Privacy Policy

1. Introduction

MB Skydis ("Company", "we", "us", or "our") operates the Visual Field Test website and application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).

By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

We may collect the following information that you voluntarily provide:

• Account Information: Email address, name, and password when you create an account
• Payment Information: When you subscribe, payment information is collected and processed directly by Stripe. We do not store your full credit card number or CVV.
• Test Results: Visual field test data, including stimulus responses, scores, and timestamps
• Communications: Information you provide when contacting us or submitting feedback
• Newsletter Subscription: Email address if you subscribe to our newsletter

3.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device Information: Browser type, operating system, device type, and screen resolution
• Usage Data: Pages visited, features used, time spent on pages, and interaction patterns
• IP Address: Used for security, fraud prevention, and approximate geolocation (country-level)
• Cookies and Similar Technologies: As described in Section 8

3.3 Information from Third Parties

We may receive information from third-party services you use to authenticate:

• Google Sign-In: Name, email address, and profile picture (if you choose to sign in with Google)

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Provision

• To create and manage your account
• To provide the visual field test functionality
• To store and display your test history
• To process payments and manage subscriptions
• To provide AI-powered analysis of test results

4.2 Communication

• To respond to your inquiries and support requests
• To send service-related notifications (e.g., subscription confirmations, important updates)
• To send marketing communications (only with your consent, and you can opt out at any time)

4.3 Improvement and Analytics

• To analyze usage patterns and improve the Service
• To develop new features and functionality
• To conduct research and analytics (using aggregated, anonymized data)

4.4 Security and Legal Compliance

• To detect and prevent fraud, abuse, and unauthorized access
• To comply with legal obligations
• To enforce our Terms of Service

5. Legal Basis for Processing (GDPR)

For users in the EEA, we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested (account management, test functionality, subscription processing)
• Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, analytics, and fraud prevention, balanced against your rights
• Consent: Processing based on your explicit consent (marketing communications, certain cookies)
• Legal Obligation: Processing necessary to comply with applicable laws

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

We use trusted third-party service providers to operate the Service:

• Google Firebase (USA): Authentication, database, and cloud functions.Privacy Policy
• Stripe (USA): Payment processing.Privacy Policy
• OpenAI (USA): AI-powered test analysis. Test data sent for analysis is anonymized (no personal identifiers).Privacy Policy
• Microsoft Clarity (USA): Analytics and session recording for service improvement.Privacy Policy
• Tolt (Affiliate Platform): Affiliate partner tracking.Privacy Policy
• Meta/Facebook (USA): Advertising, remarketing, and conversion tracking via Facebook Pixel and Conversions API. We may share hashed email addresses and purchase data with Meta to measure advertising effectiveness and show relevant ads.Privacy Policy
• Google (USA): Advertising, remarketing, and conversion tracking via Google Ads and Google Analytics. We share purchase and conversion data to measure advertising effectiveness and optimize ad campaigns.Privacy Policy

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6.4 No Sale of Personal Data

We do not sell your personal data to third parties.

7. International Data Transfers

Our service providers are located in the United States. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place:

• Use of service providers that participate in the EU-US Data Privacy Framework
• Standard Contractual Clauses approved by the European Commission
• Other legally recognized transfer mechanisms

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Analytics Cookies: Help us understand how visitors interact with the Service (Microsoft Clarity, Google Analytics)
• Functional Cookies: Remember your preferences (language selection, calibration settings)
• Advertising/Remarketing Cookies: Used to deliver relevant advertisements and measure ad effectiveness. This includes:
  • Facebook Pixel: Tracks page views, checkout events, and conversions to show you relevant ads on Facebook, Instagram, and the Meta Audience Network
  • Google Ads: Tracks conversions and enables remarketing to show you relevant ads across Google Search, YouTube, and partner websites
• Affiliate Cookies: Track affiliate referrals (Tolt) for 90 days

8.1 Opting Out of Interest-Based Advertising

You can opt out of interest-based advertising through:

• Facebook Ad Preferences
• Google Ads Settings
• Digital Advertising Alliance Opt-Out
• Your Online Choices (EU)

You can also control cookie preferences through our cookie consent banner when you first visit the site, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of the Service and you may still see ads, but they will not be tailored to your interests.

9. Data Retention

We retain your information for as long as necessary to:

• Provide the Service (while your account is active)
• Comply with legal obligations (e.g., tax and accounting requirements)
• Resolve disputes and enforce our agreements

Account Data: Retained until you delete your account or request deletion.
Test Results: Retained with your account until you delete them or your account.
Payment Records: Retained for 7 years for accounting purposes.
Analytics Data: Typically aggregated and anonymized after 26 months.

10. Your Rights (GDPR and Other Laws)

Depending on your location, you may have the following rights regarding your personal data:

To exercise these rights, please contact us at info@mbskydis.com. We will respond within 30 days (or the timeframe required by applicable law).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication mechanisms
• Access controls and authentication for administrative access
• Regular security assessments and updates
• Use of reputable, security-certified service providers (Firebase, Stripe)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@mbskydis.com.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with an updated "Last Updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For GDPR-related inquiries, you may also contact your local supervisory authority. For Lithuania, this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).