Back to home
Last updated: July 2026

Privacy Policy

This page is maintained by the owner of Slovak Roots Navigator to explain how the app handles the documents and personal information you upload. It describes app-visible controls and current practices, and is not a certification or an independent audit.

In short

Documents you upload are stored in a private vault scoped to your account, malware-scanned at upload time, served only through short-lived signed URLs, and shared only with collaborators you invite. You can delete a document at any time, and deleting your account removes your case data.

1. What documents you upload

You choose which documents to add to your case — typically civil documents (birth, marriage, and death certificates), apostilles, translations, identity documents, correspondence with registries or the embassy, and supporting evidence for your family line. You are in control of what you upload and should avoid uploading information that is not needed for your citizenship case.

2. Where documents are stored

  • Private vault. Files are stored in a private object-storage bucket (case-documents) that is not publicly readable. Access is enforced by row-level security scoped to your account.
  • Signed URLs only. When you or a collaborator open a file, the app generates a short-lived signed URL. There are no permanent public links to your documents.
  • Metadata. The app records the file name, size, content type, upload timestamp, and the case section it belongs to so the document appears in your checklist and timeline.
  • Encryption. Data is transmitted over HTTPS. The underlying storage provider encrypts objects at rest.

3. Malware scanning

Every upload is scanned for malware by a third-party scanning service (Cloudmersive). Only the file contents needed to perform the scan are sent to the scanner; the scanner is not authorized to use your files for any other purpose.

  • Clean files remain in the case-documents vault and are attached to your case.
  • Flagged files are moved to a separate private quarantine bucket, are not attached to your case, and are recorded in the audit log.
  • If the scanner is temporarily unavailable, the upload is recorded with an "unscanned" status so you can see it was never verified.

4. Who can see your documents

By default, only your account can see the documents on your case. Access widens only when you explicitly invite someone from the Collaborators page.

  • Owners / editors you invite can read and modify case data and documents.
  • Attorneys / translators you invite can read the documents you share with them under their assigned role.
  • You can revoke a collaborator's access at any time from the Collaborators page. The app owner does not sell, rent, share, or market your documents to any third party.

5. Retention

  • Active case data. Documents and case records are kept for as long as your account is active so you can continue to work on your case.
  • Quarantined files. Files moved to quarantine are kept only long enough to investigate the flag and are then removed. They are never made available to your case.
  • Audit log. Security-relevant events (rejected upload attempts, malware flags, role changes) are retained so you can review activity on your case.
  • Backups. The storage and database providers maintain routine backups for disaster recovery. Deleted content may persist in encrypted backups for a limited window before it is overwritten.

6. Deleting a document

You can delete any document from the Documents page. When you delete a document:

  • The file is removed from the case-documents vault.
  • The associated metadata is removed from your case.
  • Any signed URLs previously issued for that file expire.
  • An entry is written to the audit log recording the deletion.
  • The file may persist briefly in provider backups until the next backup rotation.

7. Deleting your account

You can request deletion of your account at any time from the Settings page or by contacting the app owner. When your account is deleted, your case data, uploaded documents, generated letters, and collaborator invitations are removed from the active systems. Audit records tied to security events may be retained in de-identified form where required to keep the security log intact. Encrypted provider backups age out on their own rotation schedule.

8. What to avoid uploading

Please upload only documents that are needed to organize a Slovak citizenship-by-descent case. Avoid uploading unrelated financial records, medical records, government-issued identifiers of people not part of the case, or files you are not authorized to share. Do not upload malware, illegal content, or files you do not own or have permission to hold.

9. Subprocessors

The app runs on third-party infrastructure for hosting, authentication, database, object storage, and malware scanning. Those providers process data only as needed to operate the service. No subprocessor is authorized to use your case data for advertising, profiling, or model training.

10. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. You can exercise most of these rights directly in the app (view, edit, or delete case data and documents). For requests that require the app owner's involvement — such as a full export or a formal deletion confirmation — contact us using the details below.

11. Changes to this policy

This page may be updated as the app changes. Material changes will be reflected in the "Last updated" date at the top of the page.

12. Contact

Privacy questions or data requests? Reach out through the contact details provided by the app owner in Settings, or see the Legal & Privacy Disclaimer.

© 2026 Slovak Roots Navigator.