Privacy Policy
Effective date: October 4, 2025
This Policy explains how we collect, process and protect the personal data of DivKids app users.
1. Purpose of the policy
This Policy explains how we collect, process and protect the personal data of DivKids app users.
2. What data we collect
We process only the data necessary to provide the service: Account data: email address, password (encrypted), Application data: information about children, expenses and meetings – only the information you enter yourself, Technical data: IP address, server logs, cookies, device identifiers, Payment data: processed exclusively by Stripe, our payment processor – DivKids does not store credit card data, User consent data: information about consent to purchase terms, consent to immediate activation of the digital service and waiver of the 14-day withdrawal right (Article 38(1)(13) of the Consumer Rights Act), date and time of consent (timestamp) and IP address – for record-keeping purposes.
3. Purposes and legal basis for processing
Your data is processed for: Providing application services – art. 6 para. 1 lit. b GDPR (contract performance), Accounting and bookkeeping – art. 6 para. 1 lit. c GDPR (legal obligation), Security and fraud prevention – art. 6 para. 1 lit. f GDPR (legitimate interest), User support and system notifications – art. 6 para. 1 lit. f GDPR, Marketing and analytics on the marketing page – art. 6 para. 1 lit. a GDPR (consent), Documenting consents and transactions – art. 6 para. 1 lit. c GDPR (legal obligation related to consumer rights provisions and transaction settlement).
4. Data controller
The controller of the personal data of DivKids app users is: Kamil Maćkiewicz ul. Mieszka I 23a/13 44-194 Knurów, Poland E-mail: privacy@divkids.com Activity conducted as unregistered business activity under art. 5 para. 1 of the Entrepreneurs' Law Act.
5. Data sharing
We do not sell personal data. Data may be shared only with: technical service providers (hosting: Contabo/Vercel, database, Upstash), Stripe, our payment processor, email service providers (e.g. Postmark/SendGrid), public authorities – only when required by a lawful order.
6. Data transfer outside the EEA
Some providers (e.g. Stripe, Vercel) are based outside the EEA. In such cases we apply: standard contractual clauses approved by the European Commission, additional security measures (encryption, data minimization).
7. Retention period
Account data and data entered into the application – until account deletion, Accounting data – in accordance with legal requirements (min. 5 years), Backup copies – max. 30 days, Analytics data (cookies) – max. 24 months.
8. Your rights (EU/UK)
You have the right to: access your data, rectify or complete it, erase it ("right to be forgotten"), restrict processing, data portability, object to processing, lodge a complaint with the President of the Personal Data Protection Office (UODO).
9. Rights of users outside the EU
California (CCPA): the right to know what data is collected and the right to delete data. We do not sell data. Australia / Canada: we apply the GDPR standard as a reference point.
10. Cookies and analytics
On the marketing page we use cookies for: analytics purposes (Google Analytics), functional purposes (remembering language preferences), marketing purposes (e.g. Meta Pixel, if active). Users can disable cookies in browser settings.
11. Data security
SSL/TLS encrypted connections, passwords stored in hashed form (bcrypt), limited administrative access, regular backups.
12. Liability
We exercise due diligence in data protection, but do not guarantee 100% security of Internet transmission. We are not responsible for damages resulting from the user providing false data. We are not responsible for unauthorized use of the account if the user discloses their login credentials.
13. Policy changes
We may change this Policy. We will notify you of significant changes by email at least 30 days in advance.
14. Contact
For privacy-related matters, please contact: privacy@divkids.com