Legal
Privacy Policy
Last updated: 29 June 2026
This Privacy Policy explains how we collect, use, store and protect your personal data when you visit headpills.com (the “Site”), contact us, or use our services. We take your privacy seriously and process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Polish law.
1. Who we are (Data Controller)
The controller of your personal data is:
- Head Pills Dmytro Barinov — sole proprietorship (jednoosobowa działalność gospodarcza), operating as HeadPills.
- Registered address: ul. Nowodworska 95 lok. 17, 54-438 Wrocław, Poland.
- NIP (Tax ID): 8943279161 · REGON: 543950787.
- Contact: hello@headpills.com.
We have not appointed a Data Protection Officer, as we are not legally required to do so. For any privacy matter you can reach us directly at the email above.
2. What data we collect
We only collect what we need:
- Data you give us through a form. When you submit our contact or “free AI audit” form, we collect your name, email address, and any details you choose to include (your website, your goals, your message, and the service you’re interested in).
- Data you give us by contacting us directly. If you email, message us on WhatsApp, Telegram, or Instagram, we receive the contact details and content of your message.
- Technical data. Like any website, our hosting provider automatically processes basic technical information (such as IP address, browser type and pages visited) in server logs, for security and to keep the Site running.
- Anonymous usage statistics (no cookies, no consent needed). We use a privacy-friendly, cookieless analytics tool (Cloudflare Web Analytics) to understand aggregate traffic. It does not use cookies, does not build a profile of you, and does not identify you personally.
- Analytics & marketing cookies (only with your consent). If you accept cookies in our banner, we use Google Analytics 4 (to understand how the Site is used) and the Meta (Facebook) Pixel (to measure our advertising and show relevant ads). These set cookies and share data with Google and Meta. They are not loaded unless and until you consent, and you can withdraw consent at any time (see “Cookies” below).
We do not collect special categories of data (e.g. health, political or religious data), and we do not knowingly process data of children under 16.
3. Why we use your data and our legal basis
- To reply to you and provide a quote or service — legal basis: steps taken at your request prior to entering a contract, and performance of a contract (Art. 6(1)(b) GDPR); where you simply reach out, your consent (Art. 6(1)(a) GDPR).
- To run, secure and improve the Site (technical logs, cookieless statistics) — legal basis: our legitimate interest in operating a safe, functioning website (Art. 6(1)(f) GDPR).
- To measure analytics and run marketing (Google Analytics, Meta Pixel and any cookies they set) — legal basis: your consent(Art. 6(1)(a) GDPR), which you give in our cookie banner and can withdraw at any time.
- To comply with the law (e.g. accounting and tax obligations once you become a client) — legal basis: our legal obligation (Art. 6(1)(c) GDPR).
4. Who we share your data with
We never sell your personal data. We share it only with trusted service providers (processors) who help us run the Site, and only as far as necessary:
- Web3Forms — delivers our form submissions to our inbox.
- Cloudflare, Inc. — website hosting, content delivery, security and cookieless analytics.
- Google (Gmail) — our email provider, where we receive and store your messages.
- Google (Google Analytics 4) — website analytics, only if you consent to analytics cookies.
- Meta Platforms (Meta Pixel) — advertising measurement and retargeting, only if you consent to marketing cookies.
Some of these providers are based outside the European Economic Area (e.g. in the United States). Where data is transferred internationally, it is protected by appropriate safeguards such as the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework.
5. How long we keep your data
We keep enquiry and contact data only as long as needed to handle your request and for a reasonable follow-up period — generally up to 24 months from our last contact — after which it is deleted. If you become a client, we keep contract and accounting records for as long as required by Polish tax law (generally 5 years). You can ask us to delete your data sooner at any time (see your rights below).
6. Your rights
Under the GDPR you have the right to:
- access your personal data and receive a copy of it;
- have inaccurate data corrected (rectification);
- have your data deleted (“right to be forgotten”);
- restrict or object to our processing;
- data portability (receive your data in a portable format);
- withdraw consent at any time, without affecting processing already carried out.
To exercise any of these rights, just email us athello@headpills.com. You also have the right to lodge a complaint with the Polish supervisory authority — the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warsaw, Poland.
7. Cookies & consent
We group cookies and similar technologies into three categories:
- Essential — needed for the Site to function. This includes a small local preference stored on your own device (for example your light/dark theme choice), which is not sent to us and is not used to track you. These require no consent.
- Analytics — Google Analytics 4, to understand how the Site is used so we can improve it. Set only if you accept analytics cookies.
- Marketing — the Meta (Facebook) Pixel, to measure our advertising and show you relevant ads. Set only if you accept marketing cookies.
When you first visit, a cookie banner lets you accept all,reject non-essential, or choose by category. Analytics and marketing tools are blocked until you opt in — we apply Google Consent Mode so that, by default, no analytics or advertising storage is used. You can change or withdraw your choice at any time via the “Cookie settings” link in the footer. Our cookieless analytics (Cloudflare Web Analytics) runs regardless, as it sets no cookies and does not identify you.
8. Data security
The Site is served over an encrypted HTTPS connection and is a static website with no public database or login, which keeps the attack surface small. We apply reasonable technical and organisational measures to protect your data, though no method of transmission over the internet is ever 100% secure.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we’ll revise the “Last updated” date at the top of this page. Significant changes will be made clear on the Site.
10. Contact
Questions about this policy or your data? Email us athello@headpills.com or use ourcontact page. We’re based in Wrocław, Poland.