Privacy Policy

Last updated: March 23, 2026

This Privacy Policy describes how Dynomica Ltd. (VAT: 175213159), located at str. Razslatitza 5, Sofia 1000, Bulgaria ("we", "us", "our"), collects, uses and protects personal data when you use the Vedro.ONE platform ("Service").

1. Data Controller

The data controller is Dynomica Ltd. (Диномика ООД), ЕИК: 175213159, address: str. Razslatitza 5, Sofia 1000, Bulgaria. Contact: info@vedro.one.

2. What Data We Collect

2.1 Account Data

When you register we collect your name, email address, phone number and password (stored as a bcrypt hash). If you subscribe to a paid plan we also collect billing information processed through our payment gateway.

2.2 Client & Business Data

As part of the Service you may enter data about your own clients (names, contacts, membership cards, visit history, training records), trainers, products, orders and classes. This data is stored on our servers and is accessible only to you and your authorized staff.

2.3 Automatically Collected Data

We collect IP addresses, browser type, pages visited, timestamps and session data for security and analytics purposes. We use secure session cookies for authentication.

3. How We Use Your Data

  • To provide and operate the Vedro.ONE platform (client management, membership tracking, class scheduling, orders, reports)
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, password reset, payment receipts)
  • To ensure security (rate limiting, CSRF protection, fraud prevention)
  • To improve the Service based on usage patterns

4. Legal Basis (GDPR)

  • Contract performance — processing your account and business data is necessary to deliver the Service you subscribed to
  • Legitimate interest — security, fraud prevention, and service improvement
  • Consent — for optional marketing communications (you can withdraw at any time)
  • Legal obligation — tax and accounting records retention

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Payment processors — to process subscription payments securely
  • Hosting providers — our servers are located in the EU
  • Email service — for transactional emails (SMTP providers)

All third-party processors are bound by data processing agreements compliant with GDPR.

6. Data Retention

Account data is retained while your account is active. After account deletion, we retain minimal records (email, payment history) for up to 5 years for tax and legal compliance. Client and business data you entered is permanently deleted within 30 days of account deletion.

7. Your Rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data via your profile settings
  • Erasure — request account and data deletion
  • Portability — export your data (available via CSV export in the platform)
  • Restriction — limit processing in certain circumstances
  • Object — object to processing based on legitimate interest

To exercise these rights, contact us at info@vedro.one.

8. Data Security

We implement industry-standard security measures including: passwords hashed with bcrypt, CSRF token protection on all forms, rate limiting on login attempts, HTTPS encryption, prepared SQL statements to prevent injection, role-based access control, and secure session management.

9. Cookies

We use only essential cookies: session cookies for authentication and a language preference cookie (stored for 1 year). We do not use tracking or advertising cookies.

10. Children

The Service is not intended for persons under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance.

12. Contact

Dynomica Ltd. (Диномика ООД)
ЕИК/VAT: 175213159
str. Razslatitza 5, Sofia 1000, Bulgaria
Email: info@vedro.one