0 VACATION – PRIVACY POLICY

This Privacy Policy explains how SHROOM GAMES DEVELOPMENT LTD (“Company”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you use the 0 Vacation platform, including our Telegram Mini App and related web interfaces (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

If you have any questions, you can contact us at: team@0vacation.com.

1. Data Controller

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

SHROOM GAMES DEVELOPMENT LTD

You can contact us at: team@0vacation.com.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data we collect when you:

•access or use the 0 Vacation Telegram Mini App;

•use any related web interfaces or tools;

•interact with our websites or communications;

•contact us for support or other inquiries.

It does not apply to:

•personal data processed independently by Third‑Party Services (such as Telegram, OpenProvider, AI providers, hosting providers or payment providers) under their own privacy policies;

•personal data collected and stored by our users on their own websites and backends (for example, when your customers submit forms on your User Website and the data is stored on third‑party infrastructure such as v0).

3. Data We Collect

3.1 Data from Telegram Mini App

When you use the 0 Vacation Telegram Mini App, we receive certain information from Telegram as allowed by Telegram’s Web Apps platform and subject to Telegram’s own terms and privacy policy. This may include:

•Telegram account data:

•Telegram user ID

•Username

•First name and last name (display name)

•Profile photo URL (if provided by Telegram)

•Language / locale

We use this data primarily to create and maintain your account in the Service, identify you, and personalize the interface.

We may also receive and verify init data and signatures from Telegram to ensure that the requests are legitimate and associated with your Telegram account.

3.2 Usage and technical data

When you use the Service, we may collect certain technical and usage information, such as:

•device and browser information (e.g., browser type, operating system);

•IP address and approximate location (country or city level);

•Telegram user ID associated with the session;

•dates and times of access;

•interactions with the Service (for example, creation of projects, publishing websites, subscription activation).

Part of this data may be processed via third‑party analytics tools such as Google Analytics and Amplitude, which provide aggregated and anonymized statistics on how users interact with the Service.

3.3 Account and project data

Within the Service, we may store limited information about your use of 0 Vacation, including:

•information about your projects and websites created through the Service (e.g., project IDs, names, configuration, URLs);

•your plan type (Free or Pro), subscription status and related settings;

•timestamps of key actions (creation, publication, updates).

We do not intend to store customer form submissions from your websites in our own database. Where your User Websites collect data from your visitors (for example, via forms), such data is expected to be stored on the backend provided by the underlying full‑stack platform (such as v0) or other third‑party services used for your website, and is subject to their own privacy policies.

3.4 Domain registration data

If you choose to register or connect a domain through the Service via a third‑party domain registrar or reseller such as OpenProvider, we will ask you to provide the domain contact details required by the registrar. This may include:

•first name and last name;

•email address;

•country;

•telephone number;

•street, house number, postal code and city.

We collect these details solely to transmit them to the relevant registrar or reseller for the purpose of domain registration and management. We do not intend to store these contact details longer than is necessary to complete the transaction and to support the domain provisioning workflow, and the domain registrar will process and store them under its own terms and privacy policy.

3.5 AI‑related data (prompts and content)

To provide AI‑powered features (for example, generating website structure, text, images or code), we may process:

•the prompts and descriptions you provide (e.g., information about your business, industry, preferences, existing content);

•content from your projects or websites that you choose to send to AI features (e.g., sections of your site used as context);

•technical metadata such as language, approximate location or user ID, as necessary to deliver the feature.

This data may be sent to Third‑Party AI providers (such as OpenAI, Anthropic, Google Gemini, v0 and others) to generate responses.

We do not intend to use your prompts or AI outputs to train our own models beyond what is necessary to provide the Service, and we do not sell such data to third parties. However, AI providers may process this data under their own terms and policies, including for safety, monitoring, or improvement of their services, unless you or we use enterprise settings that limit such use.

3.6 Payment and billing information

Payments for Pro Plans are processed via Third‑Party payment providers such as Telegram Crypto Bot. We do not receive or store your full payment credentials (such as full card numbers or private wallet keys).

We may receive and store limited billing‑related data, such as:

•payment transaction IDs;

•payment status (successful/failed);

•amount, currency, date and time;

•your Telegram user ID and plan details.

We use this information to manage subscriptions, provide support and comply with basic accounting and legal obligations.

3.7 Communications and support

When you contact us (for example, by email or via Telegram), we may collect:

•your contact details (email address, Telegram handle);

•content of your messages and attachments;

•any additional information you choose to provide.

We use this information to respond to your requests and improve our support and the Service.

4. How We Use Personal Data

We use personal data for the following purposes and, where applicable, on the following legal bases:

1. To provide and operate the Service

•creating and maintaining your account and access to the Service;

•enabling you to create, generate, host and manage websites;

•enabling domain registration via third‑party registrars;

•providing AI‑powered features.

Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f)).

2. To process payments and manage subscriptions

•managing your Free or Pro plan;

•handling recurring billing, refunds where required by law, and subscription status;

•maintaining basic accounting records.

Legal basis: performance of a contract, legal obligations and legitimate interests.

3. To ensure security and prevent abuse

•verifying requests via Telegram;

•detecting and preventing fraud, abuse and violations of our Terms of Service;

•protecting the integrity of our infrastructure and the websites we host.

Legal basis: legitimate interests (protecting our Service and other users) and legal obligations.

4. To improve and analyze the Service

•analyzing aggregated and anonymized usage data to understand how the Service is used;

•improving features, performance and user experience.

