Privacy Policy

Effective Date: February 6, 2026

Publisher: Aning Film d.o.o., Opatovina 25, 10000 Zagreb, OIB 52144444572

This policy explains, in plain terms, what Kafić.hr stores, what is exchanged between devices, and what may be visible to network infrastructure.

1. Scope and Architecture

Kafić.hr (web app and Chrome side-panel extension) is built as a local-first, peer-to-peer system. There is no central Kafić.hr cloud database for your menus or orders.

2. Data Stored on Your Device

Operational data is stored locally in your browser using LocalStorage and IndexedDB, including:

• menu structure, prices, and images,
• table configuration and app preferences,
• current session and order state.

This local data stays on the device/browser profile where it was created.

3. Device-to-Device Synchronization

To synchronize in real time between staff devices, Kafić.hr uses WebRTC through the Trystero library.

• Discovery and signaling: Trystero uses BitTorrent discovery mechanisms and tracker servers to help peers find each other and exchange WebRTC offers/answers.
• Traffic after connection: Once connected, application messages are sent directly between devices (P2P).
• Transport security: Peer traffic is protected by standard WebRTC transport security (DTLS/SRTP).

4. What Is Sent Outside Peer Devices

At application/protocol level, external tracker infrastructure receives only the data required to connect peers.

• BitTorrent tracker communication includes only peer/room identification data and signaling payload required to establish WebRTC links.
• Menus, orders, and staff display names are not written to BitTorrent trackers.
• Application payload is exchanged between peer devices after connection, not through a central Kafić.hr backend.

5. Permissions (Chrome Extension)

The extension asks only for permissions needed to run its features:

• sidePanel: shows the app in the browser side panel.
• storage: saves local settings and session state on your device.
• camera (optional): used only when you choose QR scanning to join a session; video is processed in memory and not intentionally recorded.

6. Domain Identity: kafić.hr and xn--kafi-ota.hr

kafić.hr is an internationalized domain name (IDN). xn--kafi-ota.hr is its ASCII/Punycode representation used by DNS and certificates. They identify the same domain.

Depending on browser rules and UI context, you may see either form in the address bar or technical dialogs.

7. Third-Party Services and Analytics

Kafić.hr uses Google Analytics (GA4) in standard (non-enriched) mode only for aggregate interest/activity observation (for example overall traffic and app usage volume).

It is not used by us for detailed user-behavior profiling, and real-time peer connectivity still depends on WebRTC tracker/relay infrastructure used for discovery/signaling.

8. Your Control

You can remove local app data at any time by:

• using the app reset option (Reset App / data reset), and/or
• clearing site/extension storage in your browser settings.

9. Policy Updates

When this policy changes, the updated version is published on this page with a new effective date.

10. Contact

Questions about this policy:

matija@aningfilm.hr