PRIVACY POLICY (GDPR)

Last updated: 2026-03-14

1. Data Controller

The controller of your personal data is VXN Marcin Gański, NIP: 589-188-66-04, REGON: 221944780, based at ul. Myśliwska 33F lok. 125, 80-283 Gdańsk, Poland. For any data protection inquiries, please contact: hello@klasovo.pl.

2. What data do we process and why?

• Providing the service (registration and login): Email address, name (or pseudonym), hashed password, and social media identifiers (if applicable). (Legal basis: Performance of a contract).
• Communication and Notifications: Device tokens (FCM) for Push notifications, email address for verification codes. (Legal basis: Performance of a contract / Legitimate interest).
• Group Data (UGC): Post content, polls, comments, children's names, fundraiser status, and photos. We process this data on your behalf solely for the technical maintenance of the Application.
• Analytics and App Improvement: Anonymous usage data. (Legal basis: Legitimate interest).

3. Data Recipients and Transfer outside the EEA

To operate the Application, we use trusted providers:

• Contabo GmbH: Database and API server hosting (EEA).
• home.pl S.A.: Email infrastructure (Poland).
• Google, Apple, Meta: Social login, analytics, and Push notifications. Transfers to the US are based on Standard Contractual Clauses (SCC) or the Data Privacy Framework.

4. Data Security (Privacy by Design)

Passwords and critical data in the database are cryptographically encrypted. Searching for sensitive data is done using blind indexes, minimizing the risk of exposure in the event of a security breach.

5. Your Rights

Under the GDPR, you have the right to:

• Access your data and obtain a copy.
• Rectify (correct) your data.
• Erase your data (the right to be forgotten) – available directly in the App Settings.
• Restrict processing or object to processing.
• Lodge a complaint with a supervisory authority (e.g., the President of the Personal Data Protection Office in Poland).

6. Data Retention

We store your data until you delete your account in the Application. Upon deletion, your authentication data is permanently removed, and the content you generated (posts, photos) may be anonymized (assigned to a "Deleted User" account) to maintain the integrity of communication history for other Class members.