Effective date: December 01, 2025

1. Who we are
Controller: LT Studio s.r.o.
Company ID (IČO): 56 839 910
Registered seat: Uralská 1405/9, Košice – mestská časť Nad jazerom, 040 12, Slovak Republic
Data protection contact: info@grannysquaredesigner.com
Support contact: support@grannysquaredesigner.com

2. Scope of this notice
This Privacy Policy explains what personal data we process when you use the Granny Square Designer mobile application and related websites, for which purposes, on what legal bases, for how long, to whom we disclose data, and what rights you have.

You can explore certain basic features of the app without creating an account. Some functions (for example PDF export or paid subscriptions) require registration and an email address.

We do not collect emails for marketing and we do not send newsletters. We only send essential service or safety notices where strictly necessary.

3. Data we process
Account and identifiers
If you choose to create an account, we process your email address (used for account administration, login and support; not for newsletters) and our internal user ID. Account creation and login are verified via email verification.
You can try the app without creating an account; in that case we do not associate your usage with an email address until you register, but we still process technical and usage data as described below.

Profile settings
App interface language and craft preferences you choose:

• App languages currently available: Slovak (SK), Czech (CZ), English (EN – UK/US), German (DE), French (FR), Spanish (ES), Italian (IT), Polish (PL), Hungarian (HU).
• Crochet terminology: SK, CZ, US, UK, DE, FR, ES, IT, PL, HU.
• Measuring system: metric or imperial.

Subscription/purchase identifiers
From Apple App Store or Google Play to activate features.

App usage data and analytics events
Saved designs, settings and preferences (e.g., colours), and in-app actions necessary to provide the service (for example which squares you add to a project, your chosen yarn options, or when you export a PDF).
We also collect pseudonymous analytics events about how the app is used (such as screen views, feature usage, button taps, session duration, device and app version information) via analytics tools (see sections 4 and 6).

Technical data
IP address, device and OS information, app version, timestamps, diagnostics and security logs (anti-abuse, reliability), crash data and performance data.

Subscription and in-app purchase data
Purchase/renewal date and time, product/plan type, subscription status, country/currency, transaction identifier/token, refund or cancellation status. We do not receive card numbers or CVC from Apple or Google.

Support communications
Emails, attachments and metadata you send to our support, handled only to resolve your request.

Sources of data
We obtain data primarily from you during use of the app. Technical data and analytics events are generated automatically. Purchase/verification information may be received from Apple and Google. Limited app events and device identifiers may be received by our analytics and advertising partners when we run install campaigns (see sections 4 and 6).

4. Purposes and legal bases
We process data for the following purposes:

Providing the service and app features, user account and content
To operate the app, save your designs and preferences, provide PDF export and other core functionality.
Legal basis: contract — GDPR Art. 6(1)(b).

Managing subscriptions, purchases and unlocking paid features
To verify purchases via Apple App Store / Google Play, unlock paid plans and handle refunds.
Legal basis: contract — Art. 6(1)(b).

Analytics, product improvement and campaign measurement
To understand how the app is used (for example which screens and features are popular, aggregate statistics), improve stability and performance, and measure the effectiveness of our app-install and subscription campaigns.
For this we use privacy-friendly analytics and measurement tools (currently including Google Firebase Analytics and platform install attribution such as Apple/Google, and, where used, advertising SDKs such as Meta SDK).
Legal basis: legitimate interests — Art. 6(1)(f).

Where platform rules or laws require your consent for the use of advertising identifiers or cross-app tracking (for example Apple’s App Tracking Transparency), we rely on your consent for that specific tracking. Legal basis: consent — Art. 6(1)(a). You can withdraw this consent at any time in your device settings; we will respect your choice. We may still process limited aggregated or technical data that do not rely on these identifiers.

Accounting and tax compliance, including VAT/DPH records
To comply with legal obligations regarding bookkeeping, tax and invoicing.
Legal basis: legal obligation — Art. 6(1)(c).

Security, fraud prevention, diagnostics and service quality
To protect the service against abuse, detect incidents, investigate crashes and ensure reliability.
Legal basis: legitimate interests — Art. 6(1)(f).

Support communications
To answer your questions and handle your requests.
Legal basis: contract / legitimate interests (Art. 6(1)(b) or (f)), depending on the request.

We do not send marketing emails or newsletters.

Platform-level tracking controls
On iOS, we use Apple’s App Tracking Transparency (ATT) framework where required. This means the system will ask for your permission before we use the device’s advertising identifier for tracking across apps and websites owned by other companies. You can change this decision at any time in your device settings (Settings → Privacy & Security → Tracking).
On Android, you can reset or limit your advertising ID and personalised ads in your Google account or device settings.

5. Retention
Account/service data
For the duration of your account and up to 24 months after last activity to protect our rights and ensure diagnostics, unless a longer period is required by law or to resolve a dispute.

Technical/security logs
Typically 90–180 days, unless longer is required due to an incident or legal obligation.

Support communications
Up to 24 months after the case is closed.

Transactions and accounting records
For periods required by law (generally up to 10 years in Slovakia).

6. Recipients (who we share data with)
We do not sell your data. We share data only where necessary and with appropriate safeguards:

Hosting and infrastructure providers (processors)
Only what is necessary to run and secure the service. JPsoftware, Slovak Republic (EU). Primary data hosting in Slovakia; backups stored within the EU.

Analytics and performance tools (processors)
We use analytics and diagnostic tools such as Google Firebase (Google Ireland Limited / Google LLC) to collect aggregated statistics, analytics and crash/diagnostic data. These providers process technical and usage data on our behalf under data processing agreements. Where possible, we use pseudonymisation and aggregation.

Advertising and campaign measurement partners (independent controllers)
When we run advertising campaigns for Granny Square Designer, we may share limited app events and device identifiers with advertising platforms (for example Meta Platforms Ireland Limited / Meta Platforms, Inc.) to measure installs, subscriptions and campaign performance and to optimise our ads. These partners act as independent controllers for their part of the processing and handle the data in accordance with their own privacy notices. You can control such tracking via in-app prompts (e.g. ATT) and your device/ad settings.

Apple App Store and Google Play
Independent controllers for payments; they share only purchase metadata/tokens with us, never full card details.

Accounting/tax advisor
Ekonom Košice s. r. o., Slovak Republic — acting as an independent controller for statutory bookkeeping and tax compliance. We share accounting records (revenues from Apple and Google) only to the extent necessary. Retention: as required by law (typically up to 10 years).

Public authorities
Only where required by law or necessary to protect our rights.

Support
Handled directly via email (support@grannysquaredesigner.com); we do not use third-party helpdesk/CRM tools.

7. International transfers
Our primary hosting and main processors (such as JPsoftware) are located in the EU/EEA. However, some of our service providers are part of global groups and may process data, or allow access to data, from countries outside the EU/EEA and UK (for example Google Firebase and certain advertising/measurement partners such as Meta Platforms, which may involve processing in the United States or other countries).

Where such transfers occur, we use appropriate safeguards, such as:

• adequacy decisions of the European Commission (where applicable), and/or
• standard contractual clauses approved by the European Commission, combined with additional technical and organisational measures.

You can contact us if you would like more information about these safeguards.

8. Security
We apply appropriate technical and organisational measures, including encryption in transit, access controls, audit logs and backups. No system is 100% secure, but we minimise data and continuously improve protection. We do not store full card details.

9. Your rights
You have the right to:

• access your personal data,
• request rectification,
• request erasure,
• request restriction of processing,
• data portability (where technically feasible), and
• object to processing (especially processing based on legitimate interests, including analytics or campaign measurement).

Where we rely on consent (for example certain forms of tracking or platform permissions), you can withdraw it at any time via your device settings or by contacting us. We currently do not rely on consent for email marketing, because we do not send newsletters.

You also have the right to lodge a complaint with a supervisory authority.

We respond without undue delay and within one month (extendable by two months where necessary; we will inform you). Requests can be sent to info@grannysquaredesigner.com or support@grannysquaredesigner.com.

Supervisory authority: Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR), Hraničná 12, 820 07 Bratislava 27, Slovak Republic — https://www.dataprotection.gov.sk

10. Children and minimum age
The app is intended for users aged 13+ and is not directed to children. If you believe a child provided us with data contrary to this policy, contact us at info@grannysquaredesigner.com and we will take appropriate steps, including deletion.

11. Cookies and similar technologies
Website cookies
On our website we use only essential technical cookies. Marketing email tracking is not used because we do not send newsletters.

Website analytics
We currently do not use any analytics tools on the website. If we introduce privacy-friendly analytics in the future, we will update this notice and, where required, obtain consent first.

In-app analytics and identifiers
In the mobile app we use analytics SDKs and identifiers (such as Firebase Analytics and, where used, platform or advertising SDKs) that perform a similar role to cookies by storing or accessing information on your device. These tools are described in sections 3, 4, 6 and 7 and are subject to the same rights and controls, including device privacy settings and App Tracking Transparency prompts where applicable.

12. Subscriptions, payments and refunds
Mobile subscriptions and purchases are processed only via Apple App Store or Google Play. Billing, cancellations and refunds follow the respective store rules. We do not handle or store full card details. We do not use any separate web payment gateway.

13. Account deletion (in-app)
You can delete your account directly in the app (e.g., Settings → Account → Delete Account). After confirming the in-app request and completing a short security verification, we will permanently delete or irreversibly anonymise your personal data that are not required to be kept by law (e.g., accounting/tax records).

What gets deleted:
Your account, saved designs, preferences, and app-level identifiers linked to your account.

What we keep:
Records required by law (e.g., invoices/transaction metadata) for the statutory retention period.

Timeline:
We aim to complete deletion within 30 days.

Subscriptions:
Deleting your account does not cancel an active subscription. Manage/cancel subscriptions in your Apple App Store or Google Play settings.

If you are unable to access the app, you can request deletion via support@grannysquaredesigner.com or info@grannysquaredesigner.com.

14. Mandatory vs. voluntary data
Technical identifiers and data necessary to operate the app are required to provide the service; without them some features will not work.

Using the app in a basic “try” mode without registration is possible, but if you want to export PDFs or purchase a subscription, providing an email address and creating an account is mandatory for those features.

Any additional information you provide to support is voluntary.

15. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

16. Changes to this policy
We may update this policy from time to time (e.g., when features or laws change). We will publish the new version with an updated effective date and, where appropriate, notify you in the app or on the website.

17. Contact
Data protection contact: info@grannysquaredesigner.com
Support: support@grannysquaredesigner.com