Cookie & Privacy Policy
How we handle cookies and personal data on wyckflow.com. Essential cookies are always on; analytics and marketing measurement run only with your consent.
Who we are
The data controller is Lukáš Veselý, Poutní 404/5j, 733 01 Karviná, Czech Republic, Company ID (IČ) 87386542, e-mail info@wyckflow.com (operator of wyckflow.com, "we"). This page explains which cookies and similar technologies we use and how we process personal data. Last updated: June 2026.
What cookies are
Cookies and similar storage (localStorage) are small files in your browser. We split them into essential (the site can't work without them — always on) and optional (analytics and marketing measurement — enabled only after you consent).
Cookies we use
| Name | Purpose | Category | Duration |
|---|---|---|---|
| wf_consent | Stores your cookie choice | Essential | 12 months |
| wf_session | Account sign-in | Essential | 30 days |
| wyckflow_lang, wyckflow_ccy | Language & currency choice (localStorage) | Essential | Until you clear it |
| wyckflow_cart_v2 | Cart contents (localStorage) | Essential | Until you clear it |
| _fbp, _fbc | Meta Pixel — visit & conversion attribution | Marketing (consent only) | ~90 days |
| Meta Pixel + Conversions API | Measuring views, cart, checkout and purchases | Marketing (consent only) | Per Meta settings |
| _ga, _ga_* | Google Analytics — distinguishing visitors and sessions | Analytics (consent only) | ~2 years / ~14 months |
| Google Analytics 4 + Measurement Protocol | Measuring views, cart, checkout and purchases | Analytics (anonymous & cookieless without consent; full after consent) | Per Google settings |
Marketing measurement & Meta
With your consent we use the Meta Pixel (in the browser) and the Conversions API (on our server) to measure events such as page views, add-to-cart, checkout and completed purchases. We share this data with Meta Platforms, Inc. (USA) as recipient; it may include a hashed e-mail and technical identifiers. The transfer to the USA relies on the EU‑US Data Privacy Framework and/or Standard Contractual Clauses. Without your consent we send nothing to Meta. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR); essential cookies rely on legitimate interest / performance of a contract (Art. 6(1)(f) and (b) GDPR) and need no consent.
For traffic analytics we use Google Analytics 4 (in the browser via gtag.js) and server-side measurement via the Measurement Protocol for the same events (page views, add-to-cart, checkout and completed purchases). Measurement uses Google Consent Mode: before you consent it runs in an anonymous, cookieless mode — we neither store nor read any cookies (no _ga is set), your IP address and any persistent identifier are not stored, and Google only uses these anonymous, aggregated signals to model overall traffic. After you consent measurement switches to the full mode with _ga cookies. We share this data with Google Ireland Ltd. / Google LLC (USA); it consists of pseudonymous identifiers and technical data, not your e-mail in clear form. Any transfer to the USA relies on the EU‑US Data Privacy Framework and/or Standard Contractual Clauses. The legal basis for the anonymous, cookieless measurement is our legitimate interest (Art. 6(1)(f) GDPR; nothing is stored on your device), while the full, _ga-cookie measurement relies on your consent (Art. 6(1)(a) GDPR). Server-side purchase measurement via the Measurement Protocol is sent only after you consent.
What personal data we process
In addition to cookies (above), we process the following data in connection with the account, purchase and support:
- Account data — e-mail address (also used for passwordless magic-link sign-in), language and currency choice, dates of creation and sign-in.
- Payment and transaction data — order information, purchased studies/tier, period and price, transaction ID and payment status. Payment is processed by Stripe; we do not store your card details.
- Licence data — the issued licence key (WYCK key), the licence scope and validity period.
- E-mail communication — the content and metadata of messages you exchange with us (order confirmations, support, complaints).
- Technical data — IP address, browser type and similar data from site operation (server logs), necessary for security and service operation.
Purposes and legal basis: conclusion and performance of the contract and account management (Art. 6(1)(b) GDPR), compliance with legal obligations including tax and accounting (point (c)), our legitimate interest in security, support and enforcement of rights (point (f)) and — for marketing measurement — your consent (point (a)).
Recipients and processors
We do not pass personal data to anyone beyond what is necessary to provide the service and meet legal obligations. We work with the following recipients/processors:
- Stripe — payment processing and subscription management (Stripe Payments Europe / Stripe, Inc.).
- E-mail service provider (Resend / SMTP) — sending transactional e-mails, sign-in links and confirmations.
- Hosting provider (Contabo GmbH, EU server) — running the website and application on a secure server.
- Meta (Meta Platforms, Inc.) — only with your consent for marketing measurement (Meta Pixel and Conversions API), as described above in the cookies and Meta section.
- Google (Google Ireland Ltd. / Google LLC) — only with your consent for traffic and conversion analytics (Google Analytics 4 and Measurement Protocol).
Some recipients may process data outside the EU/EEA (e.g. in the USA); in that case the transfer relies on the EU‑US Data Privacy Framework or Standard Contractual Clauses. We may also disclose data to public authorities where required by law.
Retention periods
We keep data only for as long as necessary:
- Account and licence data — for the duration of the account; after it is closed we delete or anonymise it, unless a legal obligation prevents this.
- Tax and accounting documents (including transaction data) — for the period required by law (typically up to 10 years under tax and accounting laws).
- E-mail communication and complaints — generally for as long as needed to handle them and then for the limitation periods for any claims.
- Marketing-measurement consent and related identifiers — until consent is withdrawn, at most for the validity period of the relevant cookies (see the table above).
- Server logs — short-term, for security and operational diagnostics.
Your choices & withdrawing consent
Consent is voluntary and given by actively clicking Accept all. Reject is equally easy and the site works without consent. You can change or withdraw your choice anytime via the "Cookie settings" link in the footer of every page. After a reject/withdrawal we stop further measurement and clear the relevant cookies in the current browser.
Your rights
You have the right to access, rectify or erase your data, to restrict and object to processing, and to data portability. You can withdraw consent to marketing measurement at any time (going forward). You may also contact your local data protection authority.
Contact
For data-protection questions, to exercise your rights or to withdraw consent, contact us at info@wyckflow.com (Lukáš Veselý, Poutní 404/5j, 733 01 Karviná, Czech Republic) or through your wyckflow.com account.