1. Who we are
ShishaLab is a personal hookah session tracking application operated by Synergy Tech LTD (contact@synergytech.bg). This policy explains what data we collect, how we use it, and what rights you have over it.
2. Data we collect
When you create an account and use ShishaLab we collect:
- —Account data — your email address and encrypted password (via Supabase Auth).
- —Profile data — username and preferred currency.
- —Inventory data — hookah brands and models you own, tobacco flavors and weights, charcoal stock.
- —Session data — date, duration, rating, cost, notes, and tobaccos used per session.
- —Mix data — tobacco combinations and ratios you create.
- —Usage data — standard server logs including IP address, browser type, and pages visited.
3. How we use your data
Your data is used solely to provide the ShishaLab service:
- —Authenticate you and secure your account.
- —Store and display your inventory, sessions, and mixes.
- —Calculate session costs and statistics.
- —Enable you to share public sessions and mixes via link.
- —Improve the application based on aggregated, anonymised usage patterns.
We do not sell your data, use it for advertising, or share it with third parties except as described below.
4. Data processors
ShishaLab uses Supabase (Supabase Inc., USA) as our database and authentication provider. Your data is stored on Supabase infrastructure. Supabase processes data under a Data Processing Agreement compliant with GDPR.
5. Cookies
ShishaLab uses the following cookies:
- —Essential cookies — authentication session tokens required for you to stay logged in. These cannot be declined.
- —Analytics cookies (optional) — used to understand how the application is used in aggregate. Only set if you accept cookies.
6. Data retention
Your data is retained for as long as your account is active. When you delete your account, all personal data is permanently removed within 30 days. Server logs are retained for up to 90 days.
7. Your rights (GDPR)
If you are located in the European Economic Area you have the right to:
- —Access — request a copy of your personal data.
- —Rectification — correct inaccurate data.
- —Erasure — request deletion of your account and data.
- —Portability — receive your data in a machine-readable format.
- —Restriction — ask us to limit processing while a dispute is resolved.
- —Object — object to processing based on legitimate interests.
To exercise any of these rights, contact us at contact@synergytech.bg.