General

This Privacy Policy outlines how Heapcoding ("we," "us") collects and processes personal information provided by you or gathered during your use of our mobile application, Kidlytic ("Kidlytic," "the app") (collectively referred to as "Services," "Service"). We process your personal information in accordance with this Privacy Policy and applicable legislation, including but not limited to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act No. 502 of May 23, 2018, along with any amendments and supplementary laws.

Data Controller Contact Information

Heapcoding is the data controller responsible for the personal information collected through our Services. Should you have any questions, comments, or wish to exercise your rights as described in Section 6, please contact us at:

Heapcoding
Email: info@heapcoding.hr

Personal Information We Collect, Purpose, and Legal Basis for Processing

Heapcoding collects your email address to facilitate secure authentication within the app and to keep you informed about updates and features.

When creating a user profile in the app, you may register using your email and password, Apple ID, or Google Login. By doing so, you authorize us to collect and store your email. Additionally, when creating an account, you will be required to:

• Create at least one profile
• Specify a name or nickname for each profile
• Specify a date of birth for each profile

To ensure secure access to your account, we use Firebase Authentication, which collects your IP address to safeguard against cyberattacks, including "brute-force" attacks. This is done to provide the highest level of security for both you and us.

Purpose of Processing:

• To establish and manage your user account and provide our Services
• To fulfill our contractual obligations to you
• To comply with applicable legal requirements

Legal Basis:

The processing of your personal information is necessary for the performance of our contract with you, in accordance with GDPR Article 6(1)(b). Additionally, processing required to meet legal obligations is conducted under GDPR Article 6(1)(c).

When you upload a photo to the app, we collect and store it in Firebase Storage. The photo is also shared with Google Gemini.

Purpose of Processing:

• To analyze the photo in order to provide our Services

Legal Basis:

This processing is based on your consent, as per GDPR Article 6(1)(a), and is further supported by Section 125(2) of the Act on Payments.

Third-Party Services

To enhance and optimize the app, we utilize Google Firebase ("Firebase") services, including:

• Firebase Authentication
• Firebase Storage
• Google Gemini
• Firebase Firestore Database
• Firebase Cloud Messaging
• Firebase Crashlytics
• Google Analytics for Firebase

Support Inquiries:

When you contact Heapcoding for support, we may access personal information related to your user profile, including your email, profiles, and usage data. This information helps us provide effective support and resolve any issues you may encounter.

Legal Basis:

The processing of your data for support purposes is necessary for the performance of our contract (GDPR Article 6(1)(b)) and aligns with our legitimate interest in supporting your use of our Services (GDPR Article 6(1)(f)).

Recipients of Personal Information

We do not disclose your personal information to third parties, except as required by law or to public authorities such as law enforcement when investigating potential legal violations.

Your information may be shared with external partners who process it on our behalf. These partners are considered data processors and are bound by our instructions. They process the data solely for fulfilling their contractual obligations to us and are subject to strict confidentiality. All data processors comply with GDPR Article 28.

For subprocessors established in the USA, we ensure necessary safeguards for data transfers under the EU-U.S. Privacy Shield or standard contractual clauses, as per GDPR Articles 45 and 46.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to analyze how users interact with the app. Google Analytics uses cookies to collect data, which is stored on Google's servers in the United States. IP anonymization is enabled, meaning your IP address is truncated within the European Economic Area before being transmitted to Google.

Facebook Pixel

The app uses Facebook Pixel to log actions performed on your profile. This data helps us improve user experience.

Your Rights

As the data controller, we ensure transparency in processing your information and inform you of your rights. Should you wish to exercise any of these rights, please contact us using the details provided in Section 2.

• Right of Access: You have the right to request information about the data we hold about you, including its purpose, categories, recipients, and source. You can also request a copy of this information.
• Right to Rectification: You have the right to correct any inaccurate personal information. You can update your details by logging into your user profile within the app.
• Right to Erasure: In certain cases, you may request the deletion of all or some of your personal information, such as when you withdraw consent, and no other legal basis exists for processing. However, continued processing may be required to comply with legal obligations or to establish, exercise, or defend legal claims.
• Right to Restriction of Processing: You may request that we restrict the processing of your personal information to storage only. Further processing may occur only with your consent or for legal claims.
• Right to Data Portability: You may request to receive the personal information you provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this data to another data controller.
• Right to Object: You have the right to object to our processing of your personal information for direct marketing purposes or for reasons related to your specific situation.
• Right to Withdraw Consent: You may withdraw your consent at any time. However, doing so may limit your ability to use certain features of the Service. Withdrawal does not affect the legality of prior processing based on consent.
• Right to Lodge a Complaint: If you have concerns about our processing of your personal information, we encourage you to contact us.

Deletion of Personal Information

• Your personal information will be deleted when no longer necessary for the purposes for which it was collected.
• Information collected through cookies will be deleted within one month of your request.
• Information linked to your user profile will be deleted or anonymized if you delete your profile.
• Non-anonymized data may be retained for up to 10 years if necessary for legal purposes or compliance with legal obligations.

Security

We implement appropriate technical and organizational security measures to prevent unauthorized access, destruction, loss, alteration, or misuse of your personal information. Only employees and data processors who require access to your personal information to perform their duties have such access, and they are bound by confidentiality obligations.

Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time without prior notice. Changes will take effect upon publication in the app. If significant changes are made, we will notify you via email or push notification.

Version Information

This is Version 1 of our Privacy Policy, dated August 10, 2024.