Privacy & Data

Privacy Policy

Last updated: December 2025

Contents

Introduction

DigiWarranty is a digital warranty management application developed and operated by G SOFT, obrt za usluge, vl. Elid Garazlic, Podluka 5, 21320 Baska Voda, Croatia (OIB: 62969761760), available at gsoft.hr. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the DigiWarranty app, available on iOS and Android, or our web dashboard for organizations.

Data We Collect

We collect the following types of data to provide and improve our services:

Personal Information
When you register or submit forms (e.g., demo or trial requests), we may collect your name, email address, phone number (optional), business name, and role (e.g., Retailer, Manufacturer).
Warranty and Transaction Data
Details about warranties, invoices, and purchases, such as product information, purchase dates, and loyalty points, linked to your account via a QR code.
Usage & Device Data
Information on how you interact with the app and dashboard (pages, actions, campaign interactions), device/browser info, logs (IP, user agent), and—with consent—on-site behavior (scroll depth, time on page, click targets).
Scanned Receipts
If you use the receipt scanning feature, we process images and extract data using AI to store digital receipts.
Integrations & Credentials
API tokens, webhook endpoints, and integration settings generated per organization and venue.

Lawful Bases

We process data under these bases:

Contract
To deliver the service you sign up for (warranties, offers, analytics, integrations).
Legitimate Interests
To secure the platform, prevent abuse, and improve features (balanced against your rights).
Consent
For optional features like marketing communications, location-based promotions, or cookies/analytics on the web.

Cookies & Tracking

We use essential cookies/local storage for security and session flow, and optional cookies for analytics only with consent:

Essential
Session/authentication cookies; cookie consent flag (dw_cookie_consent); session ID for event batching (dw_session).
Analytics (consent)
Google Analytics cookies and in-house event tracking (pageviews, scroll depth milestones, time-on-page heartbeats, click targets). Only set/active after consent.

How We Use Your Data

Your data is used to:

  • Manage warranties, invoices, and loyalty programs.
  • Validate claims via QR codes at service centers.
  • Send notifications about warranty expirations, renewals, and promotions.
  • Provide analytics to organizations (e.g., retailers, manufacturers) in aggregated, anonymized form.
  • Improve the app’s functionality and user experience.

Data Retention

We keep personal data only as long as necessary for the purposes outlined:

  • Account data is retained while your account is active. After account deletion, we may retain limited records for legal compliance, fraud prevention, and audit purposes.
  • Scanned bills/receipts are deleted from our systems within 30 days after a confirmed account deletion request. Before deletion, copies can be sent to the email address linked to your account.
  • Security and technical logs are retained for up to 12 months, then deleted or aggregated.
  • Push notification device tokens are retained until logout, explicit unregister, or inactivity cleanup.

GDPR Compliance

DigiWarranty, developed by G SOFT obrt, is designed to align with the General Data Protection Regulation (GDPR) and prepared for EU Digital Product Passport standards:

Data Protection
Personal identifiers are hashed, and data is encrypted at rest and in transit.
Role-Based Access
Organizations (e.g., retailers, distributors) have granular access controls to ensure data segmentation.
Consent Management
Users provide explicit consent for data collection, such as location-based promotions.
Data Portability
You can export your data (e.g., warranties, receipts) in a structured format.

Data Sharing & Subprocessors

We share data only with:

Authorized Organizations
Retailers, manufacturers, or distributors you interact with (e.g., for warranty claims or loyalty points), with strict access controls. Where required, transaction insight may be retained in pseudonymized form (dummy/anonymized user identity) without exposing full personal profile details.
Service Providers/Subprocessors
e.g., SendGrid for email notifications, Cloudflare Turnstile for bot protection, and hosting/ops providers under GDPR-compliant terms.
Legal Authorities
When required by law or to protect our rights.

Current Subprocessors

The following subprocessors may process personal data on our behalf to provide DigiWarranty services:

Google Firebase Cloud Messaging (FCM)
Purpose: push notifications. Data categories: device/app push tokens and notification delivery metadata.
OpenAI
Purpose: AI-assisted bill/receipt data extraction and related processing features. Data categories: scanned bill text/images and extracted structured data.
Anthropic
Purpose: AI-assisted text analysis, categorization, and data-processing tasks where enabled. Data categories: submitted text/content and derived outputs.
DigitalOcean (including S3-compatible object storage)
Purpose: hosting, database, and file storage/CDN delivery. Data categories: account data, application records, uploaded files, and operational logs.
Cloudflare Turnstile
Purpose: bot and abuse protection on public forms. Data categories: request metadata needed for challenge verification.
SendGrid
Purpose: transactional and outreach email delivery where enabled. Data categories: email addresses and email delivery metadata.

Subprocessors may change over time as the service evolves. Material changes will be reflected in this policy.

International Transfers

Data is primarily hosted in the EU/EEA. If we transfer data outside the EEA, we use appropriate safeguards (e.g., Standard Contractual Clauses) and ensure equivalent protection.

Security

We use industry-standard measures to protect your data:

  • Encryption for data at rest and in transit.
  • Role-based access, audit logging, and per-organization/venue secrets with rotation.
  • Secure backend with Laravel, PostgreSQL, RabbitMQ, Kubernetes, and regular security reviews.
  • Webhook ping/test and API token regeneration baked into the product.

Your Rights & Requests

As a user, you have the right to:

  • Access your personal data stored by DigiWarranty.
  • Request corrections to inaccurate data.
  • Request deletion of your data (subject to legal obligations).
  • Withdraw consent for data processing (e.g., promotional notifications).
  • Receive your data in a machine-readable format for portability.

To exercise these rights, contact us at support@gsoft.hr. We will verify your identity and respond within 30 days (or as required by applicable law).

Children

DigiWarranty is not intended for children under the age of 13. We do not knowingly collect personal data from children below this age. If you believe a child has provided data, please contact us to remove it.

Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be highlighted on this page with an updated effective date.

Contact Us

For questions about this Privacy Policy or your data, contact us at:

  • Email: support@gsoft.hr
  • Website: https://gsoft.hr
  • Controller: G SOFT, obrt za usluge, vl. Elid Garazlic
  • Address: Podluka 5, 21320 Baska Voda, Croatia
  • OIB: 62969761760

DigiWarranty is developed by G SOFT obrt, ensuring a secure and user-friendly experience.