Privacy Policy

Last updated: 02/25/2026

1. Data Controller

Slotivo, operated by Davor Čolić, is the data controller responsible for your personal data. Contact: slotivo.dev@gmail.com.

2. Data We Collect

We collect the following data: Account data (business name, owner name, email address, subdomain), Business data (services, employees, working hours, pricing, uploaded images and content), Customer data (names, email addresses, phone numbers of end customers who book through your Slotivo website), Booking data (appointment details, dates, times, service selections, booking status), Payment data (processed by Stripe — we do not store credit card numbers), Technical data (IP addresses, browser type, device information, access logs), and Communication data (support messages, chatbot interactions).

3. Sources of Data

We collect data directly from you when you register, configure your business, or contact support. Customer data is collected when end customers make bookings through your Slotivo-powered website. Technical data is collected automatically through server logs and cookies.

4. Purposes of Processing

We process your data to provide and maintain the Slotivo platform, create and host your business website, process bookings and send confirmations and reminders, manage your subscription and billing, provide customer support, send service-related notifications, improve the platform and fix issues, and comply with legal obligations.

5. Legal Basis

We process your data based on: Contract performance (providing the service you signed up for), Legitimate interest (improving the platform, preventing fraud, ensuring security), Consent (where required, such as for marketing communications or optional cookies), and Legal obligation (tax records, regulatory compliance).

6. Data Retention

Account and business data is retained for the duration of your subscription and for 30 days after account deletion. Booking data is retained for the duration of your subscription. Payment records are retained as required by tax law (typically 5-10 years). Server logs are retained for up to 90 days. You may request earlier deletion by contacting us.

7. Subprocessors

We use the following third-party services to provide Slotivo: Vercel (hosting and infrastructure, data stored in EU region), Stripe (payment processing), Twilio (SMS notifications), Resend (email delivery), and Neon/PostgreSQL (database hosting). A complete list is available on our Subprocessors page.

8. International Transfers

Some of our subprocessors may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the subprocessor's participation in recognized data protection frameworks.

9. Cookies and Analytics

Slotivo uses essential cookies for authentication and session management. Optional analytical cookies may be used to understand how the platform is used. You can manage your cookie preferences through the Cookie Settings page. See our Cookie Policy for details.

10. Security Measures

We protect your data with TLS/SSL encryption in transit, access controls and authentication, regular security updates, isolated tenant data (each business's data is logically separated), and automated backups. See our Security Policy for more details.

11. Your Rights

Under GDPR, you have the right to: Access your personal data, Rectify inaccurate data, Erase your data (right to be forgotten), Restrict processing, Data portability (receive your data in a standard format), Object to processing based on legitimate interest, and Withdraw consent at any time. To exercise any of these rights, contact slotivo.dev@gmail.com. We will respond within 30 days.

12. Data Export and Deletion

You can request a full export of your data or complete deletion of your account by contacting slotivo.dev@gmail.com. Exports are provided in a standard format. Account deletion is completed within 30 days, except where retention is required by law.

13. Right to Complain

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For users in Croatia, this is the Agencija za zaštitu osobnih podataka (AZOP), www.azop.hr.

14. Privacy Contact

For all privacy-related questions, contact: slotivo.dev@gmail.com.