Nesylab builds digital apps — from idea to product ("Nesylab", "we"). We take privacy seriously: we collect only what the site needs to work — no ads, no trackers, no third-party analytics.

This policy follows the General Data Protection Regulation (GDPR) and the applicable Slovenian legislation (ZVOP-2, ZEKom-2).

Controller

The controller of personal data is Nesylab, the website nesylab.com. Contact for all privacy questions and for exercising your rights: info@nesylab.com. No Data Protection Officer (DPO) has been appointed, as the scale and nature of processing do not legally require one.

What data we process

Account (only if you sign in). Sign-in works exclusively through Google or GitHub (OAuth) — no passwords exist on our side. When you sign in, we receive and store from the provider: your e-mail address, name, profile picture URL and a technical account identifier. We add a user role (e.g. user/admin) to this data.

Preferences (all visitors). Your language choice is stored in a cookie; your theme choice and sidebar state live in your browser's local storage. This data does not leave your device and cannot identify you.

Technical logs. Our host (Cloudflare) logs the usual technical data for requests (IP address, time, requested URL) for network operation and security.

Purposes and legal bases

We do not sell your data, we do not use it for advertising or profiling, and we do not process it for any purposes other than those listed.

Processors and transfers to third countries

We rely on the following processors to run the site:

• Supabase (authentication and database) — account data is stored on servers in the EU (Frankfurt, Germany).
• Cloudflare (site hosting) — a global edge network; parts of technical processing may also take place outside the EU/EEA, primarily in the USA.
• Google / GitHub — as sign-in providers they process data under their own privacy policies; they receive nothing from us beyond the standard sign-in flow.

Where processing takes place in the USA, the transfer is safeguarded under the EU-US Data Privacy Framework, of which Cloudflare, Google and Microsoft (GitHub) are certified members, or by Standard Contractual Clauses (SCC).

Cookies and local storage

• nesylab.locale — cookie with your language choice (retention: 1 year).
• nesylab.theme, nesylab.sidebar — local storage with your theme choice and menu state (stays in your browser).
• Supabase session — local storage with your sign-in session (signed-in users only).

All of the above are strictly necessary or store a choice you made yourself, so under the applicable e-privacy rules (ZEKom-2) no consent is required. There are no analytics, advertising or tracking cookies — which is also why there is no cookie banner. :)

Retention and deletion

We keep account data for as long as the account exists. We delete the account and all related data on your request — write to us and we will carry out the deletion without undue delay. The host's technical logs are deleted automatically after a short period defined by the host's policy.

Automated decision-making

We do not carry out automated decision-making or profiling that would produce legal or similarly significant effects on you.

Your rights

Under the GDPR you have the right of access, rectification, erasure, restriction of processing, data portability and objection. You can exercise these via info@nesylab.com; we respond free of charge and within one month at the latest.

If you believe we process your data unlawfully, you can lodge a complaint with a supervisory authority. In Slovenia this is the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si, website: ip-rs.si.

Changes to this policy

When we introduce new features (e.g. payments), we will update this policy and mark the change with the date at the top of the page.