🔒 Nativio – Privacy Policy

1. What Data We Collect

We collect and process the following data when you use Nativio:

2. How We Collect Data

• When you register an account or log in
• When you submit data through forms or onboarding
• When you make a payment (via our billing provider, Paddle)
• When you open our website (for cookies and analytics, if consented)
• When you contact us via support channels

We do not sell or rent your personal information to third parties.

3. Google Places API Usage

When you add links from Google Maps, we use the Google Places API to extract structured information such as place name, address, and photo. This enriched data is shown to your guests inside the guide.

By using Nativio, you agree to Google's Privacy Policy in relation to these services.

4. How We Use Your Data

• Provide and improve our service (Performance of a contract)
• Authenticate users and manage sessions (Performance of a contract)
• Process payments and subscriptions (Legal obligation / contract)
• Send essential service emails (e.g. onboarding, billing) (Legitimate interest)
• Send marketing emails (if subscribed) (Consent)
• Analyze usage trends (Google Analytics, with consent) (Consent)
• Respond to support requests (Legitimate interest)
• Comply with legal obligations (Legal obligation)

We may share anonymized or aggregated data for product improvement or marketing.

5. Data Processors We Use

We use trusted third-party services to deliver our platform:

• Supabase (Database and authentication)
• Vercel (Hosting and delivery)
• Paddle (Subscription billing and payments)
• Resend (Transactional email delivery)
• Google Analytics (Usage analytics (only after consent))

All services are GDPR-compliant or operate under valid data transfer agreements.

6. Cookies and Analytics

We use cookies for:

• Session management
• Storing preferences
• Analytics (only after consent)

You can manage your cookie preferences via the cookie banner or your browser settings.

We use Google Analytics to understand platform usage. Analytics scripts only load after you give consent.

7. Data Retention

• Your account data is retained as long as you have an active account
• Inactive accounts may be deleted after 24 months of inactivity
• If you delete your account, your personal data is erased unless we are required to retain it for legal reasons (e.g. billing records)

8. Your Rights (GDPR)

As a user, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Request a copy of your data (“data portability”)
• Withdraw consent at any time (for analytics or marketing)
• File a complaint with your local data protection authority

To exercise any of these rights, email us at dragan@gonativio.com.

9. Account Deletion & Data Export

You may request deletion of your account via your dashboard (unless you have an active subscription).

10. Data Security

We take appropriate technical and organizational measures to secure your personal data, including:

• Encrypted connections (HTTPS)
• Secure password hashing
• Role-based access to backend systems
• Hosting on GDPR-compliant platforms (Supabase, Vercel)

11. International Data Transfers

Our data processors may store data outside the EU (e.g., the US). All providers comply with GDPR transfer requirements (e.g., Standard Contractual Clauses or equivalent safeguards).

12. Changes to This Privacy Policy

We may update this policy from time to time. When we make material changes, we will notify you via email or the platform.

13. Contact

If you have questions or concerns about this Privacy Policy, contact: