Privacy Policy

This policy explains how Zlita processes your personal data under the EU General Data Protection Regulation (GDPR) and Slovenia's ZVOP-2.

Who we are

The data controller is Miha Svetličič (Zlita), reachable at privacy@zlita.si. Zlita is a personal project operated from Slovenia.

What we collect

• Account: name, email, password (hashed by our auth provider).
• Profile: display name, city/district, country, age range (and optional birth year), gender, sports and levels, and any optional bio, goals, languages, and training times you add.
• Activity: sessions you create or join, requests, and chat messages.

Why we process it (lawful bases)

• Contract (Art. 6(1)(b)): to run the core service — matching you with training partners, sessions, requests, and chat.
• Consent (Art. 6(1)(a)): optional product-update emails. You can withdraw consent anytime in Settings.
• Legitimate interests (Art. 6(1)(f)): abuse prevention, rate limiting, and basic security.

Who can see your data

Other signed-in members can see your public profile (display name, avatar, bio, city/district, country, age range, gender, experience). Your real first and last name, exact birth year, and contact details are not shown to other members.

Processors & hosting

We use Supabase (database, auth, realtime) hosted in Frankfurt (eu-central-1), Vercel (application hosting), and Resend (transactional email). Data is processed within the EU.

Retention & your rights

You can access, export, and delete your data. Deleting your account removes your personal data (chat history is retained but de-identified as “deleted user”). You have the right to access, rectify, erase, restrict, port, and object — contact privacy@zlita.si or use Settings.

Cookies

We use only essential cookies required to keep you signed in. No advertising or third-party tracking cookies are used, so no consent banner is required.