Privacy Policy

Version 1.0 — Effective: April 13, 2026

I. Data Controller Information

Controller: kontaktik s. r. o.
S. H. Vajanského 5659/4, 940 02 Nové Zámky, Slovakia
Company ID (IČO): 56149778
Tax ID (DIČ): 2122216096
VAT ID (IČ DPH): SK2122216096
Registered in the Commercial Register of the District Court Nitra, Section Sro, File No. 62912/N
Contact: office@kontaktik.com
Designated DPO: None appointed, as current obligations do not require one.

II. Processing Principles

We follow lawfulness, transparency, data minimization, purpose limitation, accuracy, storage limitation, and integrity/confidentiality principles when handling personal information.

Data processing occurs only for:

• Service provision
• Account management
• Client communication
• Legal compliance
• Protection of legitimate interests

III. What Data We Collect

When you use kontaktik, we collect and process the following categories of personal data:

• Account information: Name, surname, email address, Apple ID identifier
• User-created content: Contacts (name, surname, phone number, email, notes), contact databases, tasks, and contact events that you create within the app
• Device contacts you choose to import: See section III.a below
• Technical data: IP addresses, device information, operating system, app version, and diagnostic logs

III.a Device Contacts

The kontaktik app can read your device's address book through Apple's Contacts permission, but only after you tap Import Contacts and grant the permission. We follow these rules:

• Explicit consent first. Before the first import, the app shows an in-app consent screen explaining that selected contacts will be uploaded to our servers. You must tap "I Understand, Continue" to proceed.
• Selection only. Only the specific contacts you tick and confirm are uploaded. We never upload your entire address book.
• Limited fields. For each selected contact, we upload only: first name, last name, phone number, and email address. We do not upload addresses, photos, birthdays, social profiles, notes, or any other Contacts fields.
• Purpose. Uploaded contacts are stored privately in your kontaktik account and synced across devices where you are signed in. They are used solely to power the app's CRM features for you.
• No sharing or selling. We do not share or sell device-contact data with third parties. We do not use it for marketing or advertising. We do not use it to invite, contact, or profile the people in your address book.
• Deletion. You can delete any imported contact at any time inside the app. Deleting your account permanently removes all imported contacts from our servers.

IV. Legal Bases for Processing

• Contract fulfillment (Article 6(1)(b) GDPR): Processing necessary to provide the kontaktik service, manage your account, and deliver app functionality
• Legal compliance (Article 6(1)(c) GDPR): Tax and accounting regulations
• Legitimate interests (Article 6(1)(f) GDPR): Platform security, fraud prevention, and service improvement
• Consent (Article 6(1)(a) GDPR): Marketing communications, where applicable

V. How We Use Your Data

Your personal data is used to:

• Create and manage your kontaktik account
• Sync your contacts, tasks, and activity data across your devices
• Send you reminders and notifications you have configured
• Provide customer support
• Process subscription payments (handled by Apple — we do not store payment details)
• Ensure security and prevent fraud
• Comply with legal obligations

VI. Data Sources

Information originates from:

• Direct provision by you (account creation, content you enter)
• Sign in with Apple authentication
• Automatic collection during app and platform use

VII. Data Recipients

Personal information may be shared with:

• Hosting and cloud service providers
• IT support and development vendors
• Error tracking and monitoring services (Sentry)
• Analytics providers (Google Analytics — website only)
• Accounting and legal advisors
• Public authorities when legally required

We do not sell your personal data to third parties.

VIII. International Transfers

We prioritize processing within the EU/EEA. Any third-country transfers comply with GDPR Article 46 mechanisms, including adequacy decisions or standard contractual clauses.

IX. Data Retention

• Account data: Duration of your account plus a reasonable protection period after deletion
• User-created content: Retained while your account is active; soft-deleted data is permanently removed within 90 days
• Tax and accounting records: As required by applicable law
• Support communications: Duration necessary for resolution
• Marketing data: Until consent withdrawal or objection

X. Automated Decision-Making

kontaktik does not make decisions based exclusively on automated processing with legal or similarly significant effects.

XI. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Access controls and user authentication (JWT tokens, Argon2 password hashing)
• Data transmission encryption (HTTPS/TLS)
• Operation logging and monitoring
• Regular system maintenance and updates
• Staff access restrictions

XII. Your Rights

Under the GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

XIII. Exercising Your Rights

Submit requests via office@kontaktik.com. We will respond within 1 month of receipt, extendable by 2 months for complex cases.

You can also delete your account and all associated data directly from the kontaktik app.

XIV. Supervisory Authority

Office for Personal Data Protection of the Slovak Republic
Park One Building, Námestie 1. mája 18, 811 06 Bratislava
Email: statny.dozor@pdp.gov.sk
Phone: +421 2 32 31 32 14

XV. Cookies and Analytics

Our website uses Google Analytics to understand visitor behavior. The kontaktik mobile app does not use cookies. For details on website cookies, refer to your browser settings to manage preferences.

XVI. Policy Updates

We may update this policy periodically. The current version is always available on our website and within the app. We will notify you of material changes.