First name, last name, email, phone number and address. This data is available only to you and the platform’s authorised systems.

IBAN is stored exclusively via Stripe Connect’s secure integration. Zvizz does not store IBAN on its own servers and does not have access to the full IBAN.

Property name, property phone number, property email address and location. Visible to registered users.

Name, email, phone number and stay dates. The Stripe payment token is private and available only through the Stripe system.

Username or pseudonym, video content, description and comments (visible to registered users).

IP address, device type, access time and interactions (private, for security and abuse prevention).

Managing reservations, payment processing, payouts, listing reviews and providing technical support.

The platform uses a single commission-based fee model. Commission is charged to the host in line with the applicable price list.

Data is used to process payments via Stripe Connect and to pay out business users 7 days after the guest’s payment has been recorded.

Processing is based on a contract (bookings), legal obligations (tax/accounting requirements) or your consent (communication messages).

We send email notifications about bookings and important changes. You can unsubscribe from certain notifications at any time.

Your data is not sold to advertisers or other third parties.

Content you publish remains your property and is available only to registered users.

Data is kept while you are a registered user and for 30 days after account deletion, after which it is automatically deleted.

In line with statutory retention periods (e.g., tax and accounting obligations) under applicable Croatian law.

90 days, after which it is automatically deleted (or earlier if you request it).

12 months.

3 months.

2 years.

Not stored on our servers – kept exclusively on Stripe’s servers, in accordance with their privacy policy.

SSL/TLS for all communications and AES-256 for the database.

Passwords are hashed using bcrypt and are not visible to us in their original form.

Stripe Connect processes all payments and IBAN data – we never see your full card number or IBAN. Stripe is PCI DSS certified and uses the highest security standards.

IBAN is stored exclusively via Stripe Connect encryption – it is never available to our database or employees.

Data is processed through protected server-side processes and controlled access, applying least-privilege principles and avoiding unnecessary exposure of data to the client application.

Only authorized staff can access data, and only when necessary for support or security.

The database is hosted on EU servers with a signed Data Processing Agreement (DPA).

Stripe Connect – we do not see card data or IBAN; Stripe is PCI DSS certified and IBAN is encrypted and stored on their servers.

We use a specialized email service provider with a DPA-compliant agreement to send emails.

We use a maps/location service to display accommodation locations.

Images and video content are delivered via CDN services.

We use DNS and CDN solutions to improve security and platform availability.

The application is hosted and deployed on third-party infrastructure providers.

In some cases, your data may be processed on servers outside the European Economic Area (e.g., by Stripe or a CDN). In such cases, we rely on appropriate safeguards such as EU Standard Contractual Clauses and technical encryption measures, and we transfer data only when necessary to provide the service.

For detailed information about our processors and signed Data Processing Agreements, contact us at info@zvizz.com.

Reservations, payment management and payouts – processing is necessary to perform the contract with you.

Keeping booking-related data is required by tax/accounting regulations and other applicable Croatian laws.

Marketing communications and publishing video content in the video feed are carried out only with your explicit consent.

Platform security, fraud prevention and service improvement are our legitimate interests, while always considering your rights and freedoms.

If you object to certain processing, you can contact us at info@zvizz.com and submit an objection.

Booking and account data is generally processed based on contract and legal obligation; technical and security logs (e.g., IP, device) based on legitimate interest; video feed content and marketing communications only based on your consent.

Session token, CSRF protection and Stripe security cookies – necessary for platform operation and do not require your consent.

Display preferences (e.g., dark mode, language) and account settings – retained up to 2 years.

Collected automatically for security and basic analytics, and kept for up to 3 months.

Systems that automatically process data to make certain decisions (e.g., approving or rejecting specific actions).

Automated systems may be used to prevent fraud by analyzing behavioral patterns and activity on the platform.

You have the right to know when a decision was made automatically and you can request a manual review.

We do not make solely automated decisions, including profiling, that produce legal effects for you or similarly significantly affect you without the possibility of human intervention.

If you disagree with an automated decision, contact us at info@zvizz.com for clarification and review.

We use AI for content recommendations and query processing, subject to system rules and oversight. AI does not have independent decision-making authority beyond the platform’s defined rules.

