Cvikio App
FeaturesHow it worksTestimonialsIntegrationsPricingBlogFAQContact
csen
Try the demo

Legal

Privacy Policy

Last updated: 17 Jul 2026

This policy explains what personal data we process in connection with the Cvikio service, for what purpose, for how long, and what rights you have.

01Controller and contact

We provide this information in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).

The controller of service users' personal data is Daniel Hladík, Company ID 22493778, email info@cvikio.cz (the “Provider”). For data protection matters, contact us at that email.

02Dual role – controller and processor

For the personal data of Users (members of the Organization's team), the Provider is the controller.

For the personal data of Clients uploaded to the service by the Organization, the Organization is the controller and the Provider is the processor under Article 28 of the GDPR, processing the data on the Organization's instructions and under a processing agreement.

03Categories of data processed

User data: identification and contact details (name, email, possibly phone) and login credentials; passwords are stored only as a cryptographic hash.

Operational data: records of access and activity in the service, technical data and cookies.

Client data uploaded by the Organization: typically name, contact and labels. The public client program is anonymous – it opens via a code, without a name and without logging in.

04Special categories of data

Exercise programs may relate to a Client's health (indications). This is a special category of data under Article 9 of the GDPR, for which the Organization is the controller and is responsible for an appropriate legal basis, typically the provision of healthcare under Article 9(2)(h) of the GDPR.

The Provider processes such data solely as a processor on the Organization's instructions.

05Purposes and legal bases

Providing the service and performing the contract under Article 6(1)(b) GDPR: setting up and managing the account, providing features and communication.

Legitimate interest under Article 6(1)(f) GDPR: securing the service, preventing misuse, operational records and improving the service.

Compliance with legal obligations under Article 6(1)(c) GDPR: in particular accounting and tax obligations.

Consent under Article 6(1)(a) GDPR where required, for example for non-essential cookies or sending commercial communications; consent can be withdrawn at any time.

06Cookies

We use essential (technical) cookies without consent under Section 89(3) of Act No. 127/2005 Coll., on electronic communications; they are needed for the service to work, for example for login and preferences.

We currently do not use analytics or marketing cookies. If we introduce them, we will ask for your consent first.

07Recipients and processors

Our processors that operate the service may access data to the necessary extent, in particular hosting and database providers (Vercel, Supabase) and email and SMS gateway providers. We have processing agreements with these processors under Article 28 GDPR.

We do not share personal data with third parties for their own marketing.

08Transfers to third countries

Some processors may process data outside the European Economic Area, for example in the USA. In that case the transfer is safeguarded under Article 46 GDPR (standard contractual clauses) or based on an adequacy decision (e.g. the EU‑US Data Privacy Framework).

09Retention

We keep personal data for the term of the contract and account. After it ends, we delete it within a reasonable period, except for data we must keep longer under law (e.g. accounting and tax documents for up to 10 years).

Client data uploaded by the Organization is kept according to the Organization's instructions.

10Security

We have adopted appropriate technical and organizational measures under Article 32 GDPR: separation of each Organization's data at the database level, encryption of sensitive data, storing passwords only as a hash, role-based access control and encrypted transport (TLS).

11Your rights

You have the right to access, rectify or erase your data, to restrict processing, to data portability, to object to processing based on legitimate interest, and to withdraw consent at any time.

Exercise your rights at info@cvikio.cz; we will usually handle them within one month. For Client data, contact the relevant Organization as the controller.

12Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.gov.cz.

13Automated decision-making

We do not carry out automated decision-making or profiling with legal or similarly significant effects on data subjects.

14Changes to this policy

We may update this policy. The current version is always available on this page with the date of the last update.

Cvikio App

A platform for physiotherapy – home-exercise programs for clients via code and QR.

Operator

Cvikio

Built by Daniel Hladik.

Company ID 22493778

Sections

  • Features
  • How it works
  • Testimonials
  • Integrations
  • Pricing
  • Blog
  • FAQ
  • Contact

Contact

info@cvikio.czTry the demo

© 2026 Cvikio App

Terms of ServicePrivacy Policy