← Back to Home

Privacy Policy

Last updated: June 7, 2026

Manjiti Kučić d.o.o. ("we", "us", or "our") operates the BokaScout mobile application and website. This Privacy Policy describes how we collect, use, and handle your personal information when you use our services.

1. Data Collection

We collect information to provide a better experience for all our users:

  • Account Information: When you sign in using Google or other authentication providers, we receive your name, email address, and profile picture as provided by the authentication service (Supabase Auth).
  • Payment Processing Information: All payment transactions are securely processed directly by our online reseller and Merchant of Record, Paddle.com. We do not store or process credit card, debit card, or bank account details on our servers; we only receive transactional confirmation and metadata (such as your User ID and purchase status) to unlock premium guide content.
  • Location & Telemetry Data:
    • Real-time Location & Geofencing: The app uses your device's location services to trigger audio guide content automatically when you enter the physical boundaries (Points of Interest) of a tour. Most location tracking is processed locally on your device.
    • Detailed Access Telemetry: To prevent abuse, verify tour consumption, and detect unauthorized account sharing, the app logs discrete events containing the timestamp of access, the specific Points of Interest triggered, truncated coordinates (for geographic verification), preferred language, and device details (such as OS version, brand, and a unique cryptographic device fingerprint).
  • Usage Data: We collect anonymous information about how you interact with the app (e.g., which tours are started, which points are visited) to improve our content and service.

2. How We Use Data

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage your Account: to manage your registration as a user of the Service.
  • To verify purchase status and authorize access to premium audio tours.
  • To prevent fraud, account sharing abuse, and maintain overall platform security.
  • To provide you with news, special offers, and general information about other goods, services, and events which we offer.

3. Third-Party Data Processors

We share certain data with trusted third-party services to perform essential billing, authentication, and database services:

  • Supabase: For identity authentication, user registration, database storage, and secure backend Edge Functions.
  • Paddle: As our Merchant of Record and reseller, Paddle collects your transaction data, email, and billing details directly on our behalf to process credit card/digital wallet payments, charge sales tax, and handle billing support. You can view Paddle's Privacy Policy on their official website.

4. Data Retention and Security

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. Specifically, detailed access and telemetry logs used for abuse prevention and fraud protection are retained for a maximum of ninety (90) days from the date of collection, after which they are permanently deleted. We use industry-standard security measures provided by Supabase and our cloud partners to protect your data.

5. Your GDPR Rights

Under the General Data Protection Regulation (GDPR), users in the European Economic Area have the following rights:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification.
  • The right to object.
  • The right of restriction.
  • The right to data portability.
  • The right to withdraw consent.

To exercise any of these rights, please contact us at our business details listed in the footer.