Privacy Policy

1. Scope

This Privacy Policy explains how Delfis, operated by Lambda GROUP DOO, collects, uses, stores, shares, and protects personal data in connection with the Delfis website, the Delfis web application, related backend services, subscription and payment processes, customer support, and related business communications.

This policy applies to personal data relating to identified or identifiable natural persons. It does not transfer ownership of customer business records, documents, logos, or other content uploaded to the Delfis service. As between Delfis and the customer, such content remains the customer's property, subject to the limited rights described in the Terms of Service for operating and supporting the service.

2. Data We May Collect

Depending on how you interact with Delfis, we may collect and process:

identity and contact data, such as name, email address, phone number, company name, billing address, and similar account or communication details;
account and subscription data, such as account identifiers, selected plan, subscription status, invoices, and payment-related records;
customer content and service data, such as data, documents, files, logos, and records entered into or uploaded to the Delfis platform;
financial and transactional data, such as invoices, bills, quotes, payment records, bookkeeping entries, tax-related records, partner/customer details, and similar commercial documentation processed through the Delfis application;
support and communication data, such as messages sent to us by email or through support channels;
technical and usage data, such as IP-related metadata, browser type, device information, language, referring pages, page visits, and interaction events on the website;
security and diagnostics data, such as application errors, crash information, and troubleshooting logs.

We do not receive or store full payment card numbers on our own systems when card payments are processed through third-party payment providers.

3. How We Use Personal Data

We may use personal data to:

create and manage user accounts;
provide access to the Delfis platform and maintain the service;
process subscriptions, invoices, payments, and related financial records;
store, organize, display, and process financial, accounting, invoicing, and business records that customers manage through the Delfis application;
deliver customer support, onboarding, and service communications;
protect the security, integrity, and availability of the website and platform;
detect abuse, unauthorized access, fraud, or technical issues;
improve our website, platform, documentation, and support experience;
comply with legal, accounting, tax, and regulatory obligations;
establish, exercise, or defend legal claims.

4. Legal Bases for Processing

Where required by applicable law, Delfis processes personal data on one or more of the following bases:

performance of a contract or taking steps at the request of the data subject before entering into a contract;
compliance with legal obligations;
legitimate interests in operating, securing, maintaining, and improving the Delfis website and services, provided that such interests are not overridden by the rights and freedoms of the individual;
consent, where a specific processing activity requires consent under applicable law.

5. Customer Data and Confidentiality

Customer data entered into the Delfis service remains under the responsibility and control of the customer. Delfis processes such data only to the extent reasonably necessary to provide the service, technical support, maintenance, security, backups, troubleshooting, and other related operational purposes.

Access to personal data is restricted to employees, contractors, and service providers who need it to perform their duties and who are subject to confidentiality obligations or comparable contractual safeguards.

Delfis may use non-personal or aggregated data that does not identify an individual customer for service improvement, analytics, technical support, and legitimate business reporting.

We may share personal data only where necessary, including with:

payment processing providers and acquiring banks involved in subscription payments;
hosting, infrastructure, security, and technical service providers;
analytics and error-monitoring providers used to operate and improve the website;
professional advisers, auditors, accountants, insurers, or legal counsel;
competent authorities, regulators, courts, or law enforcement where required by law or legal process;
a buyer, successor, or affiliate in connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.

Delfis does not sell, rent, or otherwise resell personal data or customer business data to third parties.

7. International Transfers

Some service providers used by Delfis may process data outside Montenegro and/or outside the European Economic Area, depending on infrastructure and service configuration. Where required by applicable law, Delfis will use appropriate contractual, organizational, or legal safeguards for such transfers.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to provide the service, comply with legal, tax, accounting, bookkeeping, and regulatory obligations, resolve disputes, enforce agreements, and maintain appropriate security records.

Retention periods may vary depending on the type of data, the nature of the customer relationship, legal obligations, and legitimate business needs. Certain financial, invoicing, payment, bookkeeping, and related business records may be retained for several years where required or justified by applicable law, tax rules, accounting obligations, audit requirements, dispute resolution needs, or legitimate record-keeping purposes. When data is no longer required, Delfis will delete, anonymize, or otherwise securely dispose of it within a reasonable period, unless continued retention is required by law.

9. Your Rights

Subject to applicable law, individuals may have the right to:

request access to their personal data;
request correction of inaccurate or incomplete personal data;
request deletion of personal data where continued processing is not justified;
request restriction of processing in certain circumstances;
object to processing based on legitimate interests;
receive personal data in a portable format where applicable;
withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing;
lodge a complaint with the competent personal data protection authority.

To exercise privacy rights, contact us at info@delfis.me. We may ask for information necessary to verify identity before processing a request.

For users in Montenegro, complaints may be addressed to the Agency for Personal Data Protection and Free Access to Information of Montenegro. If other data protection laws apply to a specific user relationship, the user may also have the right to contact the relevant supervisory authority in that jurisdiction.

10. Security Measures

Delfis applies reasonable technical, administrative, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures may include access controls, transport encryption, operational safeguards, and restricted internal access.

No internet-based service or storage system can be guaranteed to be completely secure. For that reason, Delfis cannot guarantee absolute security or uninterrupted availability of the website or platform.

11. Cookies and Similar Technologies

Delfis uses cookies and similar technologies, including browser storage, to operate the website, understand usage, and maintain security and performance.

These technologies may include:

essential technologies, used for basic website operation, security, and service delivery;
analytics technologies, used to understand visits, page views, navigation paths, and general website usage patterns;
diagnostic technologies, used to detect errors, crashes, and stability problems.

When enabled in our environment, the website may use tools such as:

PostHog, for website analytics and pageview measurement; and
Sentry, for error monitoring and application diagnostics.

Some of these technologies may store or read identifiers in the browser, including local storage entries or similar client-side data used to distinguish repeat visits or associate diagnostic events with a browser session.

You can usually manage cookies and local storage through your browser settings. Blocking or deleting certain technologies may affect website functionality, performance, or the availability of some features.

12. Changes to This Policy

Delfis may update this Privacy Policy from time to time to reflect legal, technical, operational, or business changes. The updated version becomes effective when published on this page, unless a different effective date is stated.

13. Contact

For privacy-related questions or requests, contact:

Lambda GROUP DOO
Email: info@delfis.me
Phone: +382 (67) 012 999
Address: Ul. Scepana Malog Br.4B 26/7, 85000 Bar, Montenegro