napravi.site
Prikupljamo samo podatke koji su neophodni za pružanje usluge. Ne prodajemo, ne iznajmljujemo niti delimo vaše lične podatke sa trećim stranama u marketinške svrhe.
Rukovalac podataka za platformu napravi.site je Operator platforme. Kontakt: privacy@napravi.site
Ako ste krajnji kupac sajta kreiranog na platformi napravi.site, Tenant (vlasnik sajta) je odgovoran za obradu vaših podataka. Obratite im se direktno za pitanja privatnosti.
Podaci o plaćanju (broj kartice, CVV) se nikada ne čuvaju na našim serverima — procesiraju se isključivo putem Stripe-a.
| Svrha | Pravni osnov (GDPR) | Podaci |
|---|---|---|
| Upravljanje nalogom | Izvršenje ugovora (čl. 6(1)(b)) | Email, lozinka, ime |
| Naplata pretplate | Izvršenje ugovora (čl. 6(1)(b)) | Stripe ID, plan, istorija |
| Transakcijski emailovi | Legitimni interes (čl. 6(1)(f)) | Email adresa |
| Bezbednost i prevencija prevara | Legitimni interes (čl. 6(1)(f)) | IP, session, logovi |
| Marketing obaveštenja | Saglasnost (čl. 6(1)(a)) | Email adresa |
| Zakonske obaveze | Zakonska obaveza (čl. 6(1)(c)) | Podaci o plaćanjima |
| Kolačić | Svrha | Trajanje | Tip |
|---|---|---|---|
| mslf_session | Autentifikacija korisnika | 24 sata | Neophodan |
| CSRF token | Zaštita od cross-site napada | Trajanje sesije | Neophodan |
| cart (sesija) | Sadržaj korpe | Trajanje sesije | Funkcionalni |
Ne koristimo Google Analytics, Facebook Pixel ni slične tracking alate.
| Provajder | Svrha | Koji podaci | Lokacija |
|---|---|---|---|
| Stripe, Inc. | Procesiranje plaćanja | Email, Stripe ID, transakcije | SAD (SCCs) |
| Cloudinary Ltd. | Čuvanje slika i fajlova | Uploadovane slike i mediji | SAD/EU (SCCs) |
| OpenAI, Inc. | AI prevodi sadržaja | Tekst za prevod | SAD (SCCs) |
| BulkGate s.r.o. | SMS notifikacije | Broj telefona, tekst SMS-a | Češka (EU) |
| Meta (Instagram) | Objave na Instagramu | Sadržaj, slike (uz dozvolu) | SAD (SCCs) |
| LinkedIn Corp. | Objave na LinkedIn-u | Sadržaj (uz dozvolu) | SAD (SCCs) |
| Kategorija | Period čuvanja | Razlog |
|---|---|---|
| Podaci o nalogu | Do brisanja + 30 dana | Mogućnost obnavljanja |
| Podaci o plaćanjima | 10 godina | Zakonska obaveza |
| Server logovi | 90 dana | Bezbednost i debugging |
| Session podaci | 24 sata (automatski) | Tehničko funkcionisanje |
| Slike (Cloudinary) | Do brisanja naloga | Korisnički sadržaj |
U slučaju povrede, Operator vas obaveštava u roku od 72 sata i prijavljuje Povereniku za zaštitu podataka, u skladu sa GDPR čl. 33-34.
Platforma nije namenjena licima mlađim od 16 godina. Ne prikupljamo svesno lične podatke dece. Ukoliko saznamo da smo prikupili podatke deteta bez roditeljske saglasnosti, odmah ćemo ih izbrisati. Kontakt: privacy@napravi.site
| Pravo | Opis | Rok |
|---|---|---|
| 📋 Pristup | Kopija podataka koje čuvamo o vama | 30 dana |
| ✏️ Ispravka | Zahtev za ispravku netačnih podataka | 30 dana |
| 🗑️ Brisanje | „Pravo na zaborav" | 30 dana |
| 📦 Prenosivost | Podaci u mašinski čitljivom formatu (JSON) | 30 dana |
| 🚫 Prigovor | Prigovor na obradu zasnovanu na legitimnom interesu | 30 dana |
| ↩️ Opoziv saglasnosti | Povlačenje saglasnosti u bilo kom trenutku | Odmah |
Možete podneti pritužbu Povereniku za informacije od javnog značaja i zaštitu podataka o ličnosti RS, ili DPA organu EU u svojoj zemlji boravka.
