Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains what personal data Lytmark collects, how we use it, and the rights you have. We aim to collect as little data as possible and to be transparent about how it is handled.

1. Who is responsible for your data

Lytmark, operated by a company registered in the Republic of Serbia, is the data controller for personal data processed through the service. For data that our customers collect from their own end users via the widget, the customer is the controller and Lytmark acts as a processor.

2. Data we collect

We collect the following categories of data:

Account data: your email address and authentication details, used to create and secure your account.
Project data: the changelog posts, roadmap items, and settings you create.
Usage analytics: aggregated, privacy-respecting metrics about widget views and interactions. We use a hashed visitor identifier and do not collect names, emails, or precise location of end users.
Billing data: handled by our payment provider, Paddle. We do not store full payment card details on our servers.
Technical data: standard server logs such as IP address and request metadata, used for security and reliability.

3. How we use your data

We use personal data to provide and operate the service, authenticate your account, process payments, deliver transactional emails such as login codes, monitor and improve performance and security, and comply with legal obligations.

4. Legal bases for processing

Where the GDPR applies, we process personal data on the basis of performance of a contract (to provide the service), our legitimate interests (security, improvement, and fraud prevention), your consent where required, and compliance with legal obligations.

5. Analytics and cookies

The Lytmark widget is designed to be privacy-friendly. End-user analytics rely on a hashed identifier rather than tracking cookies tied to a personal identity. The Lytmark dashboard uses essential cookies required for authentication and session management.

6. Sharing your data

We do not sell your personal data. We share data only with service providers who help us operate Lytmark, including:

Cloudflare, for hosting and edge infrastructure;
Paddle, for payment processing and as merchant of record;
Resend, for delivering transactional emails.

These providers process data on our behalf under appropriate agreements. We may also disclose data where required by law.

7. International transfers

Our providers may process data outside your country, including outside the European Economic Area. Where this occurs, appropriate safeguards such as standard contractual clauses are used to protect your data.

8. Data retention

We retain account and project data for as long as your account is active. After you close your account or cancel, we retain data for a reasonable period to meet legal and operational needs, then delete or anonymise it. Authentication codes expire shortly after issuance.

9. Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us using the details on our website. You also have the right to lodge a complaint with a data protection authority.

10. Security

We use technical and organisational measures to protect your data, including encryption in transit and access controls. No system is completely secure, but we work to safeguard your information and to respond promptly to any incident.

11. Children

Lytmark is not directed to children and we do not knowingly collect personal data from anyone under 18.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by a reasonable method, and the "last updated" date above will reflect the latest revision.

13. Contact

For privacy questions or requests, please use the support contact listed on our website.