You can request confirmation of whether we process your personal data and obtain a copy by emailing info@zvizz.com.

If your data is inaccurate or incomplete, you can request correction.

You can request deletion of your data, except for data we must keep due to legal obligations (e.g., bookings for tax purposes).

You can request your data in a structured, commonly used and machine-readable format (e.g., JSON or CSV).

If you believe your rights are violated, you have the right to file a complaint with the Croatian Data Protection Agency (AZOP).

To exercise your rights, email info@zvizz.com with the subject 'GDPR request' and a clear description of what you request (e.g., access, correction, deletion, portability). We will respond without undue delay and no later than 30 days.

Content you publish remains your property.

Videos older than 90 days are automatically deleted.

You can delete your video content at any time.

Published video content is visible to registered users of the platform.

You may use a pseudonym when publishing video content.

Showing people’s faces in videos (e.g., owner, guest, staff) is allowed provided you have obtained valid consent from all depicted persons.

Pornographic content, violence, discriminatory content, content infringing copyrights or other laws is prohibited.

You are fully responsible for the content you publish and for having the rights to publish it.

Users under 16 may use the platform only with explicit parental or guardian consent.

Minor users may use the platform with clear information about how their data is processed and protected.

We recommend users under 16 use the platform under parental/guardian supervision and support.

Parents/guardians are responsible for supervising how minors use the platform.

We may notify you about changes via email or push notifications.

Minor changes are published directly on this Privacy Policy page.

We will notify you of significant changes at least 30 days before they take effect.

Selling your personal data to third parties is not allowed and is not practiced.

Sharing data with third parties without a valid legal basis or your consent is not permitted.

If you suspect a data breach (e.g., unauthorized access), contact us at info@zvizz.com.

For any questions or requests related to processing personal data, contact us at info@zvizz.com.

You can submit privacy-related complaints via info@zvizz.com.

We will respond without undue delay and no later than 30 days after receiving a valid request.

To protect your data, we may, where proportionate and necessary, request additional confirmation of identity.

If you are not satisfied with our response, you may contact the Croatian Data Protection Agency (AZOP) at azop@azop.hr.

Processing of personal data is governed by Regulation (EU) 2016/679 (GDPR) and applicable Croatian law (including the Act on the Implementation of the GDPR).

We aim to resolve disputes concerning data processing directly, and where appropriate through ADR procedures (e.g., mediation). This does not affect consumers’ right to bring proceedings before a competent court.

Booking-related data is retained in line with statutory retention periods to the extent necessary to meet tax and accounting obligations.

IBAN is stored exclusively via Stripe Connect’s secure integration. Zvizz never sees, stores or has access to your full IBAN.

For each payment through the platform, commission is charged to the host in line with the applicable price list.

Stripe is a PCI DSS certified provider. All card and IBAN data is processed exclusively through Stripe, using the highest security standards.

For payment data (cards, IBAN), Stripe acts as a separate controller or processor depending on the specific service provided. We recommend reading Stripe’s Privacy Policy to understand how they process your data.

Funds are paid out to the host’s registered Stripe Connect account 7 days after the guest’s payment has been recorded.

The subscription model is no longer active. Payments and payouts are carried out through Stripe Connect in line with the platform rules.

We use necessary security and functional cookies, Stripe security mechanisms, and limited basic analytics and technical tools for service stability and security.

The video feed is visible to registered users and is fully optional – it is not required for standard platform use.

We send only notices that are necessary to provide the service (e.g., booking confirmations and key changes).

An email address is required for communication, booking confirmations and important notices.

A phone number is required for communication with guests and for additional account security.

Bank details (IBAN) are required for payouts via Stripe Connect and are processed exclusively through Stripe infrastructure.

Zvizz is a digital platform for managing accommodation and boat rentals that enables hosts to manage reservations, availability calendars, payments and communication with guests.

A single commission-based fee model through Stripe Connect is in place. The platform commission is paid by the host.

For any information, contact us at info@zvizz.com.

TERMINAL ONE d.o.o. za usluge

Split, Republic of Croatia | PIN: 63820061187 | Company reg. no.: 060505215 | Registry: Commercial Court in Split

info@zvizz.com

2.0

1 January 2025.

30 December 2025.