Privacy policy.

NFTeam s.r.o. (“NFTeam”, “we”, “us”) is an independent software studio. We operate the website at nfteam.eu and provide custom software, Web3, and product engineering services to clients worldwide.

Registered office: Hradná 168/2, 945 01 Komárno, Slovenská republika. IČO 50 599 500. DIČ 21 2040 8719. Our studio operates day-to-day out of Budapest, Hungary.

For the purposes of the EU General Data Protection Regulation (GDPR), NFTeam is the controller of any personal data described in this policy. You can reach our data contact at [email protected].

This document explains what data we collect when you visit our website, when you contact us about a project, and during the course of a paid engagement. It also explains why we collect it, how long we keep it, and the rights you have over your information.

It does not cover third-party services that we link to. When you follow a link off nfteam.eu, the destination's own privacy practices apply.

Contact form submissions. When you start a brief via the contact form, we collect the name, company, email, optional phone number, and project description you choose to share.

Email correspondence. If you write to [email protected], we retain the message, your email address, and our reply.

Site analytics. We use Google Analytics to understand how visitors find and use the site. Analytics collects IP address (anonymised), browser type, device, referrer, and the pages you view, but it is not used to identify individual visitors.

Engagement records. During a paid engagement we may store contracts, scope documents, invoices, technical credentials you choose to share with us, and any project artefacts.

We use a small number of cookies. Some are strictly necessary (for example, security and basic site function). Others are analytics cookies used by Google Analytics. We do not use advertising cookies and do not sell visitor data.

You can block or delete cookies at any time via your browser settings, and the site will continue to function. See our Cookie Policy for a full breakdown.

We process personal data only for clearly defined purposes: replying to your enquiry, delivering an engagement you have hired us for, fulfilling contractual and tax obligations, improving the site, and answering follow-up questions.

We do not use your data for automated decision-making or profiling, and we do not share your project details with anyone outside the immediate team working on your engagement.

We share data with a small set of vetted processors that are necessary to operate the studio: our email infrastructure provider, our hosting and CDN provider, our analytics provider, our payment and accounting providers, and tools we use to deliver client work (issue trackers, repositories, design tools). Each is bound by their own data protection commitments.

We do not sell, rent, or trade personal data. We may disclose information if required to do so by law, court order, or in response to a lawful request from a public authority.

Contact form messages and exploratory email threads are retained for up to 24 months unless the conversation has led to an engagement, in which case the records are kept under the engagement's retention period.

Engagement records, contracts, and invoices are retained for the period required by applicable Slovak accounting and tax law (typically ten years). Analytics data is retained per the defaults of Google Analytics.

We use commercially reasonable security measures: encryption in transit (HTTPS across the site), strong authentication on internal systems, the principle of least privilege for who can access client data, and limited retention. No system is impervious, but we treat your data like we'd treat our own.

Under the GDPR, you have the right to access the personal data we hold about you, to correct it, to request deletion, to restrict or object to certain processing, to data portability, and to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We'll respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Some of our processors are located outside the European Economic Area, most commonly in the United States. Where this is the case, transfers are governed by the European Commission's Standard Contractual Clauses or equivalent safeguards.

When we make material changes, we update the date at the top of this page. If a change materially affects your rights, we will surface it in our usual channels. Continued use of the site after a change indicates acceptance of the updated policy.