EN
Login
Privacy policy
Last updated: 10 June 2026 · version 4.0
We process your data to provide the Cash Booking service, security, subscription and legal obligations
Quick overview
We collect the data necessary to operate the platform
Data is used for accounts, Cash Booking profiles, reservations, calendar sync, guest QR, AI reception, subscription and security
Data is deleted on request when there is no legal obligation to retain it
Media and demo content are deleted or deactivated in accordance with platform rules
Data processing complies with GDPR
1
What data we collect
For hosts — account and business data
Name, email, phone number, business account name, account type, address and data needed to manage properties. This data is used to operate the platform, provide support, security and meet legal obligations.
For Cash Booking profile and properties
Property name, unit name, location, rules, check-in/check-out information, availability, prices, descriptions, images, QR codes, iCal links for Booking and Airbnb sync and information the host enters to display to guests.
For guests and reservations
Name, email, phone number, data related to the stay, reservations, cancellations, use of the QR guest app and communication with the host or support.
For host protection
Data on reservation cancellations and blocking of guests who cancel repeatedly, in line with platform rules and host settings.
For AI reception
User queries, AI responses, host instructions for the property and context needed for AI reception to help guests during their stay. AI reception processes data only within instructions set by the host.
Media content
Images, video, descriptions and other content that a user or host voluntarily publishes or adds to the platform.
Automatic data
IP address, device type, access time, language, basic technical information and interactions with the platform for security, stability, abuse prevention and basic analytics.
2
How we use data
Platform operation
We use data for user accounts, property management, Cash Booking profiles, the QR guest app, AI reception, reservations, calendar sync, communication and technical support.
Billing model
Reservations are free — no commission on the stay. Subscription is charged for AI reception, video feed and marketing tools.
Stay payment
Guests pay the host directly on arrival. Zvizz does not process or store stay payment data.
Host subscription
Data is used to charge subscription via Stripe. Card data is processed through Stripe; Zvizz does not see the full card number.
AI reception
Data entered by the host is used so AI reception can give useful, practical and relevant answers to guests about the specific property. The AI system for processing queries is Mistral AI.
Communication
We may send email notices about your account, property, reservations, subscription, security and important platform changes.
Security and abuse prevention
We use technical data to protect users, detect suspicious activity, prevent reservation abuse and maintain platform stability.
We do not sell data
We do not sell your personal data to advertisers or other third parties.
3
Data retention
Active users
Data is retained while you are a registered user and for 30 days after account deletion, unless a legal obligation requires longer retention.
Reservations and subscription
Reservation and subscription data is retained in line with statutory periods, including tax and accounting obligations under applicable law.
Properties and profile
Data is retained while the property is active on the platform or until the host deletes it, except where linked to legal obligations that must be retained.
AI reception
Host instructions and AI reception content are retained until the host changes or deletes them or while the property is active, unless longer retention is required for security or legal reasons.
Media content
Media content is retained while published or needed to display the property, unless the user deletes it or requests deletion.
Analytics
12 months.
IP addresses
3 months.
Cookies
Up to 2 years, depending on cookie type and user settings.
Subscription (Stripe)
Subscription payment data is not stored on our servers in full form. It is retained only through Stripe infrastructure, in line with their privacy and security rules.
4
Security
Encryption
We use SSL/TLS for data transfer and security measures to protect data in the system.
Passwords and authentication
Authentication and protection of user accounts are carried out through platform security mechanisms and infrastructure providers.
Subscription and cards
Stripe processes subscription payments. Zvizz does not see the full card number or store stay payment data.
Technical system functions
Data is processed through protected server processes and controlled access, applying the principle of least privilege.
Data access
Only authorised persons have access to personal data when necessary for support, security, legal obligations or platform operation.
5
Third parties and processors
Database and infrastructure
Data is processed through infrastructure and database services (Supabase and similar) that enable platform operation, data storage, authentication and security.
Subscription processing
Stripe processes card data for host subscription. Zvizz does not see card data in full form.
Email notifications
We use a specialised email service (such as Resend or another certified provider) to send transactional and notification emails.
Maps and locations
We use a maps and location service (such as Google Maps or another provider) to display properties and approximate location information.
Media distribution
Images and video may be stored, processed and distributed through media and CDN infrastructure services.
AI systems — Mistral AI
We use Mistral AI to process AI reception queries and structure host instructions. Queries and responses are processed via the Mistral API in line with their privacy and security rules.
Security and DNS
We use DNS, CDN and security services for availability, speed and platform protection.
Hosting and deploy
The application may be hosted and deployed on third-party infrastructure services that offer an appropriate level of data protection.
Transfers to third countries
In some cases data may be processed outside the EEA (e.g. Stripe, Mistral AI and other processors). We then rely on EU standard contractual clauses, encryption and the necessity of processing to provide the service.
Processor details
For details on all processors and applicable agreements, contact us at info@zvizz.com.
6
Legal bases for processing
Contract
Processing is necessary to provide the service: user account, Cash Booking profile, reservations, QR guest app, AI reception, subscription, support and property management.
Legal obligation
We must retain certain data for tax, accounting, security or other legal obligations.
Consent
Marketing communications, certain media content and optional features may be processed on the basis of your consent.
Legitimate interests
Platform security, prevention of reservation abuse, user protection, basic analytics and service improvement are our legitimate interests.
Objection to legitimate interest
If you disagree with processing based on legitimate interest, you have the right to object under Art. 21 GDPR. Contact us at info@zvizz.com.
Application of bases by data category
User account, reservations, subscription and business data are mainly processed on the basis of contract and legal obligation; security logs on legitimate interest; marketing and certain optional content on consent.
7
Cookies and tracking
Functional cookies
Session token, security cookies, authentication and abuse protection are necessary for the platform to operate.
Technical cookies
Language, display, account and other technical settings may be stored for up to 2 years.
IP address and device
Collected automatically for security, stability, basic analytics and abuse prevention, and retained for up to 3 months.
8
Automated decisions and AI
What automated decisions are
Automated decisions are systems that automatically process data to help with security, recommendations, abuse detection or platform operation.
Use in the Zvizz app
Automated systems may be used for security, prevention of reservation abuse, query processing, structuring host instructions and AI reception operation.
AI reception
AI reception (Mistral AI) answers guests based on host instructions, property rules and available context. The host is solely responsible for instructions entered into AI reception.
Guest blocking
The system may automatically block guests who cancel reservations repeatedly, in line with platform rules. The host can manage blocks manually.
Your rights
You have the right to request an explanation and human review if you believe automated processing has significantly affected you, under Art. 22 GDPR.
Impact on the user
We do not make solely automated decisions that produce legal effects or similarly significantly affect you without the possibility of human intervention.
Disagreement
If you disagree with an automated decision or AI response, contact us at info@zvizz.com for further clarification and review.
9
Your rights (GDPR – Articles 15–22)
Right of access
You can request confirmation of whether we process your personal data and obtain a copy by emailing info@zvizz.com.
Right to rectification
If your data is inaccurate or incomplete, you can request correction.
Right to erasure
You can request deletion of your data, except for data we must retain due to legal obligations.
Right to data portability
You can request your data in a structured, commonly used and machine-readable format.
Right to complain
If you believe your rights are violated, you have the right to file a complaint with the Croatian Personal Data Protection Agency (AZOP).
How to exercise your rights
To exercise your rights, email info@zvizz.com with the subject line ‘GDPR request’ and a clear description of what you seek. We will respond without undue delay and no later than within 30 days.
10
Media content – special rules
Ownership
Content you add or publish remains your property, unless otherwise provided by specific rules or an agreement.
Control
You can remove your media content where that option is available or request removal through support.
Privacy
Content related to a property may be visible to guests, registered users or publicly, depending on the feature in which it is used.
People in content
If you publish content showing people, you are responsible for obtaining the necessary consents and rights for publication.
Prohibited content
Publishing pornographic content, violence, discriminatory content, content that infringes copyright or other laws is prohibited.
Legal responsibility
You are responsible for the content you publish and for having the right to publish it.
11
Protection of minor users
Minimum age
Users under 16 may use the platform only with explicit parental or guardian consent.
Minors (16–18)
Minor users may use the platform with clear information about how their data is processed and protected.
Recommendation
We recommend users under 16 use the platform under parental/guardian supervision and support.
Parental responsibility
Parents/guardians are responsible for supervising how minors use the platform.
12
Changes to this Privacy Policy and data breaches
Notices
We may notify you of changes to the Privacy Policy by email, push notifications or an in-app notice.
