Privacy Policy

Legal

Center Glas, Slovenia Last updated: February 2026

1. Overview

This website provides open-source JavaScript tools for accounting, forensics, audit, and e-invoicing. All calculations are performed exclusively locally in your browser. We do not collect personal data, do not store your inputs, and do not transmit any information to servers or cloud services.

Key principles:

• Zero data collection from tool usage
• No user registration required
• No file uploads to servers
• All processing happens in your browser
• Optional analytics only with your explicit consent

Important: This Privacy Policy addresses only data protection matters. For terms governing the use of our tools, disclaimers, and liability limitations, please refer to Terms of Service.

2. Data Controller

Center Glas

Email: kibervarnost@proton.me

3. Data Processing

3.1 No Collection of User Data

Our tools are designed with privacy by default:

• No registration: No user accounts required
• No uploads: All data remains on your device
• No storage: We do not store your calculations or inputs
• No tracking cookies: Except the consent cookie described below
• Client-side only: All tools run entirely in your browser using JavaScript
• Zero retention: We never see or store the data you process

3.2 Google Analytics (Opt-In Only)

We use Google Analytics only with your explicit consent to improve our website.

Legal basis: Article 6(1)(a) GDPR (consent)

Data collected (anonymized):

• Page views and usage statistics
• Anonymized IP addresses (last octet removed)
• Browser type and operating system
• Approximate geographic location (country/region)
• Referral source

Privacy measures implemented:

• IP anonymization enabled (anonymize_ip: true)
• Google Signals disabled (allow_google_signals: false)
• Personalized advertising disabled (allow_ad_personalization_signals: false)
• Ad storage denied by default
• Consent mode API implementation (denial by default)
• Data retention: 14 months (Google Analytics default)
• No data sharing for advertising purposes

Your control:

• You can withdraw consent at any time by clearing your browser’s localStorage
• You can decline or accept via the consent banner
• Install the Google Analytics Opt-out Browser Add-on

Third country transfers: Google Analytics is operated by Google LLC (USA). Data transfer is based on EU Standard Contractual Clauses and additional safeguards. A Data Protection Impact Assessment is available upon request.

Consent cookie:

• Name: localStorage item consentMode
• Purpose: Store your analytics consent preference
• Expiry: Persistent until manually cleared
• Values: ‘granted’ or ‘denied’

3.3 Firebase Hosting & Server Access Logs

This website is hosted on Firebase Hosting (Google LLC/Google Ireland Limited).

Data logged automatically by Firebase:

• IP address
• Timestamp of access
• Requested URL
• HTTP status code
• Browser user agent
• Referrer URL

Legal basis: Article 6(1)(f) GDPR (legitimate interest in IT security and system stability)

Hosting provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Firebase data processing:

• Firebase access logs are retained according to Google’s data retention policies
• Logs are used exclusively for technical purposes (CDN performance, DDoS protection, error detection)
• We are a data processor; Firebase is our sub-processor
• Data processing agreement in place through Firebase Terms of Service
• Data may be processed in Google data centers within the EU and potentially outside the EU under appropriate safeguards

Retention period: Firebase retains logs for a limited time for security and operational purposes. We do not have direct access to or control over these logs beyond Firebase’s standard retention policies.

Purpose:

• Ensuring system security and availability
• Detecting attacks and abuse (DDoS protection)
• Technical error analysis
• CDN performance optimization
• System stability monitoring

No profiling: These logs are used exclusively for technical hosting purposes and are not used to create user profiles or track individual behavior.

Firebase Privacy Policy: firebase.google.com/support/privacy

4. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): Confirmation of what data is processed
• Right to rectification (Art. 16 GDPR): Correction of inaccurate data
• Right to erasure (Art. 17 GDPR): Deletion of your data under certain conditions
• Right to restriction (Art. 18 GDPR): Restriction of processing
• Right to data portability (Art. 20 GDPR): Receive your data in a common format
• Right to object (Art. 21 GDPR): Object to processing
• Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent for Google Analytics at any time

How to Exercise Your Rights

Important: We do not collect, store, or have access to your personal data from tool usage. All data processing occurs locally in your browser.

For data processed by our service providers:

1. Google Analytics data requests:

• Contact Google directly: support.google.com/analytics
• Or contact us and we will forward your request to Google as data processor
• You can also use Google’s data deletion tools: myaccount.google.com

2. Firebase Hosting logs:

• These are system logs processed by Google as our hosting provider
• Contact Google Cloud support: cloud.google.com/support
• Or contact us and we will coordinate with Firebase as data processor

3. Consent withdrawal (Analytics):

• Clear your browser’s localStorage
• The consent banner will reappear and you can decline
• Install Google Analytics Opt-out Browser Add-on

General inquiries: You may contact us at [insert email], but please note that we act as data controller only for the limited processing described in this policy. For data processed by Google (Analytics, Firebase), you may need to contact Google directly or use Google’s privacy tools.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority:

Information Commissioner of the Republic of Slovenia (IP) Dunajska cesta 22, 1000 Ljubljana Website: www.ip-rs.si Email: gp.ip@ip-rs.si

Note: If you have concerns about Google’s data processing practices, you may also contact the Irish Data Protection Commission (Google Ireland’s supervisory authority) at dataprotection.ie.

5. Data Security

We implement appropriate technical and organizational measures:

• HTTPS encryption for all connections
• Regular security updates
• Data minimization (Privacy by Design)
• Access restrictions to server infrastructure
• No centralized data storage
• Client-side processing architecture

6. Third-Party Services

Google Analytics (with consent only): Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland

Privacy Policy: policies.google.com/privacy Opt-out: Browser Add-on

Firebase Hosting (necessary service): Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland

Privacy Policy: firebase.google.com/support/privacy Purpose: Website hosting, CDN, security infrastructure

7. International Data Transfers

Google Analytics: Data may be transferred to the USA. Transfer mechanisms:

• EU Standard Contractual Clauses
• Additional technical and organizational safeguards
• Data Protection Impact Assessment conducted
• IP anonymization and privacy-preserving settings

Firebase Hosting: Google may process hosting data in data centers worldwide, including outside the EU/EEA:

• Transfer mechanisms: EU Standard Contractual Clauses
• Google is certified under the EU-US Data Privacy Framework
• Additional safeguards per Google’s security infrastructure
• Processing primarily occurs in EU data centers when possible

8. Children’s Privacy

This website is not directed at children under 16. We do not knowingly collect data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

9. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or website functionality. The current version is always available on this page. Material changes will be highlighted on our website.

10. Data Protection Officer

Given the minimal data processing and the fact that we does not systematically process personal data on a large scale, we have not appointed a Data Protection Officer as permitted under GDPR Article 37.

For privacy inquiries, contact us at kibervarnost@proton.me.

11. Limitation of Liability

We do not control or have access to:

• Data you process using our tools (remains in your browser)
• Google Analytics data (processed by Google as data processor)
• Firebase Hosting logs (processed by Google as sub-processor)

We are not responsible for:

• Google’s data processing practices (governed by Google’s privacy policies)
• Data breaches at Google’s infrastructure
• Third-party data processing beyond our control
• Any technical issues with Firebase or Google Analytics services

Your recourse: For issues related to Google’s data processing, please contact Google directly or use Google’s privacy tools and complaint mechanisms.

We act in good faith to comply with GDPR and to engage only reputable service providers with adequate data protection measures.

12. Legal Framework

This privacy policy complies with:

• EU General Data Protection Regulation (GDPR) 2016/679
• Slovenian Personal Data Protection Act (ZVOP-2)
• ePrivacy Directive 2002/58/EC

13. Contact

For privacy-related questions or to exercise your rights:

Email: kibervarnost@proton.me

We are committed to promoting gender equality and preventing discrimination. Our Gender Equality Plan (2026–2029) outlines measures, targets, and monitoring mechanisms in line with

privacy-policy