mos20.pl Privacy Policy

a) Server-level technical data (Cloudflare edge logs)

When you visit mos20.pl, Cloudflare — our CDN and security provider — records standard HTTP request data including IP address, User-Agent, request URL, HTTP status, and timestamps. This data is retained per Cloudflare's default retention policy and used solely for security, abuse prevention, and diagnostics.

b) Aggregated analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics, a privacy-preserving analytics service that does NOT use cookies and does NOT fingerprint users. It collects aggregated page view data, referrers, Core Web Vitals, and general geographic information (country level). No individual user identification is possible.

c) Cookies set by Cloudflare's security layer

When our CDN protects the site, Cloudflare may set the following strictly necessary cookies:

• _cf_bm — bot management (30 min session). Distinguishes human visitors from automated bots. No personal data.
• cf_clearance — set only when a visitor completes a security challenge (e.g. CAPTCHA). No personal data.

These are classified as strictly necessary under ePrivacy Directive Art. 5(3) — they are technically required to protect our service from attacks. You can block them in your browser settings, but parts of the site may become unavailable.

• Our own cookies (we set none).
• Personal data via forms (the site has no forms).
• Newsletter signups.
• Advertising identifiers or tracking pixels.
• Any data we could use to identify you personally.

• Cloudflare edge logs and strictly necessary cookies: legitimate interest (GDPR Art. 6(1)(f)) — protecting our service from attacks and ensuring availability.
• Cloudflare Web Analytics: legitimate interest — understanding how our content is used, without identifying visitors.

• Cloudflare, Inc. (USA, with EU data centers). Cloudflare operates under the EU-U.S. Data Privacy Framework and offers a Data Processing Agreement. For EU users, Cloudflare's Customer Metadata Boundary keeps identifying data within the EU. Privacy policy: cloudflare.com/privacypolicy
• Amazon Web Services (AWS S3, eu-central-1 region, Frankfurt, Germany). Used as origin storage only; AWS does not see end-user traffic directly. Privacy policy: aws.amazon.com/privacy

• Cloudflare edge logs: per Cloudflare's standard retention (typically 30 days on Free plan).
• Cloudflare Web Analytics: aggregated, no individual retention.
• Cookies: session-based (_cf_bm: 30 min; cf_clearance: up to 30 days).

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure
• Restrict or object to processing
• Lodge a complaint with the Polish supervisory authority (UODO) at uodo.gov.pl

Since we do not store any personally identifying data ourselves, most of these rights are trivial for us to honor. For data held by Cloudflare, contact us at [email protected] and we will assist.