Introduction
Micro Devs L.L.C. ("we", "us", or "our") operates the DataLogu platform ("Service"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
This policy complies with the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and applicable data protection laws in the Republic of Kosovo.
Data Controller
The data controller responsible for your personal data is:
Micro Devs L.L.C.
Republic of Kosovo
For any questions regarding this Privacy Policy or our data practices, please contact us through our Contact page.
Information We Collect
Information You Provide Directly
When you create an account, purchase a subscription, or use our services, we may collect:
- Account Information — Name, email address, and password (stored in encrypted form)
- Export Requests — Email address for CSV delivery
- Payment Information — Processed securely by Paysera; we do not store your credit card or bank account details
- Communications — Messages you send through our contact forms or customer support channels
- Subscription Data — Plan type, billing period, subscription status, and usage history
Information Collected Automatically
When you access our Service, we automatically collect:
- Usage Data — Pages visited, features used, search queries, filters applied, and export requests made
- Device Information — IP address, browser type and version, operating system, and device identifiers
- Cookies and Similar Technologies — Session cookies, preference cookies (language, theme), and performance cookies
- Log Data — Access times, error logs, and referring URLs
- API Usage Data — API key usage, request counts, endpoints accessed, and rate limit information (for API users)
Business Registry Data
The business registry information displayed on our Service consists of publicly available data obtained from official government sources in the Republic of Kosovo. We are not the original data controller for this business information.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Performance of a Contract (Art. 6(1)(b)) — To provide services you have requested, manage your account, process subscriptions, and deliver exports
- Legitimate Interests (Art. 6(1)(f)) — To improve our Service, prevent fraud, ensure security, and perform analytics
- Legal Obligation (Art. 6(1)(c)) — To comply with applicable laws, regulations, and legal processes
- Consent (Art. 6(1)(a)) — For optional cookies and newsletter subscriptions; you may withdraw consent at any time
How We Use Your Information
We use your personal data for the following purposes:
- Service Delivery — Creating and managing your account, processing export requests, delivering CSV files, and managing subscriptions
- Payment Processing — Handling transactions through Paysera for one-time purchases and subscription payments
- Communication — Responding to inquiries, sending export delivery emails, subscription confirmations, and renewal reminders
- API Services — Managing API key generation, monitoring API usage, and enforcing rate limits
- Business Alerts — Sending notifications about changes to businesses you have chosen to monitor
- Security — Detecting and preventing fraud, abuse, bot behavior, and unauthorized access
- Service Improvement — Analyzing usage patterns to improve features and user experience
- Legal Compliance — Complying with legal obligations and enforcing our Terms of Service
Data Sharing and Disclosure
We do not sell your personal data. We may share your information only with the following:
- Paysera (Payment Processor) — Processes payments on our behalf under a data processing agreement. See Paysera's Privacy Policy.
- Email Service Providers — To deliver export files, transactional emails, and subscription notifications
- Hosting & Infrastructure Providers — Server hosting, content delivery, and security services under data processing agreements
- Legal Authorities — When required by law, regulation, legal process, or governmental request
All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.
Cookies and Tracking Technologies
We use cookies and similar technologies for the following purposes:
- Strictly Necessary Cookies — Required for authentication, session management, and security (CSRF protection). These cannot be disabled.
- Preference Cookies — Store your language preference and theme selection (light/dark mode).
- Performance Cookies — Help us analyze how the Service is used so we can improve it.
You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling strictly necessary cookies may prevent the Service from functioning properly.
Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
- Right of Access (Art. 15) — Request a copy of your personal data. You can download your data directly from your profile settings.
- Right to Rectification (Art. 16) — Correct inaccurate or incomplete personal data.
- Right to Erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten"). You can delete your account from your profile settings.
- Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
- Right to Restrict Processing (Art. 18) — Limit how we process your data in certain circumstances.
- Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent (Art. 7(3)) — Where processing is based on consent, withdraw it at any time.
To exercise these rights, contact us through our Contact page. We will respond within 30 days as required by GDPR. If you believe we have not addressed your concerns, you have the right to lodge a complaint with the Information and Privacy Agency of Kosovo or your local data protection authority.
Data Retention
We retain your personal data for as long as necessary to provide our services, comply with legal obligations, and resolve disputes. When you delete your account, we remove your personal data within 30 days, except where retention is required by law. Payment transaction records may be retained longer to comply with financial reporting obligations.
Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit using HTTPS/TLS
- Encrypted password storage using bcrypt hashing
- Regular security audits and software updates
- Access controls, authentication, and authorization mechanisms
- Rate limiting and automated bot detection
- Secure API key management
Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach as required by law.
International Data Transfers
Your data may be transferred to and processed in countries outside Kosovo or the European Economic Area. When such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or other legally recognized transfer mechanisms.
Children's Privacy
Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will promptly delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
For questions about this Privacy Policy or to exercise your data protection rights, please contact us through our Contact page.