Privacy Policy

How we handle your personal data.

Effective date: May 27, 2026 | Version: 2.0

IRNAS Technologies d.o.o. (hereinafter: IRNAS, data controller) respects your privacy and is committed to ensuring lawful, fair, and transparent processing of your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the Slovenian Personal Data Protection Act (ZVOP-2).

Data Controller

CompanyIRNAS Technologies d.o.o.
AddressSokolska ulica 51, 2000 Maribor, Slovenija
Tax IDSI78993857
Emailtech@irnas.eu
Websitetech.irnas.eu

What Data We Collect

We collect the following types of data:

  • Contact form data: first name, last name, email address, content of your inquiry or message, and time of submission.
  • User account data: first name, last name, email address, password (stored as a one-way bcrypt hash), organisation name, system role (administrator, standard user), language preferences, and registration/modification timestamps.
  • Sensor device data: device serial number and identifier, GPS coordinates of device location, sensor measurements (PM1.0, PM2.5, PM10 particle concentrations, temperature, humidity, air quality index), battery status, signal strength, and measurement timestamps. This data is business data of subscriber organisations and does not directly contain personal data of end users.
  • Cookies: session cookies, language preference cookies, and cookie consent cookies.

Purpose and Legal Basis for Processing

  • Responding to inquiries via contact form — Legal basis: Legitimate interest (Art. 6(1)(f)) or pre-contractual measures (Art. 6(1)(b))
  • Managing dashboard user accounts — Legal basis: Contract / pre-contractual measures (Art. 6(1)(b))
  • Operating the FireAlert system (receiving device data) — Legal basis: Legitimate interest (Art. 6(1)(f))
  • System security and abuse prevention (audit logs, IP addresses) — Legal basis: Legitimate interest (Art. 6(1)(f))

Data Retention Periods

  • Contact form messages: retained for a maximum of 2 years from receipt, then deleted.
  • User accounts: data retained while the account is active; deleted within 90 days after account closure, unless longer retention is required by law.
  • Device data: retained for the duration of the subscriber contract and 1 year after its termination.
  • Security logs: retained for a maximum of 6 months.

Data Processors and Recipients

We do not sell your personal data to third parties. We share data only with:

  • The Things Network (TTN) — LoRaWAN network infrastructure for receiving sensor data transmissions.
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — Payment processing for subscription and add-on purchases.
  • Minimax — Invoicing and accounting system integration.
  • A1 Slovenija d.d. — Sending SMS alert notifications to users who have enabled SMS alerts.
  • Hosting provider — Server infrastructure for hosting the FireAlert application and database.
  • Competent state authorities — when required by law.

Sensor GPS Data

FireAlert devices may collect and transmit GPS coordinates as part of their normal operation. This location data may indicate the physical locations of properties where sensors are installed. GPS data is stored in association with the sensor and the organisation that owns it, and is used to display sensor positions on maps within the dashboard. Location data is subject to the same access controls and retention policies as other sensor data.

Google reCAPTCHA

This website uses Google reCAPTCHA to protect forms against automated abuse. When you interact with the reCAPTCHA service, Google may collect hardware and software information, such as device and application data, and send it to Google for analysis. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction, including:
• Encrypted data transmission (TLS/HTTPS)
• One-way password hashing (bcrypt)
• Access restriction based on the principle of least privilege
• Regular security reviews

Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:
• Right of access (Art. 15): obtain confirmation of whether we process your data and a copy thereof
• Right to rectification (Art. 16): request correction of inaccurate or completion of incomplete data
• Right to erasure (Art. 17): request deletion of your data in certain circumstances
• Right to restriction (Art. 18): request restriction of processing in certain circumstances
• Right to data portability (Art. 20): receive your data in a machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise your rights, send a request to tech@irnas.eu. We will respond within 30 days of receipt.

Complaint to Supervisory Authority

If you believe your rights have not been respected, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (www.ip-rs.si, gp.ip@ip-rs.si, +386 1 230 97 30).

Changes to This Privacy Policy

We may update this privacy policy from time to time. Substantial changes will be communicated via the website or by email. The date of the last update is indicated at the top of this document.

Privacy Contact

  • Email: tech@irnas.eu
  • Mail: IRNAS Technologies d.o.o., Sokolska ulica 51, 2000 Maribor, Slovenia