Privacy Policy

Last updated: April 20, 2026

1. Introduction

This Privacy Policy outlines the principles of processing and protecting personal data of users of the GrowKido platform (hereinafter referred to as "the Platform"). GrowKido is an aggregator of information about extracurricular activities for children in Poland, collecting and presenting publicly available data from the Internet. We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).

1a. Source of Activity Data

Information about extracurricular activities (facility names, activity descriptions, locations, organizer contact details) presented on the Platform comes from publicly available internet sources and direct submissions from organizers. GrowKido operates on the basis of legitimate interest (Art. 6(1)(f) GDPR) consisting of aggregating and providing publicly available information to help parents search for activities for their children. If you are an organizer and wish to update, supplement, or remove information about your facility, please contact us.

2. Data Controller

The controller of your personal data is a natural person running a sole proprietorship under the name GrowKido:

Full name: Kamil Dobek

Tax ID (NIP): 8513339937

City: Szczecin, Poland

Contact email: [email protected]

Full correspondence address (as registered in the Polish CEIDG registry) is available upon request via the email above. Once a legal entity is incorporated, the controller details will be updated - current details are always available in this section.

3. What Data We Collect

We collect the following categories of personal data:

Account data (if you register)

  • Name and surname
  • Email address
  • Information from Auth0 profile (authentication provider)

Platform usage data

  • Search history and viewed activities
  • User preferences
  • Content interactions (clicks, saved activities)

Technical data

  • IP address
  • Browser and device type
  • Cookie and similar technology data

4. Purposes of Data Processing

  • Providing Platform services (searching and browsing activities)
  • Creating and managing user accounts (when you register via Auth0)
  • Personalizing content and recommendations
  • Visit statistics analysis (Umami - cookieless analytics; optionally Google Analytics and Hotjar, only after your consent)

5. Legal Basis for Processing

  • User consent (Art. 6(1)(a) GDPR) - for marketing and analytics purposes
  • Contract performance (Art. 6(1)(b) GDPR) - provision of Platform services
  • Legitimate interest (Art. 6(1)(f) GDPR) - aggregating publicly available information, security, analysis and service improvement, presenting publicly available organizer contact details for informational purposes
  • Legal obligation (Art. 6(1)(c) GDPR) - e.g., storing accounting data

6. Sharing Personal Data

Your data may be shared with the following trusted third parties:

Auth0 (Okta)

Authentication and user identity management service. Auth0 processes login data in compliance with GDPR and holds security certifications (SOC 2, ISO 27001).

Auth0 Privacy Policy: https://auth0.com/privacy

Umami

Self-hosted analytics tool. Umami does not use cookies and neither writes to nor reads from your device (no localStorage, no sessionStorage), placing it outside the scope of Art. 398 of the Polish Electronic Communications Act; consent is therefore not required. It only collects aggregated statistics (visit count, country, device type).

Google Analytics

Optional analytics tool (loaded only after your consent to analytics). We use Google Analytics with IP anonymization in compliance with GDPR.

Google Privacy Policy: https://policies.google.com/privacy

Hotjar

Optional user behavior analytics - session recordings and heatmaps (loaded only after your consent to analytics). Hotjar anonymizes IP addresses and masks sensitive data in recordings.

Hotjar Privacy Policy: https://www.hotjar.com/legal/policies/privacy/

7. Data Retention Period

  • Account data - until account deletion by user or 3 years from last login
  • Transaction data - for the period required by tax law (5 years)
  • Analytics data - maximum 26 months (Google Analytics)

8. Your Rights

Under GDPR, you have the following rights:

  • Right of access - you can obtain a copy of your personal data
  • Right to rectification - you can correct inaccurate data
  • Right to erasure ("right to be forgotten") - you can request data deletion
  • Right to restrict processing - you can limit how data is processed
  • Right to data portability - you can receive data in a transferable format
  • Right to object - you can object to data processing
  • Right to lodge a complaint - you can file a complaint with the supervisory authority

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or destruction. This includes HTTPS encryption, secure password storage, regular security audits, and restricted access to personal data only for authorized employees.

10. Children's Data

Our Platform is intended for parents and guardians. We do not knowingly collect personal data from children under 16 years of age without parental or guardian consent. If you learn that your child has provided us with personal data without your consent, please contact us.

11. Changes to Privacy Policy

We may periodically update this Privacy Policy. We will notify you of significant changes via email or Platform notification. The date of the last update is visible at the top of the document.

12. Contact

For questions regarding this Privacy Policy or your rights, contact us:

Email: [email protected]

Privacy Policy | GrowKido