Privacy Policy

The data controller is async.studio, operator of 28s / 28 Summits. For privacy, personal data, and user support matters, contact us at support@async.studio.

If additional registered operator details are published before the public launch, this document will be updated without carrying over third-party company data.

• contact data, such as an email address provided for launch updates or support contact,
• account data, such as a user identifier, email address, profile name, and account settings if an account is created,
• app usage data, such as planned peaks, summit completion status, notes, photos, captions, preferences, and settings,
• technical data, such as IP address, device type, browser, operating system, error logs, diagnostic identifiers, and approximate region,
• payment or physical order status information if collectible pins or related merch are launched in the future.

• providing the service, account handling, data synchronization, and app features - Article 6(1)(b) GDPR,
• handling inquiries, support requests, and launch communications - Article 6(1)(a) or 6(1)(f) GDPR, depending on the nature of the contact,
• security, abuse prevention, diagnostics, and maintaining the website and app - Article 6(1)(f) GDPR,
• legal, accounting, or tax obligations where applicable - Article 6(1)(c) GDPR,
• product analytics and quality improvements where based on legitimate interest or required consent.

The app may request access to device features only when a feature needs it. Permissions can be changed in system settings.

• location may help show nearby peaks, estimate distance, and provide route context,
• camera or photo library access is used when you add a photo to your log,
• notifications may be used for reminders that you choose to enable.

The website may use necessary cookies, localStorage, or similar technologies to remember language, theme, interface settings, and basic website behavior. If analytics or marketing tools are added, they will be used in line with applicable consent requirements.

Cookie settings can be changed in your browser. Restricting cookies may affect some website features, such as remembering preferences.

If physical collectible pins or related merch are launched in the app, we may process name, email address, delivery address, order details, and payment status to handle the order.

Payments for physical products are handled by Stripe. async.studio does not store full payment card numbers.

• providers of hosting, infrastructure, database, authorization, and account synchronization,
• tools for email, support, error diagnostics, security, and analytics,
• payment processors, app stores, or logistics providers where a feature or order requires it,
• legal advisors, accountants, public authorities, or courts where required by law.

We do not sell personal data. Data is shared only as needed to operate the service, provide security, meet legal obligations, or handle a user request.

Some technology providers may process data outside the European Economic Area. In those cases, safeguards required by GDPR are used, in particular standard contractual clauses or other lawful mechanisms.

• launch contact data is kept until consent is withdrawn, an objection is made, or the communication purpose ends,
• account and app data is kept while you use the service and, after account deletion, for the period needed for claims, security, or legal obligations,
• technical and diagnostic logs are kept for the period needed to maintain security and service stability,
• billing data is kept for the period required by law if payments are launched.

• access, rectification, deletion, or restriction of processing,
• data portability where applicable,
• objection to processing based on legitimate interest,
• withdrawal of consent at any time without affecting processing before withdrawal,
• the right to lodge a complaint with the President of the Polish Personal Data Protection Office.

Data requests can be sent to support@async.studio. In some cases, we may need to confirm the identity of the person making the request.

28s does not make decisions that produce legal effects for users solely by automated means. If AI features are launched, they will process user-provided data only as needed for a specific feature, for example to summarize a note or organize a route description.

The service is not directed to children under 13. Minors should use the app with a guardian's consent and supervision. The controller uses organizational and technical safeguards, but no transmission or storage method can be guaranteed fully secure.

This policy may be updated as the product, providers, or legal requirements change. The current version will be available at 28summits.com.