1. Definitions

1.1 Carwalo is a mobile application that provides informational services to help Users locate the nearest touchless car washes (the "Application").

1.2 A User is any natural or legal person who uses the Application (the "User").

1.3 The operator of the Application and provider of the Services is Aurowl Studio s.r.o., located at Beňadická 3007/13, 851 06 Bratislava – Petržalka, Company ID (IČO): 57 097 968, registered with the Commercial Register of the Bratislava III District Court, section Sro, insert no. 190179/B, VAT ID: SK2122572474, contact e-mail: contact@carwalo.com (the "Controller").

1.4 The Privacy Policy is the set of rules and conditions that define how and for what purpose the Controller may collect, use, and retain personal data in accordance with the laws applicable in the Slovak Republic (the "Policy").

2. Scope of processed personal data and purposes

2.1. Data provided during registration

1. Purpose: Creation and management of the User's account, enabling access to features such as favorites and car wash reviews.

2. Processed data:

   • Regular user: name, email address.

   • Car wash owner: name, email address, company name, phone number.

3. Legal basis: Performance of a contract (providing Services according to the Terms of Service).

2.2. Location data

1. Purpose: Determining the User's current location to display nearby car washes, present them on a map, and provide a relevant weather forecast.

2. Processed data: Geographic coordinates (latitude and longitude).

3. Important notice: For the core functionality of the Application, these data may be transmitted to the Controller's backend (Supabase) and to the subprocessors listed in section 3.1, to the extent necessary to load nearby car washes, display the map, and provide the weather forecast. The data may also remain temporarily cached on the User's device for smoother operation of the Application.

4. Legal basis: Performance of a contract (providing the basic functionality of the Application).

2.3. Notification and device data

1. Purpose: Sending optional push notifications, in particular weather alerts relevant to the User's area, maintaining the notification token, and localizing notification content.

2. Processed data: Push token (FCM token), internally generated device installation identifier, platform, locale, time zone, and, where available, the current geographic coordinates used for weather alerts.

3. Important notice: These data are stored in the Controller's backend (Supabase) in order to deliver and manage notifications. If the User does not grant notification permission, push notifications are not sent. If the User does not grant location permission, weather alerts may be unavailable or less relevant.

4. Legal basis: Consent granted by the User for receiving push notifications and, where applicable, for sharing location data needed for weather alerts.

2.4. Communication data

1. Purpose: Sending service emails such as registration confirmation, information about changes to the terms, or responses to User inquiries.

2. Processed data: Email address.

3. Legal basis: Legitimate interest (keeping the User informed about important facts related to their account and the Services).

2.5. Data processed for advertising purposes

1. Purpose: To offer the Application for free, ads are displayed. With the User's consent, data are used to show personalized ads that are more relevant to the User. These data are used for the following purposes:

   • Storing and accessing information on the User's device (e.g., cookies and device identifiers).

   • Selecting and displaying personalized ads and content based on the User's interests and profile.

   • Measuring ad and content performance to understand how the User interacts with them.

   • Collecting statistics about target groups and improving the Controller's services and systems.

   • Ensuring security, preventing fraud, and correcting errors.

2. Processed data:

   • Device identifiers (e.g., advertising ID), IP address, browser and operating system information.

   • Data about the User's activity in the Application (e.g., viewed content, interactions).

   • Imprecise location data.

   • With explicit consent, precise geographic location data (with accuracy below 500 meters) to show ads relevant to the User's area.

3. Legal basis: Consent granted by the User in accordance with Article 6(1)(a) GDPR. Consent is requested via an informational banner before ads are shown for the first time.

4. Important notice: Users with an active "Carwalo Premium" subscription (monthly or yearly) are not shown any advertisements. Consequently, the data processing described in this section 2.5 does not apply to them for the duration of the active subscription.

2.6. Photo anonymization processing

1. Purpose: Before car wash photos uploaded by Owners are published in the Application and made visible to all Users, the Controller applies an automated anonymization process. This process detects and blurs any visible human faces and vehicle license plates appearing in the photos, in order to protect the privacy of individuals who may be identifiable from such images and to comply with applicable data protection law.

2. How it works: Each uploaded photo is processed through a pipeline of third-party artificial intelligence services (see section 3.1 for the list of subprocessors). The photo is first assessed by an AI pre-screening service (Google Gemini) to determine whether it contains any faces or license plates. If faces are detected as potentially present, the photo is submitted to a facial detection service (AWS Rekognition). If license plates are detected as potentially present, the photo is submitted to a license plate recognition service (PlateRecognizer). The coordinates of detected regions are used solely to apply a blur effect. No face recognition, identity matching, or biometric profiling is performed at any point. The original unblurred photo is not retained after the anonymization process is complete; only the anonymized version is stored and published.

3. Processed data: The photo image file is transmitted to the AI subprocessors listed in section 3.1 for the sole purpose of detecting the location of faces and license plates within the image. The subprocessors do not store the images beyond the duration of the individual API request. No personal data extracted from the images (such as face embeddings, plate numbers, or individual identifiers) is stored by the Controller or its subprocessors beyond the processing operation.

