Privacy policy

Effective date: May 16, 2025, last Updated: May 16, 2025

1. Introduction

This Privacy Policy explains how Dmitrii Ziuzin ("we," "our," or "us") collects, uses, and protects your personal information when you use the Kasti mobile application ("App") available at kasti.io and related services.

The organization is committed to protecting privacy and ensuring transparency about data practices in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Controller Information

Data Controller:
Dmitrii Ziuzin
Address: 30 Uus, Tallinn, 10111, Estonia
Email: kastiapp@gmail.com
Estonian Tax Residency

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Email address, password, and profile details
  • Estonian Test Dates: Information about your planned Estonian language test dates
  • User Preferences: Language learning preferences, settings, and interests
  • User Content: Any content you create or upload when using the App

3.2 Information We Collect Automatically

  • Usage Data: Information about how you use the App, including features accessed and time spent
  • Device Information: Device type, operating system, unique device identifiers
  • Analytics Data: App performance data and user interaction patterns
  • Log Data: IP address, access times, and technical information

3.3 Information from Third Parties

  • Payment Information: Stripe processes payments; the organization receives confirmation but does not store payment card details

4. How We Use Your Information

4.1 Lawful Basis: Performance of Contract

  • Providing vocabulary learning services for Estonian and other languages
  • Managing your account and providing customer support
  • Processing payments through Stripe
  • Delivering offline and online functionality

4.2 Lawful Basis: Legitimate Interests

  • Improving the App through analytics and usage data analysis
  • Sending push notifications related to your learning progress
  • Developing new features and language offerings

4.3 Lawful Basis: Consent

  • Sending marketing communications (when this feature is introduced)
  • Using your data for purposes beyond core services

5. Data Sharing and Disclosure

The organization does not sell, trade, or rent your personal information to third parties. Information may be shared only in these circumstances:

5.1 Service Providers

  • Stripe: For payment processing (they have their own privacy policy)
  • Analytics Providers: When implemented (anonymized data only)

5.2 Legal Requirements

  • When required by law, regulation, or court order
  • To protect rights, property, or safety
  • In connection with legal proceedings

5.3 Business Transfers

  • In the event of a merger, acquisition, or sale of assets

6. Data Retention

Personal information is retained only as long as necessary to:

  • Provide services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Account information is retained until you delete your account. Usage data may be retained in anonymized form for analytics purposes.

7. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights:

7.1 Right of Access

You can request information about the personal data processed about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data.

7.4 Right to Restrict Processing

You can request limitation of processing your personal data.

7.5 Right to Data Portability

You can request your data in a portable format.

7.6 Right to Object

You can object to processing based on legitimate interests.

7.7 Right to Withdraw Consent

You can withdraw consent for processing at any time.

To exercise these rights, contact kastiapp@gmail.com.

8. Data Security

The organization implements appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and absolute security cannot be guaranteed.

9. International Data Transfers

Personal information may be processed in countries outside the EU/EEA. When data is transferred internationally, appropriate safeguards are in place to protect your information.

10. Children's Privacy

Services are intended for users 18 years and older. The organization does not knowingly collect personal information from children under 18. If such collection occurs, the information will be deleted promptly.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, the relevant supervisory authority will be notified within 72 hours and affected users informed without undue delay.

12. Changes to This Privacy Policy

The Privacy Policy may be updated periodically. Significant changes will be communicated by posting the new policy on the website and within the App. Continued use constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related questions or to exercise your rights, contact:

Email: kastiapp@gmail.com
Address: 30 Uus, Tallinn, 10111, Estonia

14. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Authority if you believe your privacy rights have been violated.


Kasti