Effective date: October 27, 2025

1. Who we are
Controller: LT Studio s.r.o.
Company ID (IČO): 56 839 910
Registered seat: Uralská 1405/9, Košice – mestská časť Nad jazerom, 040 12, Slovak Republic
Data protection contact: info@grannysquaredesigner.com
Support contact: support@grannysquaredesigner.com

2. Scope of this notice
This Privacy Policy explains what personal data we process when you use the Granny Square Designer mobile application and related websites, for which purposes, on what legal bases, for how long, to whom we disclose data, and what rights you have.

We do not collect emails for marketing and we do not send newsletters. We only send essential service or safety notices where strictly necessary.

3. Data we process
Account and identifiers. Email address (used for account administration, login and support; not for newsletters) and our internal user ID. Account creation and login are verified via email verification.

Profile settings. App interface language and craft preferences you choose:
- App languages currently available: Slovak (SK), Czech (CZ), English (EN – UK/US), German (DE), French (FR), Spanish (ES), Italian (IT), Polish (PL), Hungarian (HU).
- Crochet terminology: SK, CZ, US, UK, DE, FR, ES, IT, PL, HU.
- Measuring system: metric or imperial.

Subscription/purchase identifiers. From Apple App Store or Google Play to activate features.

App usage data. Saved designs, settings and preferences (e.g., colors), and in-app actions necessary to provide the service.

Technical data. IP address, device and OS information, timestamps, diagnostics and security logs (anti-abuse, reliability).

Subscription and in-app purchase data. Purchase/renewal date and time, product/plan type, subscription status, country/currency, transaction identifier/token, refund or cancellation status. We do not receive card numbers or CVC from Apple or Google.

Support communications. Emails, attachments and metadata you send to our support, handled only to resolve your request.

Sources of data. We obtain data primarily from you during use of the app. Technical data are generated automatically. Purchase/verification information may be received from Apple and Google.

4. Purposes and legal bases
Providing the service and app features, user account and content (contract — GDPR Art. 6(1)(b)).
Managing subscriptions, purchases and unlocking paid features (contract — Art. 6(1)(b)).
Attribution and performance measurement of app-install campaigns (e.g., Apple/Google install attribution) — limited to events needed to measure installs and subscriptions (legitimate interests — Art. 6(1)(f)).
Accounting and tax compliance, including VAT/DPH records (legal obligation — Art. 6(1)(c)).
Security, fraud prevention, diagnostics and service quality (legitimate interests — Art. 6(1)(f)).
Support communications (contract/legitimate interests, depending on the request).
Marketing emails/newsletters: not used and not sent.

5. Retention
Account/service data: for the duration of your account and up to 24 months after last activity to protect our rights and ensure diagnostics.

Technical/security logs: typically 90–180 days, unless longer is required due to an incident or legal obligation.

Support communications: up to 24 months after the case is closed.

Transactions and accounting records: for periods required by law (generally up to 10 years in Slovakia).

6. Recipients (who we share data with)
Hosting and infrastructure providers (processors): only what is necessary to run and secure the service. JPsoftware, Slovak Republic (EU). Primary data hosting in Slovakia; backups stored within the EU.

Apple App Store and Google Play: independent controllers for payments; they share only purchase metadata/tokens with us, never full card details.

Accounting/tax advisor: Ekonom Košice s. r. o., Slovak Republic — acting as an independent controller for statutory bookkeeping and tax compliance. We share accounting records (revenues from Apple and Google) only to the extent necessary. Retention: as required by law (typically up to 10 years).

Public authorities: only where required by law.

Support: handled directly via email (support@grannysquaredesigner.com); we do not use third-party helpdesk/CRM tools.

7. International transfers
We do not transfer personal data outside the EU/EEA/UK. Our hosting and processors are located in the EU/EEA. Primary hosting is provided by JPsoftware in the Slovak Republic (EU). Backups are stored within the EU.

8. Security
We apply appropriate technical and organisational measures, including encryption in transit, access controls, audit logs and backups. No system is 100% secure, but we minimise data and continuously improve protection. We do not store full card details.

9. Your rights
You have the right to access, rectification, erasure, restriction, portability and to object to processing (especially processing based on legitimate interests). Where we rely on consent, you can withdraw it at any time (we currently do not rely on consent for marketing). You also have the right to lodge a complaint with a supervisory authority.

We respond without undue delay and within one month (extendable by two months where necessary; we will inform you). Requests can be sent to info@grannysquaredesigner.com or support@grannysquaredesigner.com.

Supervisory authority: Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR), Hraničná 12, 820 07 Bratislava 27, Slovak Republic — https://www.dataprotection.gov.sk

10. Children and minimum age
The app is intended for users aged 13+ and is not directed to children. If you believe a child provided us with data contrary to this policy, contact us at info@grannysquaredesigner.com and we will take appropriate steps, including deletion.

11. Cookies and similar technologies
On our website we use only essential technical cookies. Marketing email tracking is not used because we do not send newsletters.

Analytics: We currently do not use any analytics tools on the website. If we introduce privacy-friendly analytics in the future, we will update this notice and, where required, obtain consent first.

12. Subscriptions, payments and refunds
Mobile subscriptions and purchases are processed only via Apple App Store or Google Play. Billing, cancellations and refunds follow the respective store rules. We do not handle or store full card details. We do not use any separate web payment gateway.

13. Account deletion (in-app)
You can delete your account directly in the app (e.g., Settings → Account → Delete Account). After confirming the in-app request and completing a short security verification, we will permanently delete or irreversibly anonymise your personal data that are not required to be kept by law (e.g., accounting/tax records).

What gets deleted: your account, saved designs, preferences, and app-level identifiers.

What we keep: records required by law (e.g., invoices/transaction metadata) for the statutory retention period.

Timeline: we aim to complete deletion within 30 days.

Subscriptions: deleting your account does not cancel an active subscription. Manage/cancel subscriptions in your Apple App Store or Google Play settings.

If you are unable to access the app, you can request deletion via support@grannysquaredesigner.com or info@grannysquaredesigner.com.

14. Mandatory vs. voluntary data
Technical identifiers and data necessary to operate the app are required to provide the service; without them some features will not work. Any additional information you provide to support is voluntary.

15. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

16. Changes to this policy
We may update this policy from time to time (e.g., when features or laws change). We will publish the new version with an updated effective date and, where appropriate, notify you in the app or on the website.

17. Contact
Data protection contact: info@grannysquaredesigner.com
Support: support@grannysquaredesigner.com