Privacy Policy
Effective date: October 4, 2025
This Policy describes the principles of collecting, processing and protecting personal data of DivKids application users.
1. Purpose of the policy
This Policy describes the principles of collecting, processing and protecting personal data of DivKids application users.
2. What data we collect
We process only data necessary to provide the service: Account data: email address, password (encrypted), Application data: information about children, expenses, meetings – only those you enter yourself, Technical data: IP address, server logs, cookies, device identifiers, Payment data: processed exclusively by Stripe operator – DivKids does not store credit card data, User consent data: information about consent to purchase terms, consent to immediate activation of digital service and waiver of 14-day withdrawal right (Article 38(1)(13) of Consumer Rights Act), date and time of consent (timestamp) and IP address – for evidential purposes.
3. Purposes and legal basis for processing
Your data is processed for: Providing application services – art. 6 para. 1 lit. b GDPR (contract performance), Accounting and bookkeeping – art. 6 para. 1 lit. c GDPR (legal obligation), Security and fraud prevention – art. 6 para. 1 lit. f GDPR (legitimate interest), User support and system notifications – art. 6 para. 1 lit. f GDPR, Marketing and analytics (marketing page) – art. 6 para. 1 lit. a GDPR (consent), Documenting consents and transactions – art. 6 para. 1 lit. c GDPR (legal obligation related to consumer rights provisions and transaction settlement).
4. Data controller
The controller of personal data of DivKids application users is: Kamil Maćkiewicz ul. Mieszka I 23a/13 44-194 Knurów, Poland E-mail: privacy@divkids.com Activity conducted in the form of unregistered activity based on art. 5 para. 1 of the Entrepreneurs' Law Act.
5. Data sharing
We do not sell personal data. Data may be shared only with: technical service providers (hosting: Contabo/Vercel, database, Upstash), Stripe payment operator, email service providers (e.g. Postmark/SendGrid), state authorities – only if there is a legal order.
6. Data transfer outside the EEA
Some providers (e.g. Stripe, Vercel) are based outside the EEA. In such cases we apply: standard contractual clauses approved by the European Commission, additional security measures (encryption, data minimization).
7. Retention period
Account data and data entered into the application – until account deletion, Accounting data – in accordance with legal requirements (min. 5 years), Backup copies – max. 30 days, Analytics data (cookies) – max. 24 months.
8. Your rights (EU/UK)
You have the right to: access to your data, rectification or completion, erasure ("right to be forgotten"), restriction of processing, data portability, object to processing, lodge a complaint with the President of UODO.
9. Rights of users outside the EU
California (CCPA): right to information about what data is collected and right to delete data. We do not sell data. Australia / Canada: we apply GDPR standard as a reference point.
10. Cookies and analytics
On the marketing page we use cookies for: analytics purposes (Google Analytics), functional purposes (remembering language preferences), marketing purposes (e.g. Meta Pixel, if active). Users can disable cookies in browser settings.
11. Data security
SSL/TLS encrypted connections, passwords stored in hashed form (bcrypt), limited administrative access, regular backups.
12. Liability
We exercise due diligence in data protection, but do not guarantee 100% security of Internet transmission. We are not responsible for damages resulting from the user providing false data. We are not responsible for unauthorized use of the account if the user discloses their login credentials.
13. Policy changes
We may change the Policy. We will inform about significant changes by email at least 30 days in advance.
14. Contact
For privacy protection matters, please contact: privacy@divkids.com