Sakaloz ("we", "our", or "us") operates the Sakaloz mobile application and the website at sakaloz.com. We are a student discount platform based in Portugal that connects verified students with local businesses offering exclusive discounts.
For the purposes of the General Data Protection Regulation (GDPR) and Portuguese data protection law (Lei n.º 58/2019), Sakaloz acts as the Data Controller for the personal data you provide when using our services.
Contact: For any privacy-related questions or requests, you can reach us at sakaloz.hello@gmail.com or at our general address: sakaloz.hello@gmail.com.
We only collect data that is necessary to provide you with our services. Below is a summary of what we collect and why.
| Data | Purpose | Required |
|---|---|---|
| Full name | Display in profile and QR code | Yes |
| Email address | Account login and communications | Yes |
| Phone number | Optional profile field | No |
| Password (hashed) | Account security — never stored in plain text | Yes |
| Data | Purpose | Required |
|---|---|---|
| Student ID photo | Verify student status — reviewed by our team and then deleted | Yes (for full access) |
| University name | Displayed on profile | No |
| Verification status | Determine access level (verified / pending / rejected) | System record |
We use Stripe to process payments. We do not store your card number, CVV, or bank details on our servers. Stripe handles all payment data under their own privacy policy and PCI-DSS compliance. We only store your Stripe Customer ID and subscription status.
We use your personal data strictly for the following purposes:
We do not sell your data. We do not use your personal data for advertising, profiling, or any purpose other than those listed above. We do not share your data with third parties for their own marketing purposes.
Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:
| Processing Activity | Legal Basis (GDPR Art.) |
|---|---|
| Account creation and app access | Contract (Art. 6(1)(b)) |
| Student ID verification | Contract (Art. 6(1)(b)) |
| Payment processing | Contract (Art. 6(1)(b)) |
| Security, fraud prevention, crash logs | Legitimate interests (Art. 6(1)(f)) |
| Legal record-keeping obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a)) |
We share your personal data only where necessary, and only with trusted service providers who process it on our behalf under strict data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and subscription management | USA / EU (SCCs) |
| Railway | Database hosting and backend infrastructure | USA / EU (SCCs) |
| Cloudinary | Storage of profile and business images | USA / EU (SCCs) |
| Sentry | Error tracking and crash reporting | USA (SCCs) |
| Vercel | Website hosting | USA / EU (SCCs) |
Where providers are located outside the EU/EEA, we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) as required by GDPR Article 46.
We may also disclose personal data if required to do so by law, court order, or regulatory authority.
We keep your personal data only for as long as necessary to provide our services or comply with legal obligations:
Under the GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at sakaloz.hello@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at cnpd.pt if you believe your data has been processed unlawfully.
Our website (sakaloz.com) uses minimal cookies. We do not use advertising or tracking cookies.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session token | Essential | Keep you logged in | Session |
| Language preference | Functional | Remember your language choice | 1 year |
| Vercel analytics | Analytics | Anonymous page view counts — no personal data | 90 days |
The mobile app does not use cookies. Authentication is handled via secure JWT tokens stored locally on your device.
We take the security of your data seriously. Our technical measures include:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the CNPD within 72 hours and inform affected users without undue delay, as required by GDPR Article 33–34.
Sakaloz is intended for use by university students and is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal information, please contact us at sakaloz.hello@gmail.com and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page.
Your continued use of Sakaloz after a policy update constitutes your acceptance of the revised policy. If you do not agree with the changes, you may delete your account at any time from within the app.
If you have any questions about this Privacy Policy, want to exercise your rights, or have a complaint about how we process your data, please contact us:
Sakaloz — Privacy
Email: sakaloz.hello@gmail.com
General: sakaloz.hello@gmail.com
Website: sakaloz.com
We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you may escalate your complaint to the CNPD at cnpd.pt.