Privacy Policy

Last updated: 28.04.2026

This document describes how we handle your personal data in compliance with GDPR.

Data Controller

TLDR;IT s.r.o.
IČO: 21317089
Lidická 700/19, Veveří, 602 00 Brno
E-mail: [email protected]

What Data We Process

  • Basic Google account profile (name, email, avatar)
  • Profile data you fill in yourself (gender, date of birth)
  • Your reviews, ratings and comments
  • Device geolocation (only if you allow it)
  • Anonymous analytics about site usage

Purpose of Processing

We process data to operate the service, personalize and improve user experience.

Legal basis of processing

  • Performance of contract (Art. 6(1)(b) GDPR): account management, identity verification, providing features (ratings, maps, profile).
  • Consent (Art. 6(1)(a) GDPR): geolocation, marketing emails, optional cookies. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f) GDPR): anonymized traffic analytics, abuse prevention.
  • Legal obligation (Art. 6(1)(c) GDPR): retention required for legal duties (e.g., accounting for paid features).

Recipients of data

We share data only with the following processors providing infrastructure for the service:

  • Hosting infrastructure (within the EU)
  • Transactional email delivery (Gmail / Google Workspace)
  • Map services (OpenStreetMap, Google Maps — for mobile)
  • Google OAuth2 (Google sign-in)
  • Object storage for photos and avatars (MinIO/S3, EU)

Transfers outside the EU/EEA

Some services (Google Maps, Google OAuth2, Gmail) may process data on servers outside the EU. Transfers rely on Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) and the EU-US Data Privacy Framework adequacy decision.

Cookies and similar technologies

The site uses only essential cookies; optional cookies (analytics) are activated only after consent in the cookie banner.

  • Essential cookies: session (JWT access/refresh tokens), CSRF protection, cookie consent record. Without them the service does not work. Legal basis: legitimate interest (§ 89 Czech ePrivacy Act).
  • Analytics cookies: traffic and behaviour measurement. Active only with your consent; can be revoked anytime.

Your Rights

You have the right to access, rectification, erasure, restriction of processing, portability and objection. See details and how to exercise them in GDPR.

Retention Period

Data is retained while your account is active. After account deletion, data is removed within 30 days.

  • Active account: as long as the account exists.
  • Reviews and comments after deletion: anonymized or removed within 30 days.
  • Security logs: 90 days.

Minors

The service is intended exclusively for persons aged 18 or over. We do not knowingly process personal data of minors. If you find that a minor has registered an account, contact us at [email protected] and we will delete the data immediately.

Automated decision-making

We do not perform automated decision-making or profiling with legal effects for users within the meaning of Art. 22 GDPR.

Complaint to a supervisory authority

If you believe processing breaches GDPR, you may file a complaint with the Czech Data Protection Authority (ÚOOÚ), uoou.cz.

Contact

E-mail: [email protected]

See also: Terms of Service · GDPR