First name, last name, email, phone number, business account name, account type, address and data needed to manage properties. This data is used to operate the platform, provide support, ensure security and meet legal obligations.

IBAN and related payout data are processed through Stripe Connect’s secure integration. Zvizz does not store the full IBAN on its own servers and does not have access to the full IBAN.

Property name, unit name, location, rules, check-in/check-out information, available services, minibar products, prices, descriptions, images, QR codes and information the host enters to display to guests.

Name, email, phone number, data related to the stay, orders, requests, use of the QR guest app and communication with the host or support.

Data on ordered products and services, quantities, prices, order status, linked unit and time of the request.

User queries, AI system responses, host instructions for the property and context needed so AI reception can assist the guest during their stay.

Images, video, descriptions and other content users or hosts voluntarily publish or add on the platform.

IP address, device type, access time, language, basic technical information and interactions with the platform for security, stability, abuse prevention and basic analytics.

We use data for user accounts, property management, the QR guest app, AI reception, minibar, services, orders, reservations where enabled, communication and technical support.

Zvizz uses a billing model based on commission or fees according to the applicable price list. Fees may relate to repeat bookings, the minibar, services or other transactions on the platform.

Data is used to process payments and payouts through Stripe Connect. Card data and banking data are processed through Stripe.

Data entered by the host is used so AI reception can give guests useful, practical answers relevant to the specific property.

We may send email notices about your account, property, orders, services, payments, security and important platform changes.

We use technical data to protect users, detect suspicious activity, prevent fraud and maintain platform stability.

We do not sell your personal data to advertisers or other third parties.

Data is retained while you are a registered user and for a further 30 days after account deletion, unless a longer retention period is required by law.

Data is retained in line with statutory periods, including tax and accounting obligations under applicable law in the Republic of Croatia.

Data is retained while the property is active on the platform or until the host deletes it, unless it is linked to legal obligations or transactions that must be retained.

Host instructions and AI reception content are retained until the host changes or deletes them or while the property is active, unless longer retention is required for security or legal reasons.

Media content is stored while it is published or needed to display the property, unless the user deletes it or requests deletion.

12 months.

3 months.

Up to 2 years, depending on the type of cookie and user settings.

Not stored on our servers. Stored exclusively through Stripe infrastructure, in line with Stripe’s privacy and security policies.

We use SSL/TLS for data transmission and security measures to protect data in the system.

Authentication and protection of user accounts are implemented through the platform’s security mechanisms and infrastructure providers.

Stripe Connect processes payments, cards and banking data. Zvizz does not see the full card number or full IBAN.

Banking data for payouts is processed through Stripe Connect and is not available in full form in our database.

Data is processed through protected server-side processes and controlled access, applying the principle of least privilege.

Only authorized persons have access to personal data when necessary for support, security, legal obligations or operating the platform.

Data is processed through infrastructure and database services that enable the platform to run, store data, authenticate users and maintain security.

Stripe Connect processes card data, banking data and payouts. Zvizz does not see card data or the full IBAN.

We use a specialized email service to send email notifications.

We use a maps and location service to display properties and approximate location information.

Images and video may be stored, processed and distributed through media services and CDN infrastructure.

AI systems are used to process queries, structure host instructions and assist guests within AI reception.

We use DNS, CDN and security services for availability, performance and protection of the platform.

The application may be hosted and deployed on third-party infrastructure services.

In some cases data may be processed outside the European Economic Area. In such cases we rely on appropriate safeguards, such as EU standard contractual clauses, encryption and the necessity of processing to provide the service.

For detailed information about processors and applicable agreements, contact us at info@zvizz.com.

Processing is necessary to provide the service: user account, QR guest app, minibar, services, orders, payments, support and property management.

We must retain certain data for tax, accounting, security or other legal reasons.

Marketing communications, certain media content and optional features may be processed on the basis of your consent.

Platform security, fraud prevention, protecting users, basic analytics and improving the service are our legitimate interests.

If you disagree with certain processing, you can contact us at info@zvizz.com and lodge an objection.

User account, orders, payments and business data are mainly processed on the basis of contract and legal obligation; security logs on the basis of legitimate interest; marketing and certain optional content on the basis of consent.

Session token, security cookies, authentication and abuse protection are necessary for the platform to operate.

Language, display, account and other technical settings may be stored for up to 2 years.

Collected automatically for security, stability, basic analytics and abuse prevention, and retained for up to 3 months.

Automated decisions are systems that automatically process data to help with security, recommendations, abuse detection or operating the platform.