Minor changes
Minor changes are published directly on this Privacy Policy page.
Major changes
For material changes we will notify you by reasonable means before they take effect, where required.
No sale of data
We do not sell your personal data to third parties.
Data sharing
Sharing data with third parties without a valid legal basis, contract or your consent is not permitted.
Personal data breach
If you suspect a personal data breach, you can contact us at info@zvizz.com.
13
Contact and complaints
Contact
For all questions or requests regarding the processing of personal data, contact us at info@zvizz.com.
Complaints
You can submit complaints about the processing of personal data to info@zvizz.com.
Response time
We will respond without undue delay and no later than within 30 days of receiving a proper request.
Identity verification
To protect your data we may, where proportionate and necessary, request additional proof of identity.
Croatian Personal Data Protection Agency
If you are not satisfied with our response, you may contact the Croatian Personal Data Protection Agency (AZOP).
14
Legal obligation and applicable law
Applicable law
Processing of personal data is governed by Regulation (EU) 2016/679 (GDPR) and applicable law of the Republic of Croatia.
Dispute resolution
We seek to resolve disputes related to data processing directly. This does not affect your right to initiate proceedings before the competent authority or court.
Tax and accounting regulations
Data on subscription, reservations and transactions is retained in line with statutory periods where necessary for tax and accounting obligations.
15
Subscription and payments
Free reservations
Zvizz does not charge commission on reservations. Reservations are free for hosts and guests on the platform.
Stay payment
Guests pay the host directly on arrival. Zvizz does not process, store or intermediate stay payments.
Host subscription
Subscription for AI reception, video feed and marketing tools is charged via Stripe according to the applicable price list.
Stripe security
Stripe is a certified payment service provider (PCI DSS). Card data for subscription is processed through Stripe in line with their privacy rules.
Relationship with Stripe
For subscription data, Stripe may act as a separate controller or processor. We recommend reading Stripe’s privacy policy at stripe.com/privacy.
16
Technical details of the platform
Cookies and technical tools
We use necessary security and functional cookies, Stripe security mechanisms and limited basic analytics and technical tools for service stability and security.
QR guest app
The QR guest app lets guests access information, rules, services and AI reception for a specific property. Access is via QR scan or private profile link.
Calendar sync (iCal)
Hosts can connect iCal links from Booking, Airbnb or other channels to sync availability. Zvizz processes occupancy data needed for sync.
AI reception
AI reception (Mistral AI) uses data entered by the host and available property context to help guests. The host is solely responsible for content and instructions entered.
Email communication
Email is used for the user account, reservation notices, subscription, support and important security notices.
Phone number
A phone number may be required for communication, account security, host-guest relations and support.
17
About the Zvizz platform
What is Zvizz
Zvizz is a Cash Booking platform for hosts and guests — your own profile, free reservations, host confirmation, pay on arrival, calendar sync, guest QR, AI reception and marketing tools.
Billing model
Reservations are free. Subscription is charged for AI reception, video feed and marketing tools, according to the applicable price list.
Contact email
For all information, contact us at info@zvizz.com.
18
Data controller
Data controller
TERMINAL ONE d.o.o. za usluge
Registered office and registration
Split, Republic of Croatia | PIN: 63820061187 | Company reg. no.: 060505215 | Registry: Commercial Court in Split
Contact email
info@zvizz.com
19
Privacy policy version
Document version
4.0
Effective date
10 June 2026
Last updated
10 June 2026
How long we keep data
Active users
While the account is active + 30 days after deletion
Reservation data
In line with statutory retention periods
Media content
According to platform rules or upon request
Analytics
12 months
Cookies
2 years
IP addresses
3 months
Subscription (Stripe)
Stripe servers only
Privacy questions?
Contact us at:
info@zvizz.com
We respond within the statutory deadline, as a rule as soon as possible
Your rights under GDPR
Right of access – know what data we process
Right to rectification – correct inaccurate or incomplete data
Right to erasure – request deletion of personal data
Right to restriction of processing (Art. 18) – temporarily stop processing
Right to data portability (Art. 20) – receive data in a machine-readable format
Right to object (Art. 21) – object to processing based on legitimate interests
Right to complain (Art. 77) – contact the Croatian Personal Data Protection Agency (AZOP)
You have read our Privacy Policy. If you have any questions or suggestions, please contact us at info@zvizz.com.
Back