4. Legal basis: Legitimate interest of the Controller and of third parties (Article 6(1)(f) GDPR). The Controller has a legitimate interest in ensuring that photos published in the Application do not expose identifiable individuals or vehicle registration data without their consent. This interest is balanced against and does not override the fundamental rights of the data subjects, as the processing is strictly limited to blurring and no identifying data is retained.

3. Data sharing and third parties

3.1. Personal data are not shared with third parties for marketing purposes without the User's consent. To ensure the Application works, the Controller nevertheless uses the following subprocessors:

1. Supabase, Inc.: Provides backend infrastructure (database, authentication). Stores data needed to run User accounts.

2. Mapbox, Inc.: Provides map layers. Processes location data.

3. OpenWeatherMap: Provides weather forecasts. Processes location data to deliver relevant forecasts.

4. Google (AdMob): Advertising network; with the User's consent, it collects and processes technical data for personalized ads.

5. Cloudinary, Inc.: Provides image hosting and transformation. Stores and serves anonymized car wash photos uploaded by Owners.

6. Google (Firebase Cloud Messaging): Push notification delivery service. Processes push tokens and technical delivery metadata required for sending notifications.

7. Google (Firebase Crashlytics): Collects crash reports and diagnostic data (device model, OS version, stack traces) to help the Controller identify and fix application errors. No personal data beyond technical device identifiers are collected.

8. Brevo: Email service provider for transactional emails (processes names and email addresses).

9. Google LLC (Google Play) and Apple Inc. (App Store): Payment processors for the optional "Carwalo Premium" subscription. They handle all billing and payment data exclusively under their own terms of service and privacy policies. The Controller does not process or store any payment card data; subscription status is received through RevenueCat (see item 10 below).

10. RevenueCat, Inc.: Subscription management platform used to validate purchase receipts issued by Google Play and the App Store, track subscription status, and manage the subscription lifecycle for the "Carwalo Premium" subscription. Processes an anonymised User identifier and subscription metadata (plan type, status, purchase date, and expiration date). Does not process payment card data. Data is processed in accordance with RevenueCat's privacy policy.

11. Google LLC (Gemini API): AI pre-screening service used exclusively during photo anonymization processing. Receives a reduced-resolution version of the uploaded photo to determine whether faces or license plates are likely present, before more detailed detection is performed. The image is not stored by Google beyond the duration of the API request and is not used for model training without separate agreement.

12. Amazon Web Services, Inc. (AWS Rekognition): Facial detection service used exclusively during photo anonymization processing. Receives a reduced-resolution version of the uploaded photo and returns the pixel coordinates of any detected faces. No biometric data, face embeddings, or identity information is stored. The image is processed in the AWS eu-central-1 (Frankfurt) region.

13. PlateRecognizer (Sighthound, Inc.): License plate detection service used exclusively during photo anonymization processing. Receives a reduced-resolution version of the uploaded photo and returns the pixel coordinates of any detected license plates. The detected plate number strings and image data are not retained by the Controller beyond the anonymization operation.

3.2. The Controller has contracts with these partners that obligate them to protect the User's data according to applicable law and the GDPR.

4. Data retention period

4.1. Personal data of the User (registration and communication data) are retained for as long as the account exists. The User may delete their profile and account-associated stored data themselves at any time directly in the Application settings. After account deletion, the associated personal data are permanently removed. 4.2. Data collected for advertising purposes are stored according to the User's consent settings and the rules of the advertising partners. Consent can be revoked at any time. 4.3. Car wash photos are retained in their anonymized form for as long as the Owner's account is active and the photo remains published. The original unblurred version of any photo is not retained after the anonymization process is complete.

5. User rights (data subject rights)

5.1. Under the GDPR, the User has the following rights:

1. Right of access: obtain confirmation about data processing and access to the data.

2. Right to rectification: correct inaccurate or incomplete data.

3. Right to erasure ("right to be forgotten"): request deletion of personal data.

4. Right to restriction of processing: request limitation under certain conditions.

5. Right to data portability: receive personal data in a structured format.

6. Right to object to processing based on legitimate interest.

7. Right to withdraw consent: if processing is based on consent, it can be withdrawn at any time.

8. Right to lodge a complaint with the supervisory authority (Office for Personal Data Protection of the Slovak Republic).

5.2. The User may exercise these rights by sending a request to the Controller's email address. The right to erasure may also be exercised directly by the User in the Application settings via the self-service account deletion function.

5.3. If an individual believes their face or vehicle appears in a car wash photo published in the Application and objects to its inclusion even in anonymized form, they may contact the Controller at contact@carwalo.com to request removal of the relevant photo.

6. Data security

6.1. The Controller has implemented appropriate technical and organizational measures to protect the User's personal data against loss, misuse, or unauthorized access. It uses services from reputable providers with high security standards.

7. Contact information

7.1. For questions about data protection, the Controller can be contacted at contact@carwalo.com.