Back

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Hrtly (“we”, “us”, “our”) collects, uses, and protects your personal data in compliance with GDPR and other applicable regulations.

1. Data Controller

The data controller for your personal data is Hrtly, available at https://hrtly.eu. For data protection inquiries, contact us at svjetaprace@gmail.com.

2. What Data We Collect

Hrtly collects only the minimum data necessary to operate the service:

  • Message content - Text, images and media you upload (stored temporarily max. 30 days)
  • Usage data - Anonymized analytics (view counts, devices)
  • Login data - If you sign in via Google: name, email, profile picture
  • Payment data - Processed by third party (Stripe), we don't have access to card numbers

3. Legal Basis (GDPR)

We process your data based on:

  • Contract fulfillment - To provide the message creation service
  • Legitimate interest - For service improvement and security
  • Consent - For marketing (if given)

4. How We Use Data

We use your data solely to provide the Hrtly service. We never sell or share your personal information with third parties for advertising purposes.

5. Data Retention & Deletion

  • Message content is automatically deleted after 30 days
  • Financial records are kept for legal period (min. 5 years)
  • Analytics data is anonymized and aggregated
  • You can request deletion at any time

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Right of access - Obtain a copy of your data
  • Right to rectification - Correct inaccurate data
  • Right to erasure - Request data deletion
  • Right to restriction - Restrict processing
  • Right to portability - Get data in machine-readable format
  • Right to object - Against processing based on legitimate interest

7. Cookies & Tracking

We only use essential cookies for the app to function (session, language preferences). We don't use advertising or third-party tracking cookies.

8. Security

We use industry-standard security measures (HTTPS, encryption, secure servers). Access to data is limited to necessary personnel only.

9. Third Parties

  • Stripe - Payment processing (PCI-DSS compliant)
  • Vercel - Hosting and infrastructure
  • Google - Sign-in (if you use it)

10. Children

The service is not intended for children under 16. We don't knowingly collect data from children.

11. Policy Changes

We will notify you of changes by updating this page. The last update date is shown at the top.

12. Contact

For privacy-related questions or to exercise your rights, contact us at:

Email: svjetaprace@gmail.com
Web: https://hrtly.eu

You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.