Prvi Zalogaj

Privacy Policy

Last updated: May 4, 2026

1. Introduction

Adapt IT (“we”, “us”, or “our”) operates the Prvi zalogajmobile application (the “App”) and the website at https://prvizalogaj.com(the “Site”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By downloading or using the App you agree to this Privacy Policy. If you do not agree, do not use the App.

2. Data We Collect

2.1 Data stored locally on your device

The App stores the following data exclusively on your device using the Hive local database. This data is never transmitted to us:

  • Language and dietary preferences (vegetarian, vegan, gluten-free, dairy-free, meat preferences)
  • Favourite recipes and cooking history
  • Meal plan calendar entries
  • Active cooking session state (for session persistence across app restarts)
  • IAP retry queue (encrypted purchase receipts queued for re-verification on network recovery)

2.2 In-App Purchase receipts

When you make a purchase, the App sends the purchase receipt issued by Apple or Google to our verification backend at api.prvizalogaj.com. We store only:

  • The purchase receipt token (a cryptographic identifier issued by Apple or Google)
  • The product ID purchased
  • The entitlement state (active / expired)
  • Timestamps of purchase and last verification

We do not store your name, email address, payment card details, or any personal identifier. The receipt token is an opaque string; we cannot derive personal information from it.

3. Data We Do Not Collect

  • No analytics, advertising identifiers, or tracking pixels
  • No crash reporting services with personal identifiers
  • No third-party SDKs that collect behavioural data
  • No location data
  • No camera or microphone access
  • No contact list or other device data

4. Purpose of Processing

We process the limited data described above for the following purposes:

  • Purchase verification: to confirm your entitlement to paid content and prevent fraud (legitimate interest / contract performance).
  • Entitlement persistence: to restore your purchases across reinstalls on the same account (contract performance).

5. Data Retention

Local device data is retained until you uninstall the App or clear its data. IAP entitlement records on our backend are retained for as long as your purchase remains valid plus a 90-day buffer to support restore requests. You may request earlier deletion; see Section 9.

6. Third Parties

We share data only with the following parties, and only as described:

  • Apple Inc.— to verify iOS purchases via Apple App Store Server API. Apple’s privacy policy: apple.com/privacy
  • Google LLC— to verify Android purchases via Google Play Developer API. Google’s privacy policy: policies.google.com/privacy
  • Fly.io, Inc. — infrastructure provider hosting our verification backend in the EU (Frankfurt region). Fly.io does not access application data. Privacy policy: fly.io/legal/privacy-policy

We do not sell, rent, or share personal data with advertisers or data brokers.

7. Children's Privacy

The App is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

8. Security

Our backend is deployed with TLS encryption in transit and uses parameterised queries against a SQLite database in WAL mode. Purchase receipts are stored as received from Apple and Google and are not further transmitted. We apply rate limiting and bearer-token authentication on all verification endpoints.

9. Your GDPR Rights

If you are located in the European Economic Area, you have the following rights regarding personal data we hold about you (i.e., IAP entitlement records):

  • Access — request a copy of the data we hold about your purchase receipts.
  • Erasure — request deletion of your entitlement record. This will invalidate any active entitlements tied to that record.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Complaint — lodge a complaint with your local supervisory authority (in Croatia: AZOP — azop.hr).

To exercise any of these rights, email us at info@adapt-it.agencywith the subject line “GDPR Request”. We will respond within 30 days.

10. Google Play — Data Safety Declaration

This section maps to the Google Play Data Safety form:

  • Data collected: Purchase history (receipt tokens) — required for core functionality, not encrypted beyond TLS, not shared with third parties beyond verification APIs listed above.
  • Data not collected: Personal info, location, contacts, messages, photos/videos, audio, files, app activity beyond purchases, web browsing, app info/performance beyond what the OS provides to the app.
  • Security practices: Data is encrypted in transit. Users can request deletion.
  • Children: App does not target children.

11. Apple App Store — App Privacy Nutrition Labels

For Apple’s App Privacy section:

  • Data Not Linked to You: Purchase receipts (anonymous tokens) used solely for purchase verification.
  • Data Not Collected: All other categories (contact info, health, financial, location, sensitive info, contacts, user content, browsing history, identifiers, diagnostics).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or requests, contact:
Adapt IT
Bregovita ulica 7, 10292 Harmica, Croatia
Email: info@adapt-it.agency