Privacy Policy

This Privacy Policy describes how Litto Company ("Litto", "we", "us") handles personal data when you visit a partner landing on need.litto.co or submit the cooperation form. This is a summary; the legally binding version is being finalized with counsel and will replace this page before public launch.

What we collect

• Scan events. When a guest scans a partner QR, we record the partner slug, asset slug, QR code, timestamp, IP-derived country, and a coarse user-agent class (mobile / tablet / desktop / bot). We do not store the full IP address or precise device details.
• Cooperation form. If you submit the partner form, we store the name, business name, email, optional phone, business type, and message you provided.
• Booking attribution. When a booking on litto.co traces back to a partner QR, we receive a webhook with the booking ID, amount, and discount code used. We store this against the partner's commission ledger.

Why we use it

• To render the personalized landing tied to a scanned QR.
• To attribute bookings to the partner who introduced the guest.
• To respond to cooperation requests and onboard new partners.
• To detect abusive automated traffic against the public landing and forms.

Who sees it

Partner-scoped data is visible to the partner staff who own that partner account, and to Litto operations staff with super-admin role. We do not sell or share personal data with third parties for their own marketing purposes.

Retention

Scan events are retained for 24 months in raw form, then aggregated. Cooperation inquiries are retained until you ask us to delete them. Commission ledger rows are retained as long as required for accounting purposes (typically 7 years under Croatian law).

Your rights

Under the GDPR you can request access, correction, or deletion of any personal data we hold about you. Email privacy@litto.co.