Transparent


Data policy

Data policy

We take care of your personal data

At Guide4Varna, we believe that the less personal data users are required to share, the more secure the system becomes. That’s why we only ask for your email address and a selfie—anything else is optional. If you choose to share additional data (such as a nickname or phone number), it is encrypted on our servers and cannot be accessed by unauthorized parties.

We fully comply with the EU's GDPR regulations and, in some cases, go beyond them. We never sell your behavioral data.

Key Principles of Our Data Security Policy

Minimal Data Collection

Guide4Varna is designed to work with minimal personal information—not even names are required. The system uses:

  • A unique device address
  • A selfie
  • An email address

If a country requires more information, we configure the system accordingly.

Data Encryption

All personal data stored in our system is fully encrypted and only accessible via the application. Even in the unlikely event of a data breach, the information would be unreadable.

No Location Tracking

Guide4Varna might use your location (latitude and longitude) only in real time to help you find nearby businesses. This data is not stored or tracked.

No Third-Party Sharing

We earn revenue from the services we offer—not your data. Personal data is never shared or sold to third parties, except when legally required by national authorities.

Employee Data

To enable all features, business owners may store information about employees (e.g. name, phone number, address, bank details). This data:

  • Is encrypted
  • Can be viewed and updated by both the employee and business owner
  • Can be deleted by the employee at any time

Policies & Definitions

Service: Refers to the Guide4Varna web and mobile applications.

Usage Data: We collect interaction data only to improve system performance—never for sale or external use.

Cookies & Local Data: We do not store any personal data locally on your computer or mobile device.

Business Owner Responsibility: Business owners, as data processors, are responsible for ensuring their staff data is accurate. Guide4Varna securely stores this data as the data controller.


Required Data Fields: To function, the system uses

  • Email address
  • Nickname (optional)
  • Selfie



Legal Compliance & Data Sharing: We only share data with authorities under the following conditions:

  • To comply with local laws
  • To assist with legal investigations
  • To protect public interest or Guide4Varna’s legal rights

We never profit from such transfers, and your consent to this privacy policy covers any required data sharing with authorities under lawful conditions. We ensure all transfers meet strict security standards.


GDPR Compliance: If you're in the European Economic Area (EEA), our legal basis for processing personal data depends on

  • The type of data collected
  • The purpose and legal necessity of collection

We retain your data only as long as necessary to:

  • Fulfill our legal obligations
  • Resolve disputes
  • Enforce agreements

Technical Security Measures

Communication

  • All communication uses HTTPS encrypted lines
  • SHA-256 encryption is used in API headers to ensure message authenticity
  • Communication is allowed only between verified user devices and our servers

Server Security

  • Data is stored in an encrypted PostgreSQL database
  • Our web service is built with Django and configured with security modules like CORS headers to prevent unauthorized session access

While no system can guarantee 100% protection, Guide4Varna takes all reasonable and robust measures to keep your data safe.