Privacy Policy

PRIVACY POLICY FOR THE TLOFY APPLICATION

Effective Date: 1.5.2026
Provider: Xtreme solutions d.o.o., Marezige 20, 6273 Marezige, Slovenia
Contact Email: info@tlofy.com

1. Introduction
This Privacy Policy explains how Xtreme solutions d.o.o. (hereinafter: the Provider) collects, uses, and protects personal data of users of the Tlofy application (hereinafter: the Application).
By using the Application, you agree to the processing of your personal data as described in this Privacy Policy.

2. Data Controller and Roles
The Provider acts as:

Subscribers act as independent data controllers for data related to their services and interactions with users.
3. Personal Data We Collect
a) Data provided by the user:

b) Data collected via third-party login:
When you sign in using Google Sign-In, we may receive:

c) Automatically collected data:

d) Analytics data:
We use Google Analytics to collect:

4. Purpose of Data Processing
We process personal data for the following purposes:

5. Legal Basis for Processing (GDPR)
We process personal data based on:

6. Data Sharing
Personal data may be shared with:

All partners are bound by confidentiality and data protection obligations.
We do not sell personal data.
7. Data Transfers
Some of our service providers (such as Google LLC) may process data outside the European Economic Area (EEA).
In such cases, we ensure appropriate safeguards, including:

8. Data Retention
We retain personal data only as long as necessary:

Analytics data may be retained in aggregated or anonymized form.

9. Data Security
We implement appropriate technical and organizational measures, including:

However, no system can guarantee absolute security.

10. User Responsibilities
Users are responsible for:

The Provider is not responsible for misuse of data caused by users.

11. User Rights (GDPR)
You have the right to:

Requests can be sent to: info@tlofy.com

12. Cookies and Tracking
The Application may use cookies or similar technologies for:

Where required, we will request your consent before using non-essential cookies.

13. Data Breach Notification
In case of a data breach, the Provider will notify affected users and authorities without undue delay, in accordance with GDPR.

14. Third-Party Content
The Application may include content provided by Subscribers or other users.
The Provider does not control such content and is not responsible for their data processing practices.

15. Changes to This Policy
The Provider may update this Privacy Policy.
Continued use of the Application constitutes acceptance of changes.

16. Contact
Xtreme solutions d.o.o.
Marezige 20
6273 Marezige
Slovenia

Email: info@tlofy.com

Privacy Policy

Data Controller for user account data and technical data

Data Processor where processing is carried out on behalf of Subscribers (accommodation providers)

Subscribers act as independent data controllers for data related to their services and interactions with users. 3. Personal Data We Collect a) Data provided by the user:

Name and surname

Email address

Phone number (if provided)

User-generated content (recommendations, comments, images)

b) Data collected via third-party login: When you sign in using Google Sign-In, we may receive:

Name

Email address

Profile information (as permitted by your Google account settings)

c) Automatically collected data:

IP address

Access time

Device and browser information

Usage data (interactions within the Application)

d) Analytics data: We use Google Analytics to collect:

User behavior data

Session duration

Pages/screens viewed

Interaction patterns

4. Purpose of Data Processing We process personal data for the following purposes:

Providing and operating the Application

Creating and managing user accounts

Enabling login via third-party providers

Enabling content sharing and recommendations

Improving user experience and functionality

Analytics and performance monitoring

Ensuring security and preventing misuse

Complying with legal obligations

5. Legal Basis for Processing (GDPR) We process personal data based on:

Performance of a contract (use of the Application)

Legitimate interest (security, analytics, improvements)

Legal obligations

User consent (for analytics and cookies, where applicable)

6. Data Sharing Personal data may be shared with:

Hosting providers

IT and technical service providers

Analytics providers (e.g. Google Analytics)

Authentication providers (e.g. Google Sign-In)

All partners are bound by confidentiality and data protection obligations. We do not sell personal data. 7. Data Transfers Some of our service providers (such as Google LLC) may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards, including:

Standard Contractual Clauses (SCCs)

Compliance with GDPR requirements

8. Data Retention We retain personal data only as long as necessary:

For the duration of the user account

As required by law

Until deletion is requested

Analytics data may be retained in aggregated or anonymized form. 9. Data Security We implement appropriate technical and organizational measures, including:

SSL/TLS encryption

Access control

Data backups

Logging and monitoring

Confidentiality obligations

However, no system can guarantee absolute security. 10. User Responsibilities Users are responsible for:

Accuracy of provided data

Content they publish

Data they voluntarily share publicly

The Provider is not responsible for misuse of data caused by users. 11. User Rights (GDPR) You have the right to:

Access your personal data

Request correction

Request deletion (“right to be forgotten”)

Restrict processing

Data portability

Object to processing

Withdraw consent (including for analytics)

Requests can be sent to: info@tlofy.com 12. Cookies and Tracking The Application may use cookies or similar technologies for:

Authentication

Analytics (via Google Analytics)

Improving user experience

​

Subscribers act as independent data controllers for data related to their services and interactions with users.
3. Personal Data We Collect
a) Data provided by the user:

b) Data collected via third-party login:
When you sign in using Google Sign-In, we may receive:

d) Analytics data:
We use Google Analytics to collect:

4. Purpose of Data Processing
We process personal data for the following purposes:

5. Legal Basis for Processing (GDPR)
We process personal data based on:

6. Data Sharing
Personal data may be shared with:

All partners are bound by confidentiality and data protection obligations.
We do not sell personal data.
7. Data Transfers
Some of our service providers (such as Google LLC) may process data outside the European Economic Area (EEA).
In such cases, we ensure appropriate safeguards, including:

8. Data Retention
We retain personal data only as long as necessary:

Analytics data may be retained in aggregated or anonymized form.

9. Data Security
We implement appropriate technical and organizational measures, including:

However, no system can guarantee absolute security.

10. User Responsibilities
Users are responsible for:

The Provider is not responsible for misuse of data caused by users.

11. User Rights (GDPR)
You have the right to:

Requests can be sent to: info@tlofy.com

12. Cookies and Tracking
The Application may use cookies or similar technologies for: