
Privacy Policy
This Privacy Policy describes how KAPSTONE D.O.O. (“Rubinia”, “we”, “us”) processes personal data of visitors and users of the website rubinia.ai (the “Website”), including data submitted through the contact form and data managed inside our internal CRM. Processing is carried out in compliance with Regulation (EU) 2016/679 (“GDPR”) and applicable Slovenian and EU data protection law.
1. Data Controller
KAPSTONE D.O.O.
Šalara, Šalara 003 F
6000 Koper — Slovenia
VAT ID: SI33626375
Registration number: 6791280000
Email: info@rubinia.ai
For any privacy-related request you can contact us at the email address above. We do not currently have a designated DPO; if one is appointed in the future, contact details will be published on this page.
2. Categories of data we process
We process the following categories of personal data:
- Contact form data: name, email address, company, project type, message content and any other information you voluntarily include.
- CRM data: when you contact us, the submission is stored in our internal CRM together with status, notes, tags and follow-up information used to manage the commercial relationship.
- Email correspondence: content of emails you send to info@rubinia.ai.
- Technical & security data: IP address, browser information, timestamps and logs of failed admin login attempts, processed to protect the security of the Website and our backend.
- Cookie preferences: the choice you express via the cookie banner is stored locally in your browser.
We do not knowingly collect data from minors and we do not process special categories of personal data (Art. 9 GDPR).
3. Purposes and legal bases
- Replying to your requests and pre-contractual measures (Art. 6(1)(b) GDPR) — to handle contact form submissions and email enquiries.
- CRM and business relationship management (Art. 6(1)(f) GDPR — legitimate interest in organising commercial activities and follow-up).
- Website and backend security (Art. 6(1)(f) GDPR — legitimate interest in preventing abuse, fraud and unauthorised access, including admin brute-force protection).
- Compliance with legal obligations (Art. 6(1)(c) GDPR) where applicable (e.g. accounting, replies to authorities).
- Non-essential cookies / analytics (Art. 6(1)(a) GDPR — consent), only if and when activated and after your explicit consent via the cookie banner.
4. Data retention
- Contact form / CRM records: up to 24 months from the last meaningful interaction, unless a contractual or legal obligation requires longer retention, or earlier deletion is requested by the user.
- Email correspondence: kept for the time necessary to manage the request and any related obligations.
- Admin login attempts log: automatically deleted after 24 hours.
- Admin access audit log: retained for security and accountability purposes for up to 12 months.
- Cookie preferences: stored in your browser for up to 12 months or until you clear them.
5. Recipients and sub-processors
Personal data is accessed only by authorised personnel of KAPSTONE D.O.O. We do not sell personal data. To operate the Website and the CRM we rely on the following categories of processors, acting under Art. 28 GDPR data processing agreements:
- Hosting & backend infrastructure — Lovable (Lovable Cloud, powered by Supabase, EU region) for database, authentication and serverless functions.
- Email provider — provider used to receive and send emails to/from info@rubinia.ai.
- Domain / DNS / CDN providers needed to deliver the Website.
An up-to-date list of sub-processors can be requested at info@rubinia.ai.
6. International data transfers
Our infrastructure is configured to host data within the European Economic Area (EEA). Where a provider processes data outside the EEA, transfers are protected by the safeguards required by Chapter V GDPR (in particular Standard Contractual Clauses, and where relevant supplementary measures).
7. Security measures
We apply appropriate technical and organisational measures to protect personal data, including:
- encryption in transit (HTTPS/TLS) and encryption at rest at the database level;
- row-level security policies on the database and role-based access control;
- multi-factor authentication (TOTP) for all CRM administrators;
- temporary account lockout after repeated failed login attempts;
- logging and auditing of administrative access;
- regular review of permissions and access.
8. Your rights
Under Articles 15–22 GDPR you have the right to:
- access your personal data and obtain a copy;
- request rectification of inaccurate data;
- request erasure (“right to be forgotten”);
- request restriction of processing;
- object to processing based on legitimate interest;
- data portability where applicable;
- withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise these rights, write to info@rubinia.ai. You also have the right to lodge a complaint with the Slovenian Information Commissioner (Informacijski pooblaščenec — www.ip-rs.si) or with the supervisory authority of your country of residence.
9. Automated decision-making
We do not carry out automated decision-making producing legal or similarly significant effects on you (Art. 22 GDPR).
10. Cookies
The Website uses only strictly necessary cookies and local storage required for its operation and to remember your cookie preferences. Non-essential cookies (e.g. analytics, marketing) are not activated without your prior consent. For full details see the Cookie Policy.
11. Updates
This Privacy Policy may be updated to reflect changes to our services or to applicable law. The latest version, with its revision date, will always be published on this page.
Last updated: 1 June 2026