Legal

PRIVACY POLICY

Version 1.0 · Last revised: 20 November 2025

How Poliro collects, uses, and protects your personal data while you enhance your jewelry photography.

This Privacy Policy explains how Kristijan Grozdanovski (“we”, “us”, or “our”) collects, uses, discloses and protects personal information when you use our website and services related to Poliro, including the website available at getpoliro.com and any associated applications or tools (collectively, the “Service”).

We are committed to protecting your privacy and complying with applicable data protection laws, including (where they apply) the EU/EEA General Data Protection Regulation (“GDPR”) , the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and the California Online Privacy Protection Act (CalOPPA) .

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Data Controller / Owner

The data controller responsible for your personal information is:

Name: Kristijan Grozdanovski

Role: Private individual (owner and operator of Poliro)

Location: Skopje, North Macedonia

Email: kristijan@getpoliro.com

If you have any questions about this Privacy Policy or our data practices, you can contact us at the email address above.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal information we process when you:

  • Visit or use our website or web application;
  • Create an account or log in (including via Google Login);
  • Subscribe to our newsletter or marketing communications;
  • Receive transactional or service-related emails from us;
  • Interact with our ads on third-party platforms (e.g., Google, Meta);
  • Communicate with us by email or otherwise.

This Privacy Policy does not apply to third-party websites, services, or applications that we do not control, even if they are linked from our Service.

3. Information We Collect

We only collect personal information that is relevant for providing and improving the Service, securing our systems, communicating with you, and complying with legal obligations.

3.1 Information You Provide Directly

When you use the Service, you may provide us with:

  • Account Information — first and last name, email address, and password (stored only as a hashed value, not in plain text).
  • Authentication & Security — email verification tokens and password reset tokens (stored only as hashed tokens with expiry timestamps for verification and security purposes).
  • Communications — content of emails or messages you send to us (e.g., support requests, feedback), and your preferences for receiving email notifications and newsletters.
  • Newsletter & Marketing Preferences — your email address and consent status if you choose to subscribe to marketing/newsletter emails, as well as your opt-in/opt-out preferences.

3.2 Information Collected Automatically

When you access or use the Service, certain information is automatically collected, including through cookies and similar technologies (such as localStorage, web beacons, and scripts). This includes:

  • Usage and Log Data — IP address, browser type and version, operating system, device information, date and time of access, pages viewed, time spent on pages, clickstream data, and referring URLs. These data may be collected by us directly or via third-party tools such as Google Analytics, Microsoft Clarity, and Sentry.io.
  • Cookies and Local Storage — we use:
    • Strictly necessary cookies and localStorage entries to keep you logged in, manage sessions, and store security tokens (such as access tokens and refresh tokens) used to authenticate your requests.
    • Preference cookies/localStorage to remember choices (e.g., language or UI settings).
    • Analytics and performance cookies to understand how users interact with the Service and improve it.

3.3 Information from Third Parties

  • Google Login — if you sign in with Google Login, Google will share with us certain information about you, usually including your name and email address. We use this information to create and manage your account and to authenticate you.
  • Analytics, Monitoring & Error Reporting Providers — we use: Google Analytics to measure traffic and usage patterns, Microsoft Clarity to understand user interactions (e.g., heatmaps, session recordings, click behavior), and Sentry.io for error monitoring and performance tracking (which may include contextual information such as your email and technical data used for debugging).
  • Advertising Platforms (Off-site) — we may run ads on platforms like Google and Meta (Facebook/Instagram). When you interact with those ads, those platforms may collect information in accordance with their own privacy policies. We may receive aggregated or anonymized campaign statistics but do not receive your password or detailed personal content from those platforms.

4. How We Use Your Information

We use personal information for the following purposes:

  • To Provide and Operate the Service — create and manage user accounts; authenticate users and manage sessions (including via tokens stored on the client side); and provide core functionality of Poliro.
  • To Communicate with You — send transactional and service-related emails (e.g., registration, login alerts, email verification links, password reset links, changes to terms or policies), and respond to inquiries and support requests.
  • Email Notifications and Newsletter — send you optional newsletters or marketing communications (only if you have subscribed or where otherwise permitted by law). You can unsubscribe at any time.
  • Security and Fraud Prevention — protect the Service, our infrastructure, and users from unauthorized access, fraud and abuse, and maintain logs and audit trails for critical operations and account changes.
  • Analytics and Service Improvement — analyze usage trends to improve features, performance, and user experience, and debug errors and optimize performance using tools like Sentry, Google Analytics, and Microsoft Clarity.
  • Legal Compliance and Enforcement — comply with legal obligations and enforce our Terms of Service and protect our legal rights.

5. Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases to process your personal data:

  • Contract Performance — to register you as a user, provide you with the Service, maintain your account, and provide customer support.
  • Consent — for sending newsletter/marketing emails where required; for the use of certain cookies and similar technologies where consent is required by law; and for Google Login or other third-party sign-in, to the extent this involves your choice to use that provider.
  • Legitimate Interests — where necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, such as maintaining and improving the Service, protecting against fraud and abuse, and preventing misuse of our systems.
  • Legal Obligation — where we must process data to comply with applicable laws and regulations or respond to lawful requests by public authorities.

You can withdraw consent at any time where we rely on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

6. Cookies and Similar Technologies

We use cookies, localStorage, and similar technologies to keep you logged in and maintain session security, remember your preferences, and perform analytics and measure how the Service is used.

