Privacy Policy

Last Updated: January 13, 2026

Entity: samko labs, s.r.o. Contact: [email protected]

1. Introduction

Welcome to Nodly. We are samko labs, s.r.o., and we are committed to protecting your privacy and being transparent about the data we collect and how we use it.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using Nodly, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Automatically Collected Data

Device Identifier

• We generate and store a unique device identifier (UUID) on your device when you first use the app
• This identifier is stored locally in your device's storage and is used to sync your creations across sessions
• Legal basis: Legitimate interest (providing core app functionality)

Language Preference

• Your selected language preference is stored locally on your device
• Legal basis: Legitimate interest (providing app in your preferred language)

2.2 Activity Data You Provide

Activity Preferences

• When you request activity suggestions, we collect your inputs:
  • Time available (e.g., "10 minutes", "1 hour")
  • Participants (e.g., "just me", "with little kids")
  • Desired vibe (e.g., "calm & cozy", "creative & focused")
  • Available materials (e.g., "paper", "cardboard")
• This data is sent to our servers to match you with appropriate activities
• Legal basis: Legitimate interest (providing personalized activity recommendations)

Completed Creations

• When you complete an activity, we save:
  • Activity details (title, steps, materials)
  • Completion timestamp
  • Your activity preferences at the time
• This data is stored on our servers associated with your device identifier
• Legal basis: Legitimate interest (providing your creation history)

2.3 Optional Data You Choose to Provide

Photos

• You may optionally attach photos to your completed creations
• Photos are only collected if you explicitly choose to capture or select them
• Photos are uploaded to our servers and stored securely
• Legal basis: Your explicit consent (by choosing to attach a photo)

3. How We Use Your Data

We use the collected data for the following purposes:

1. Provide Activity Recommendations - Match you with suitable activities based on your available time, participants, vibe, and materials
2. Save Your Creation History - Store your completed activities so you can view them later
3. Improve Our Service - Analyze usage patterns to improve activity matching and recommendations
4. Sync Across Sessions - Use your device identifier to retrieve your creations when you return to the app
5. Personalize Your Experience - Display the app in your preferred language

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on:

• Legitimate Interest (Article 6(1)(f)) for:
  • Device identification
  • Activity matching
  • Creation history storage
  • Service improvement
• Consent (Article 6(1)(a)) for:
  • Photo uploads (only when you explicitly choose to attach photos)

You have the right to withdraw your consent at any time by deleting photos from your creations or deleting your account entirely.

5. Third-Party Services

5.1 Firebase (Google LLC)

We use Firebase services provided by Google LLC to operate our backend infrastructure:

• Firebase Authentication - Anonymous sign-in to manage user sessions
• Firebase Functions - Backend API hosted in the us-central1 region (United States)
• Firebase Cloud Storage - Photo storage (if you upload photos)

Data shared with Firebase:

• Device identifier
• Activity preferences (when requesting suggestions)
• Creation data (activity details, timestamps)
• Photos (if you choose to upload them)

Firebase Privacy Policy: https://firebase.google.com/support/privacy

GDPR Compliance: Google is certified under the EU-US Data Privacy Framework for international data transfers.

5.2 No Other Third Parties

We do not share your personal data with any third parties other than Google/Firebase for the purposes described above. We do not sell your data to advertisers or data brokers.

6. Data Retention

Creations and Activity Data:

• We retain your creation history and activity preferences indefinitely until you request deletion
• You can delete your account and all associated data at any time through the app settings

Photos:

• Photos are retained indefinitely until you delete your account or remove specific creations
• We do not automatically delete photos

Device Identifier:

• The device identifier is retained as long as you use the app
• Deleting the app or deleting your account removes the device identifier

7. Your Rights Under GDPR

As a data subject in the EU/UK, you have the following rights:

7.1 Right of Access (Article 15)

You have the right to request a copy of all personal data we hold about you.

7.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data. You can exercise this right by using the "Delete Account & Data" button in the app settings, which will:

• Delete all your creations from our servers
• Delete any photos you uploaded
• Sign you out and clear local data
• Remove your device identifier

7.4 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON).

7.5 Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we use your data in certain circumstances.

7.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interest. If you object, we will cease processing unless we have compelling legitimate grounds.

7.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at: Email: [email protected]

We will respond to your request within 30 days as required by GDPR.

8. Data Security

We take reasonable measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction:

• Encryption in Transit - All data transmitted between your device and our servers uses HTTPS encryption
• Firebase Security - We rely on Google's industry-standard security measures for Firebase services
• Access Controls - Only authorized personnel have access to backend systems

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

Nodly is intended for users aged 13 and older.

We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at [email protected], and we will delete the data.

Parental Supervision: Many activities in Nodly are designed for children under parental supervision. Parents and guardians are responsible for supervising children's use of the app and any physical activities they undertake.

10. International Data Transfers

Server Location: Our backend servers are hosted by Firebase in the United States (us-central1 region).

GDPR Safeguards: Data transfers from the EU/UK to the United States are protected under:

• EU-US Data Privacy Framework (Google/Firebase certification)
• Standard Contractual Clauses (Google's GDPR-compliant data processing terms)

For more information on Firebase's GDPR compliance, visit: https://firebase.google.com/support/privacy

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Effective Date: All changes are effective as of the "Last Updated" date at the top of this policy.

Notification: We will notify you of material changes by updating the "Last Updated" date and, if appropriate, displaying an in-app notification when you next use the app.

Your Continued Use: Your continued use of Nodly after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: [email protected]Entity: samko labs, s.r.o. Jurisdiction: Slovakia (EU)

We aim to respond to all inquiries within 30 days.

13. Supervisory Authority

If you are located in the EU/UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• Slovakia: Urad na ochranu osobnych udajov (Office for Personal Data Protection of the Slovak Republic)
• Find your local authority: https://edpb.europa.eu/about-edpb/board/members_en

Thank you for trusting Nodly with your data. We are committed to protecting your privacy.