Last updated: April 2, 2026 · Operated by Dmytro Nizhebetskyi IT Project Manager JDG, Poland
This Privacy Policy explains how Dmytro Nizhebetskyi IT Project Manager JDG, a sole proprietorship registered in Poland ("we," "us," or "our"), collects, uses, stores, and protects personal data when you use AI PM Mentor (the "Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Polish Act on the Protection of Personal Data, and other applicable data protection legislation. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
Dmytro Nizhebetskyi IT Project Manager JDG is the data controller for personal data collected through AI PM Mentor. Contact: support@itpmschool.com
We collect information you provide when creating an account (email address, password) and information generated through your use of the Service (chat history, usage data, onboarding responses). Payment information is processed and stored by Creem — we do not store credit card numbers or security codes. We also automatically collect technical data such as IP address, browser type, pages visited, and session duration for security and performance purposes.
We process your data only when a lawful basis exists: Contract Performance — to provide the Service, manage your account, and process payments. Legitimate Interests — to improve the Service, prevent fraud, and ensure security. Legal Obligation — to comply with Polish tax law and other applicable regulations. Consent — for any optional communications where we have explicitly asked for your permission.
We use your personal data to: provide and operate the Service; process payments and manage your subscription; send service-related communications (account confirmations, billing notifications); personalize your AI assistant experience through chat history; detect and prevent fraud and security issues; and comply with legal obligations.
Account data is retained while your account is active and deleted within 30 days of an account deletion request. Billing and transaction data is retained for up to 5 years after the last transaction in accordance with Polish tax obligations. Session and usage logs are retained for up to 26 months.
We use strictly necessary cookies for authentication and session management. No third-party tracking or advertising cookies are used. These cookies are essential to the operation of the Service and cannot be disabled without affecting functionality.
We use the following third-party service providers, each operating under its own privacy policy: Supabase (database and authentication — supabase.com/privacy); Creem (payment processing — creem.io/privacy); MindPal (AI chatbot infrastructure — mindpal.space/privacy-policy). Each provider has access only to the data necessary to perform their function and is contractually obligated to protect your data.
Some of our service providers operate outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or transfers to countries with an EU adequacy decision.
As a data subject under GDPR, you have the following rights: Access — request a copy of the personal data we hold about you. Rectification — request correction of inaccurate or incomplete data. Erasure — request deletion of your data, subject to retention requirements. Restrict Processing — request that we limit how we use your data in certain circumstances. Data Portability — request a machine-readable copy of your data. Object — object to processing based on legitimate interests. Withdraw Consent — withdraw consent at any time without affecting prior processing. Lodge a Complaint — with the Polish data protection authority (UODO) at uodo.gov.pl. To exercise any of these rights, contact us at support@itpmschool.com. We respond within 30 days.
We protect your personal data using SSL/TLS encryption across the entire Service, row-level security in our Supabase database (ensuring your data is accessible only to you), and industry-standard password hashing. Payment data is handled exclusively by Creem under PCI DSS compliance standards. While we apply commercially reasonable security measures, no transmission or storage method is completely secure.
The Service is not directed at anyone under 16 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data without parental consent, please contact us at support@itpmschool.com and we will promptly delete it.
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated via email or a prominent notice on the Service. The "Last Updated" date at the top of this page indicates the most recent revision.
For questions about this Privacy Policy or to exercise your data subject rights, email us at support@itpmschool.com or visit our Contact page. You may also lodge a complaint with the Polish data protection authority: Urząd Ochrony Danych Osobowych (UODO).