Materijalne izmene biće objavljene sa novim datumom i korisnici će biti obavešteni email-om najmanje 14 dana pre stupanja na snagu.
We only collect data strictly necessary to provide our service. We do not sell, rent, or share your personal data with third parties for marketing purposes.
The data controller for the napravi.site platform is the Platform Operator. Contact us at: privacy@napravi.site
If you are a customer or visitor of a website built on napravi.site, the Tenant (site owner) is the data controller for your information. Please contact them directly for privacy inquiries.
Payment card data (card number, CVV) is never stored on our servers — it is processed exclusively by Stripe.
| Purpose | Legal Basis (GDPR) | Data Categories |
|---|---|---|
| Account management | Performance of contract (Art. 6(1)(b)) | Email, password, name |
| Subscription billing | Performance of contract (Art. 6(1)(b)) | Stripe ID, plan, history |
| Transactional emails | Legitimate interest (Art. 6(1)(f)) | Email address |
| Security & fraud prevention | Legitimate interest (Art. 6(1)(f)) | IP, session, logs |
| Marketing communications | Consent (Art. 6(1)(a)) | Email address |
| Legal obligations | Legal obligation (Art. 6(1)(c)) | Payment records |
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| mslf_session | User authentication (session ID) | 24 hours | Strictly Necessary |
| CSRF token | Cross-site request forgery protection | Session | Strictly Necessary |
| cart (session) | Shopping cart contents | Session | Functional |
We do not use Google Analytics, Facebook Pixel, or similar third-party tracking tools. Our cookies are strictly necessary for platform functionality.
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Email, Stripe ID, transactions | USA (SCCs) |
| Cloudinary Ltd. | Image & file storage | Uploaded images & media | USA/EU (SCCs) |
| OpenAI, Inc. | AI content translations | Text sent for translation | USA (SCCs) |
| BulkGate s.r.o. | SMS notifications | Phone number, SMS text | Czechia (EU) |
| Meta (Instagram) | Instagram publishing | Post content, images (with permission) | USA (SCCs) |
| LinkedIn Corp. | LinkedIn publishing | Post content (with permission) | USA (SCCs) |
SCCs = Standard Contractual Clauses approved by the European Commission for cross-border data transfers.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion + 30 days | Account recovery window |
| Payment records | 10 years | Legal obligation (accounting) |
| Server logs | 90 days | Security & debugging |
| Session data | 24 hours (automatic) | Technical operation |
| Images (Cloudinary) | Until account deletion | User content |
In the event of a security breach that may compromise your personal data, the Operator will notify you within 72 hours of discovery and report to the competent Data Protection Authority, in accordance with GDPR Art. 33-34.
The Platform is not intended for persons under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child's data has been collected without parental consent, we will delete it immediately. Contact: privacy@napravi.site
| Right | Description | Response Time |
|---|---|---|
| 📋 Access | Obtain a copy of all personal data we hold about you | 30 days |
| ✏️ Rectification | Request correction of inaccurate or incomplete data | 30 days |
| 🗑️ Erasure | "Right to be forgotten" — deletion of your data | 30 days |
| 📦 Portability | Receive your data in a structured, machine-readable format (JSON) | 30 days |
| 🚫 Objection | Object to processing based on legitimate interest | 30 days |
| ↩️ Withdraw Consent | Revoke consent at any time without affecting prior lawful processing | Immediately |
You may file a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection, or with the competent EU DPA in your country of residence.
Material changes will be published with an updated date and users will be notified by email at least 14 days before the changes take effect. We recommend reviewing this page periodically.
Contact our Privacy team for any data requests or inquiries.
privacy@napravi.site