We primarily use third‑party analytics tools (Google Analytics, Amplitude) in anonymized or aggregated form for these purposes.

Legal basis: legitimate interests (improving our Service).

5. To communicate with you

•responding to your support requests and inquiries;

•sending important service‑related notifications (e.g., changes to plans, technical notices, security alerts);

•sending marketing or promotional communications, where permitted.

For marketing messages, we may rely on your consent (where required) or our legitimate interests and will always provide an option to opt out (for example, by unsubscribing from the bot or following an unsubscribe link).

Legal basis: performance of a contract, legitimate interests, and/or consent.

6. To comply with legal obligations

•complying with applicable laws, regulations and legal processes;

•responding to lawful requests from public authorities, where applicable.

Legal basis: legal obligations (Art. 6(1)(c) GDPR).

5. How We Share Personal Data

We may share personal data with the following categories of recipients, only to the extent necessary for the purposes described above:

1. Service providers and technical partners

We work with trusted providers who help us operate the Service, including:

•infrastructure and hosting providers (e.g., Railway or similar);

•analytics providers (Google Analytics, Amplitude);

•email/communication and support tools;

•AI providers (OpenAI, Anthropic, Google Gemini, v0, and others).

2. Domain registrars and resellers

When you register or manage a domain through the Service, we share the domain contact details you provide with the relevant domain registrar or reseller (such as OpenProvider) to enable registration, renewal and management of your domain.

3. Payment providers

For processing payments, we rely on third‑party payment providers such as Telegram Crypto Bot. We may share limited data necessary to identify your account and subscription and to reconcile transactions.

4. Legal and regulatory authorities

We may disclose personal data where we believe it is necessary to comply with a legal obligation, court order or governmental request, or to protect our rights, property or safety, or the rights, property or safety of others.

5. Business transfers

In connection with a merger, acquisition, restructuring or sale of all or part of our business, personal data may be transferred to the acquiring or successor entity, subject to this Privacy Policy or a similar level of protection.

We do not sell your personal data.

6. International Data Transfers

Because we operate globally and rely on third‑party providers, your personal data may be transferred to and processed in countries other than your country of residence, including countries outside the European Economic Area (EEA) that may have different data protection laws.

Where required by law, we will ensure that appropriate safeguards are in place for such transfers, for example, by relying on standard contractual clauses approved by the European Commission or equivalent mechanisms.

7. Data Retention

We aim to keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, or as required by applicable law. In general:

•Account and basic profile data (Telegram ID, username, locale): kept while your account is active and for a limited period thereafter, where necessary for security, accounting or legal purposes.

•Project and configuration data: kept while your account is active or until you delete the relevant project or website. When you delete a project or your account, we generally remove the associated content and configurations and do not provide recovery, subject to limited technical logs and backups that may be retained for a short period.

•Domain contact data: collected and transmitted to the domain registrar and not intended to be stored long‑term in our systems beyond what is necessary to complete the registration and support the domain workflow.

•Billing and transaction data: may be stored for up to one (1) year or longer where required by applicable accounting, tax or legal obligations.

•Technical logs and security data: may be retained for a limited period (for example, several months) to ensure security, troubleshoot issues and prevent abuse.

•Aggregated or anonymized data: information that no longer identifies you (for example, aggregated statistics) may be retained for longer for analytics and business purposes.

We may adjust specific retention periods if required by applicable law or to establish, exercise or defend legal claims.

8. Your Rights

Depending on your location and applicable law (for example, if you are in the EU/EEA under GDPR), you may have some or all of the following rights regarding your personal data:

•Right of access: to obtain confirmation as to whether we process your personal data and access to such data.

•Right to rectification: to request correction of inaccurate or incomplete personal data.

•Right to erasure: to request deletion of your personal data, in certain circumstances (for example, when it is no longer necessary for the purposes for which it was collected).

•Right to restriction of processing: to request restriction of processing in certain situations.

•Right to data portability: to receive your personal data in a structured, commonly used and machine‑readable format, and to transmit it to another controller, where technically feasible.

•Right to object: to object to processing based on our legitimate interests, including profiling, in certain circumstances.

•Right to withdraw consent: where processing is based on your consent (for example, for certain marketing communications), you may withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

You can exercise your rights by contacting us at team@0vacation.com. We may ask you for additional information to verify your identity before responding to your request.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement.

9. Your Responsibilities as a Site Owner

When you use the Service to create and publish your own websites, you may become an independent data controller with respect to personal data collected from visitors to your User Websites (for example, through forms or analytics you integrate).

It is your responsibility to:

•provide your own privacy notices to your visitors and comply with applicable data protection laws;

•ensure that any third‑party tools or services you integrate on your User Website (such as analytics, forms, chat widgets) comply with applicable laws and have appropriate privacy measures;

•avoid sending sensitive personal data in free‑text prompts or content fields that are processed by AI or third‑party services unless strictly necessary and lawful.

10. Security

We implement reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the security of your Telegram account and for restricting access to your devices, and you should immediately notify us of any suspected unauthorized use of the Service or your account.

11. Children

The Service is not intended for use by persons under the age of 18, and we do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and may provide additional notice within the Service.

Your continued use of the Service after the updated Privacy Policy becomes effective will indicate your acceptance of the changes.

13. Contact

If you have any questions, concerns or requests regarding this Privacy Policy or our processing of your personal data, please contact us at:

Email: team@0vacation.com