You can control cookies via your browser settings and, where required, via any cookie banner or consent management tool we provide. If you disable certain cookies, some features of the Service may not work properly.

Do Not Track (CalOPPA)

Some browsers offer a “Do Not Track” (DNT) signal. There is currently no universally accepted standard on how to respond to DNT signals, and our Service does not currently respond to these signals. We will revise this practice if and when a standard is established.

7. How We Share Your Information

We do not sell your personal information. We share personal information only in limited circumstances:

  • Service Providers (Processors) — we use trusted third parties to help us operate and improve the Service, including hosting/infrastructure providers, email service providers, analytics and monitoring providers (Google Analytics, Microsoft Clarity, Sentry.io), and security and logging providers. These service providers are only allowed to use personal information as needed to perform services on our behalf and are required to protect it appropriately.
  • Legal and Compliance — we may disclose personal information where required by law or reasonably necessary to comply with legal obligations, respond to lawful requests, or protect our rights, privacy, safety, or property and that of our users or the public.
  • Business Transfers — if we are involved in a merger, acquisition, asset sale, or other corporate transaction, your information may be transferred as part of that transaction, subject to continued protection consistent with this Privacy Policy.
  • With Your Consent — we may share your information with third parties if you explicitly consent to such sharing.

We do not disclose your password in plain text under any circumstances; passwords are stored only as secure hashes.

8. International Data Transfers

We are based in North Macedonia, and we may process and store your information there and in other countries, including where our service providers are located (for example, in the European Union or the United States).

If you are located in the EU/EEA, UK, or other regions with laws governing data collection and use, please note that we may transfer your information to countries that may not provide the same level of data protection as your home jurisdiction.

Where required by law, we will take appropriate steps to ensure that adequate safeguards (such as standard contractual clauses approved by the European Commission) are in place to protect your personal data when it is transferred internationally.

9. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

  • For as long as your account is active or as needed to provide the Service;
  • For security logs and audit trails, for as long as needed for security and compliance;
  • For verification and password reset tokens, only until they expire or are consumed;
  • For legal, accounting, and reporting requirements, as required by law.

When we no longer need personal information, we will delete it or anonymize it. In some cases, we may need to retain certain information for a longer period if required by law or to protect our legal interests.

10. Security

We take appropriate technical and organizational measures to protect personal information against unauthorized access, loss, misuse, alteration, or destruction, including:

  • Storing passwords using strong cryptographic hashing (e.g., bcrypt);
  • Using security tokens (such as JWTs) with limited lifetimes;
  • Using encryption for sensitive data in transit (e.g., HTTPS/TLS);
  • Implementing access controls and logging of critical operations.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

11. Your Rights (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, you have the following rights in relation to your personal data, subject to certain conditions and limitations:

  • Right of Access — to obtain confirmation as to whether we process your personal data and, if so, to access it.
  • Right to Rectification — to have inaccurate or incomplete personal data corrected.
  • Right to Erasure (“Right to be Forgotten”) — to request deletion of your personal data in certain circumstances.
  • Right to Restriction of Processing — to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability — to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.
  • Right to Object — to object to processing based on our legitimate interests or for direct marketing.
  • Right to Withdraw Consent — to withdraw consent at any time where processing is based on your consent, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at kristijan@getpoliro.com . We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data infringes applicable law.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have specific rights under the California Consumer Privacy Act (as amended by the CPRA), including:

  • Right to Know — to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share that information.
  • Right to Delete — to request deletion of personal information we have collected about you, subject to certain exceptions.
  • Right to Correct — to request that we correct inaccurate personal information we hold about you.
  • Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights (for example, by denying services or charging different prices).
  • Right to Opt-Out of Sale/Sharing — we do not sell your personal information and do not share it for cross-context behavioral advertising as those terms are defined by the CCPA/CPRA. Therefore, we do not provide a “Do Not Sell or Share My Personal Information” link.

CCPA Categories of Personal Information

In the last 12 months, we may have collected (for the purposes described above) the following categories of personal information:

  • Identifiers — name, email address, account ID, IP address;
  • Internet or other electronic network activity information — usage and log data, device information, browser type, pages visited;
  • Geolocation data — approximate location inferred from IP address;
  • Inferences — derived information used to improve the Service (e.g., usage patterns).

We disclose these categories of information to our service providers solely for the business purposes described in this Privacy Policy (e.g., hosting, analytics, email delivery, security monitoring).

To exercise your CCPA/CPRA rights, you or your authorized agent may contact us at kristijan@getpoliro.com . We may need to take reasonable steps to verify your identity and request.

13. Children’s Privacy

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any personal information.

If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete such information as soon as possible.

If you believe that a child under 13 has provided us with personal information, please contact us at kristijan@getpoliro.com .

14. Email Communications and Newsletter

We may send you the following types of emails:

  • Transactional / Service Emails (Required) — these include emails necessary for the functioning of the Service, such as registration and account confirmation, email verification messages, password reset emails, and important service or security notifications. You generally cannot opt out of transactional emails, as they are necessary for the Service.
  • Newsletter / Marketing Emails (Optional) — with your consent or where otherwise permitted by law, we may send you newsletters, product updates, and promotional information. You may unsubscribe at any time using the “unsubscribe” link in our emails or by contacting us.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will notify you by updating the “Last updated” date at the top of this Policy and, where appropriate, by additional notice (such as prominently posting a notice on our website or sending you an email).

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised Policy.

16. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our handling of your personal information, you can contact us at:

Email: kristijan@getpoliro.com