Shvidlik logoSHVIDLIK
Back to Main Page
Legal

Privacy Policy

1. Introduction

SHVIDLIK ("we", "us", or "our") is committed to protecting your privacy and the personal data of our users — especially children. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, WebAR platform, and related services (collectively, the "Services").

We operate in full compliance with the General Data Protection Regulation (GDPR) of the European Union and the Children's Online Privacy Protection Act (COPPA) where applicable. Our registered business address is in Croatia, EU.

2. Children's Privacy & COPPA Compliance

Protecting children's privacy is at the core of our design. SHVIDLIK does not knowingly collect personal information from children under 13 without verifiable parental consent.

  • We do not track precise real-time background location.
  • We do not sell or share children's data with third parties for advertising.
  • We only collect minimal gamification data (e.g., character collection progress) to power the Shvidlik Passport experience.
  • Parental consent is required before a child account is activated.

3. Data We Collect

We collect only the data necessary to provide and improve our Services:

  • Account data: Name, email, and venue affiliation for venue managers and parents.
  • Gamification data: Anonymised or pseudonymised character unlocks, house visits, and passport stamps for children.
  • Usage data: Aggregated analytics on scan events and feature usage (no personal identifiers).
  • Contact data: Information submitted via demo or investor request forms.

4. How We Store & Protect Data

All data is stored securely in Supabase, our ISO-certified cloud database provider. We implement industry-standard encryption in transit (TLS) and at rest. Access is restricted to authorised personnel only, and all systems are monitored for unauthorised access.

5. GDPR Rights (EU Users)

If you are located in the European Union, you have the following rights regarding your personal data:

  • Right to access your data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restrict or object to processing.
  • Right to data portability.

To exercise any of these rights, contact us at yana@shvidlik.com.

6. Cookies & Tracking

We use only essential technical cookies necessary for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics that identify individual users. See our Cookies Policy for details.

7. Third-Party Services

We may use trusted third-party providers (e.g., Supabase for database hosting, email delivery services) to operate our platform. All providers are vetted for GDPR compliance and bound by data processing agreements.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

9. Contact Us

For privacy-related questions, data requests, or complaints, please contact us at yana@shvidlik.com.

Last updated: June 2026