Back to The Escape Act

Privacy Policy

Last updated: April 2026

1. Introduction

Buzz Box Sp. z o.o. ("we", "us", "our") operates the website escapeact.co and provides the digital product "The Escape Act". This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or purchase our products.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Buzz Box Sp. z o.o.

3 Maja 22/2c, 40-096 Katowice, Poland

Email: socialdropz@gmail.com

3. Data We Collect

We may collect the following categories of personal data:

  • - Identity Data: name, email address (when you make a purchase)
  • - Transaction Data: purchase history, payment confirmation (we do not store full payment card details)
  • - Technical Data: IP address, browser type and version, time zone, operating system, device information
  • - Usage Data: pages visited, time spent on pages, click patterns, referral source
  • - Communication Data: any correspondence you send to us via email

4. How We Use Your Data

We use your personal data for the following purposes:

  • - To process and deliver your purchase of The Escape Act
  • - To send you purchase confirmations and product updates
  • - To respond to your inquiries and provide customer support
  • - To analyze website usage and improve our product and website
  • - To comply with legal obligations
  • - To detect, prevent, and address fraud or technical issues

5. Legal Basis for Processing (GDPR Art. 6)

We process your data based on the following legal grounds:

  • - Contract performance: processing necessary to fulfill your purchase and deliver the product
  • - Legitimate interests: website analytics, fraud prevention, and product improvement
  • - Consent: where you have given explicit consent (e.g., cookies, marketing communications)
  • - Legal obligation: where we are required to process data by law

6. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us provide and improve our services.

Essential Cookies

Required for the website to function properly. Cannot be disabled. Include session management and security cookies.

Analytics Cookies

Help us understand how visitors interact with our website. Data is anonymized where possible. You can opt out via the cookie consent banner.

Preference Cookies

Remember your preferences such as language selection. Enhance your browsing experience.

You can manage your cookie preferences at any time through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

7. Third-Party Services

We use the following third-party services that may process your data:

  • - Vercel: website hosting (USA, with EU data processing capabilities)
  • - Payment processor: for secure payment handling (PCI DSS compliant, we do not store card details)

Each third-party provider has its own privacy policy. We ensure all providers meet GDPR requirements through appropriate data processing agreements.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Transaction records are kept for the duration required by applicable tax and accounting laws (typically 5-7 years). Analytics data is retained in anonymized form. You may request deletion of your data at any time, subject to legal retention requirements.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • - Right of access: request a copy of your personal data
  • - Right to rectification: request correction of inaccurate data
  • - Right to erasure: request deletion of your data ("right to be forgotten")
  • - Right to restrict processing: request limitation of how we use your data
  • - Right to data portability: receive your data in a structured, machine-readable format
  • - Right to object: object to processing based on legitimate interests
  • - Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at socialdropz@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly in connection with our hosting provider (Vercel, USA). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

11. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Buzz Box Sp. z o.o.

Email: socialdropz@gmail.com