be forgotten") where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
You have the right to request that we restrict the processing of your data in certain circumstances, for example while a dispute about accuracy is resolved.
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You have the right to object to processing based on legitimate interests, including analytics. You also have the right to object to direct marketing at any time, without giving reasons.
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
You have the right to lodge a complaint with a supervisory authority if you believe your rights have been infringed. See Section 10 for details.
9. How to Exercise Your Rights
To exercise any of the rights described in Section 8, please contact us at:
Email: [email protected]
Subject line: "GDPR Data Request — [Your Right]" (e.g., "GDPR Data Request — Erasure")
We will respond to your request within 30 days of receipt, in accordance with Article 12 GDPR. In complex or high-volume cases, this period may be extended by a further two months; we will inform you of any such extension and the reasons for it within the initial 30-day period.
We may ask you to verify your identity before processing your request to prevent unauthorised disclosure or deletion of personal data. We will not charge a fee for reasonable requests; if a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to act on the request, in which case we will explain our reasons.
10. Right to Lodge a Complaint
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.
As the data controller is based in Poland, the lead supervisory authority is:
Urząd Ochrony Danych Osobowych (UODO)
Polish Data Protection Authority
ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
Website: uodo.gov.pl/en
Email: [email protected]
You also have the right to an effective judicial remedy against a controller or processor, and against a supervisory authority that fails to act on a complaint, under Article 79 GDPR.
We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority. Please reach out to us at [email protected] and we will do our best to resolve any issue promptly.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:
- HTTPS encryption for all website traffic (enforced by Cloudflare)
- Access to personal data (e.g., support inbox) restricted to the data controller
- Use of reputable, security-vetted third-party processors for hosting and payments
- Minimal data collection — we do not collect what we do not need
Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, will notify affected individuals without undue delay.
12. Children's Privacy
BeLLMark is a professional developer and research tool not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe that we have inadvertently collected personal data from a child, please contact us immediately at [email protected] and we will promptly delete such data.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the services we offer. When we make material changes, we will:
- Update the "Effective date" at the top of this page
- Where feasible and where we hold your email address, notify you by email
- Post a notice on the bellmark.ai homepage for a reasonable period
We encourage you to review this policy periodically. Your continued use of the bellmark.ai website after changes become effective constitutes acceptance of the updated policy, to the extent permitted by law. For material changes that require renewed consent (e.g., new purposes for existing data), we will request your consent separately.
Previous versions of this policy can be requested by contacting [email protected].
14. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing activities, please contact us:
Data Controller: Maciej Rychlicki / Context Management
Email: [email protected]
Response time: We aim to respond to all privacy-related enquiries within 5 business days.
For general product questions, bug reports, or feature requests, you are also welcome to open an issue on the BeLLMark GitHub repository.