BSP Lab logoBSP Feedback

Privacy Policy

Effective date: 01.01.2026. Version 1.3.

Provider

BSP LAB, obrt za ostalo računalno programiranje, vl. Bruno Sebastian Penzar
ULICA ĐURE CRNATKA 24, 10000 ZAGREB, Croatia
OIB: 00357376233
Contact: privacy@bsp-lab.dev

1) Roles (GDPR)

For your account data and use of the Service, BSP LAB is the controller.

For feedback data collected on behalf of your customers, BSP LAB is the processor, and you are the controller. See the DPA.

2) Data we collect

Account data (controller)

  • email address, account name
  • authentication/session data

Feedback data (processor for you)

  • form responses (text, ratings, selections)
  • timestamps
  • location labels (if used)
  • IP hash (not raw IP)
  • user-agent hash

Technical data

  • basic request logs, security and abuse signals
  • device/browser data where technically necessary

3) Purposes & legal basis

  • Provide the Service (contract)
  • Security and abuse prevention (legitimate interest)
  • Legal compliance (legal obligation)

4) Retention

Account data is retained until you delete your account or request deletion. Feedback data is retained according to the controller’s instructions and deleted upon their request or account deletion. Residual copies may remain in backups for up to 30 days.

5) Cookies

We only use strictly necessary cookies for authentication and security. Because these cookies are essential, no consent banner is required under EU rules.

6) Sharing & subprocessors

We use the following service providers:

  • Vercel (hosting)
  • Supabase (database/auth)
  • Cloudflare (DNS/network)
  • Google (Gmail support contact)

7) Subprocessor updates

We may update or replace subprocessors. We will provide notice of material changes to our subprocessors, for example via the Service or by email.

8) International transfers

Some providers may process data outside the EEA. When applicable, transfers are protected by standard contractual clauses (SCCs) or other lawful mechanisms.

9) Use of aggregated data

We may use aggregated or anonymized data to improve the Service.

10) Your rights

You may request access, correction, deletion, or export of your data. You can also lodge a complaint with your local data protection authority (Croatia: AZOP).

11) Security

We use technical and organizational measures to protect data, including access controls and encryption in transit.

12) Contact

Privacy questions: privacy@bsp-lab.dev.

13) Related documents