Automated systems may be used for security, fraud prevention, processing queries, structuring host instructions and operating AI reception.

AI reception answers guests based on host instructions, property rules and available context. The AI must not independently invent property information.

You have the right to request an explanation and human review if you believe automated processing has significantly affected you.

We do not make solely automated decisions, including profiling, that produce legal effects for you or similarly significantly affect you without the possibility of human intervention.

If you disagree with an automated decision or an AI response, contact us at info@zvizz.com for further clarification and review.

You can request confirmation of whether we process your personal data and obtain a copy by emailing info@zvizz.com.

If your data is inaccurate or incomplete, you can request correction.

You can request deletion of your data, except for data we must retain due to legal obligations.

You can request your data in a structured, commonly used and machine-readable format.

If you believe your rights are violated, you have the right to file a complaint with the Croatian Personal Data Protection Agency (AZOP).

To exercise your rights, email info@zvizz.com with the subject line ‘GDPR request’ and a clear description of what you seek. We will respond without undue delay and no later than within 30 days.

Content you add or publish remains your property, unless otherwise provided by specific rules or an agreement.

You can remove your media content where that option is available or request removal through support.

Content related to a property may be visible to guests, registered users or publicly, depending on the feature in which it is used.

If you publish content showing people, you are responsible for obtaining the necessary consents and rights for publication.

Publishing pornographic content, violence, discriminatory content, content that infringes copyright or other laws is prohibited.

You are responsible for the content you publish and for having the right to publish it.

Users under 16 may use the platform only with explicit parental or guardian consent.

Minor users may use the platform with clear information about how their data is processed and protected.

We recommend users under 16 use the platform under parental/guardian supervision and support.

Parents/guardians are responsible for supervising how minors use the platform.

We may notify you of changes to the Privacy Policy by email, push notifications or an in-app notice.

Minor changes are published directly on this Privacy Policy page.

For material changes we will notify you by reasonable means before they take effect, where required.

We do not sell your personal data to third parties.

Sharing data with third parties without a valid legal basis, contract or your consent is not permitted.

If you suspect a personal data breach, you can contact us at info@zvizz.com.

For all questions or requests regarding the processing of personal data, contact us at info@zvizz.com.

You can submit complaints about the processing of personal data to info@zvizz.com.

We will respond without undue delay and no later than within 30 days of receiving a proper request.

To protect your data we may, where proportionate and necessary, request additional proof of identity.

If you are not satisfied with our response, you may contact the Croatian Personal Data Protection Agency (AZOP).

Processing of personal data is subject to Regulation (EU) 2016/679 (GDPR) and applicable law of the Republic of Croatia.

We seek to resolve disputes relating to data processing directly. This does not affect your right to initiate proceedings before a competent authority or court.

Data on payments, orders, reservations and transactions is retained in line with statutory periods where necessary for tax and accounting obligations.

Stripe Connect is used to process payments and payouts. Zvizz does not see, store or have access to full card data or a full IBAN.

A fee may be charged for payments, the minibar, services or other transactions on the platform according to the applicable price list.

Stripe is a certified payment services provider. Card and banking data are processed through Stripe.

For payment data, Stripe may act as a separate controller or processor depending on the specific service. We recommend that you also read Stripe’s privacy policy.

Funds are paid out to the linked Stripe Connect account in line with platform rules, Stripe rules and fund availability.

Zvizz may use a billing model based on commission or fees for transactions, without a mandatory monthly subscription, according to the price list shown to the user.

We use necessary security and functional cookies, Stripe security mechanisms, and limited basic analytics and technical tools for stability and security of the service.

The QR guest app lets guests access information, rules, services, the minibar and AI reception for a specific property.

AI reception uses data entered by the host and available property context to provide practical help to guests.

We send notices necessary to perform the service, account security, payments, orders and material changes.

An email address is required for communication, your user account, confirmations, support and important notices.

A phone number may be required for communication, account security, the host–guest relationship and support.

Banking data is required for payouts through Stripe Connect and is processed through Stripe infrastructure.

Zvizz is a digital platform for hosts and guests that gives properties a QR guest app, AI reception, minibar, services, stay information and tools to manage the guest experience more easily.

The platform uses a billing model based on fees or commissions for certain transactions, according to the price list shown to the user.

For all information you can contact us at info@zvizz.com.

TERMINAL ONE d.o.o. za usluge

Split, Republic of Croatia | PIN: 63820061187 | Company reg. no.: 060505215 | Registry: Commercial Court in Split

info@zvizz.com

3.0

1 May 2026.

5 May 2026.