Privacy Policy

Last updated: 2026-06-18

This Privacy Policy describes how DataOps, s.r.o. ("we", "us", "our"), the operator of the MDflow service available at mdflow.cz ("Service"), collects, uses and stores information about you ("you", "user") when you use the Service.

By using the Service you confirm that you have read and understood this Policy.

1. Who is the data controller

The data controller is:

DataOps, s.r.o. Registered in the Czech Republic. Contact: vaclav@wearedataops.cz

2. What data we collect

We only collect the data needed to operate the Service.

From your Google account (via Google OAuth):

Content you create:

Technical data automatically collected by our hosting providers:

Analytics (only with your consent):

3. Why we collect it

We use your data only to:

We do not sell your data. We do not use your documents to train machine-learning models. We do not show you ads.

4. Legal basis

We process your data on the basis of:

5. Where your data lives

The Service runs on third-party infrastructure:

These providers may process your data outside the European Economic Area. They are bound by their own privacy terms and standard contractual clauses.

6. Public sharing

When you toggle public sharing on for a document, the document title and body become accessible to anyone who has the share URL. The URL contains a cryptographically random 64-character slug. We never publish the URL ourselves — it is up to you who you share it with.

The public viewer never reveals the document owner's email, name, avatar or any other documents in their workspace. When commenting is enabled, signed-in users with the share link can see comments together with each comment author's display name and avatar. Email addresses are not shown.

When you toggle sharing off, the slug is invalidated and the previous URL stops working.

Any signed-in user with an active share link can open an independent private copy of the shared document in their own workspace. The copy is not linked to the original after it is created.

7. Cookies

We use cookies strictly necessary to keep you signed in. We also use Google Analytics cookies, but only after you accept them in the cookie banner — if you decline, no analytics cookies are set. We do not use advertising or marketing cookies.

8. How long we keep your data

We keep your account and content for as long as your account exists. If you ask us to delete your account, we delete your folders, documents and profile from our database. Backups may retain copies for a limited period before being overwritten.

Server access logs are kept for a short, technically necessary period.

9. Your rights

Under the GDPR you have the right to:

To exercise any of these rights, email us at vaclav.vaclav@wearedataops.cz.

10. Children

The Service is not intended for users under 16. We do not knowingly collect data from children.

11. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be announced inside the Service before they take effect.

12. Contact

Questions about this Policy: vaclav@wearedataops.cz

← Back to sign in