This Privacy Policy explains how Gvardix, operated by Terminal One d.o.o. ("we", "us", or "our"), collects, uses, stores, and protects personal data when you use the Gvardix application and gvardix.com (the "Service"). We process personal data in line with the EU General Data Protection Regulation (GDPR) where it applies. Use of the Service is also governed by our Terms of Service.

Terminal One d.o.o., operating the Gvardix brand, is the controller of personal data described in this Privacy Policy. Contact: privacy@gvardix.com.

Account data: name, email address, language, account settings, and authentication data from email magic links, Google Sign-In, or Sign in with Apple when you use those options.

Property and cadastre data: parcel numbers, cadastral municipality, property type, living area, saved properties, and related metadata you submit for parcel lookup, portfolio features, or Property Guardian.

Content and AI data: chat messages, uploaded images and project files, Archviz inputs and outputs, document review submissions, generation status, timestamps, and related metadata needed to provide the Service.

Payment data: payments are processed by Stripe. We receive transaction identifiers, plan or pack purchased, amount, currency, payment status, subscription status, and related billing metadata. We do not receive or store full card numbers.

Location data: with your permission, approximate device location to show your position on the parcel map.

Technical and usage data: device type, browser, operating system, IP address, push notification tokens where enabled, timestamps, error reports, logs, security events, and basic usage data needed to operate, protect, debug, and improve the Service.

We use personal data to provide the Service, authenticate users, process parcel and plan queries, generate AI responses and images, operate Property Guardian alerts, deliver credits and subscriptions, process payments, send service emails, prevent fraud and abuse, improve reliability, respond to support requests, and comply with legal obligations.

If you subscribe to Property Guardian and add properties, we use your email address and saved property data to send alerts about public hearings, plan changes, or other items we identify as relevant. You can remove properties or cancel your subscription in the app.

Contract: processing needed to provide the Service you request. Legitimate interests: security, fraud prevention, debugging, analytics, and product improvement, balanced against your rights. Consent: where required, such as optional marketing, location access, or certain cookies. Legal obligation: when we must retain or disclose data by law.

We share data with trusted service providers only as needed to operate the Service. These may include Supabase for database and authentication, Stripe for payments, email delivery providers, cloud hosting providers, map providers, AI model providers, storage and media delivery providers, and analytics or monitoring tools.

These providers process data under our instructions and appropriate safeguards. We do not sell your personal data.

Some service providers may process data outside the European Economic Area (EEA). Where this happens, we rely on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms required by applicable data protection law.

We keep account data while your account is active and for a limited period afterward where needed for legal, tax, security, fraud-prevention, dispute, or backup purposes. Payment and transaction records may be retained as required by law.

Uploaded files and generated media may be kept only temporarily unless we expressly state otherwise in the Service. You may delete your account in Settings; we then delete or anonymise personal data unless retention is required by law or necessary for legitimate security, fraud-prevention, or dispute purposes.

Where GDPR applies, you may request access, rectification, erasure, restriction, portability, or object to certain processing. You may withdraw consent where processing is consent-based. You may also lodge a complaint with your local supervisory authority.

To exercise your rights, contact privacy@gvardix.com or use gvardix.com/settings/contact. We respond within one month where required by law.

We use encryption in transit, access controls, limited access permissions, and industry-standard practices to protect data. No method of transmission or storage is 100% secure, so you should protect your account, devices, and access credentials.

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. Contact us if you believe we have done so.

We may update this Privacy Policy from time to time. The "Last updated" date will change when we do. Material changes will be communicated in-app or by email where appropriate. Continued use of the Service after changes means you accept the updated policy.

Privacy questions or requests: privacy@gvardix.com. Terms of Service: gvardix.com/settings/terms-of-service.