D.M. Nails Privacy Policy

This Privacy Policy explains how D.M. Nails ("the App," "we," "us," or "our") collects, uses, protects, and discloses information from users ("Users" or "you") of the D.M. Nails mobile application.

This App and its services are intended for users located in Serbia and Croatia.

1. Information We Collect

We collect information primarily to manage appointments, client data, user accounts, and communication.

A. Information You Provide Directly

• Identity and Contact Data: Email Address, First and Last Name, Phone Number (optional), Date of Birth (optional), and Password (securely hashed).
• Profile Data: Profile/Avatar Image and its metadata.
• Appointment Data: Title, Description, Start and End Date/Time, Status, Type, related User ID, Addon details, and External Client String.

B. Automatically Collected Data

• Authentication Tokens: Secure access and refresh tokens.
• Push Notification Tokens: Expo Push Tokens.
• Usage and Status Data: App language, last_seen, is_online.
• Device and Log Data: IP address, device type, OS version, unique identifiers, error logs.

C. Admin-Specific Data (Notes)

The App Administrator may store internal notes containing sensitive information, accessible only to the Administrator.

2. How We Use Your Information

• Providing and managing appointment scheduling
• Authentication and securing user access
• Sending notifications and communications
• Improving App performance and stability
• Complying with legal obligations

A. Legal Basis for Processing (Users in Serbia – ZZPL)

If you are located in Serbia, we process your personal data in accordance with the Serbian Law on Personal Data Protection (ZZPL). Legal bases include:

• Performance of a Contract
• Legitimate Interest (security, improvement)
• Legal Obligation (compliance with Serbian law)

B. Legal Basis for Processing (Users in Croatia – GDPR)

If you are located in Croatia, we process your personal data in accordance with the EU General Data Protection Regulation (GDPR). Legal bases include:

• Article 6(1)(b): Contract performance
• Article 6(1)(f): Legitimate interests
• Article 6(1)(c): Legal obligations
• Articles 46 & 49: Safeguards for international data transfers

3. Data Sharing and Disclosure

We do not sell personal data. We share information only with:

• Email Services: Brevo (Sendinblue)
• Database Hosting: PostgreSQL via Prisma and cloud providers
• Media Hosting: Cloudinary
• Push Notifications: Expo, FCM, APNs

Data may be disclosed to Serbian or Croatian authorities when legally required.

4. International Data Transfers

Your data may be stored or processed outside Serbia or Croatia. We apply safeguards consistent with ZZPL and GDPR, including encryption, contractual protections, and secure hosting standards.

5. Data Security

We use secure PostgreSQL + Prisma infrastructure, encryption for authentication data, cloud-based media protection, and access restrictions to protect your data. However, no system can guarantee absolute security.

6. Data Retention

• Account Data: Retained while your account is active.
• Deletion Requests: All personal data deleted within 30 days.
• Technical Logs: Retained for 1 year.
• Admin Notes: Deleted when no longer required.

7. Your Rights

A. Users in Serbia (ZZPL)

Users in Serbia have the right to access, correct, delete, restrict, object, and request data portability. Complaints may be filed with:

Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti
(The Commissioner for Information of Public Importance and Personal Data Protection)

B. Users in Croatia (GDPR)

Users in Croatia have rights under the GDPR, including:

• Access to data
• Correction
• Deletion (“right to be forgotten”)
• Restriction of processing
• Objection
• Data portability
• Withdrawal of consent

Complaints may be filed with:
Agencija za zaštitu osobnih podataka (AZOP)
Croatian Personal Data Protection Agency

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Users will be notified through the App or by email in case of significant updates.

9. Contact Us