Skip to main content

Legal

Privacy Policy

Last updated: May 2026

Data controller

This platform is operated by Daniel Gherasim, an individual contractor registered in Romania. For any privacy-related matter, contact: contact@danielgherasim.com.

Newsletter consent

Newsletter emails are sent only after explicit consent and double opt-in confirmation. For compliance proof, we store your email address, consent text and version, source, language, confirmation timestamp, unsubscribe status, IP address, and user agent. You can withdraw consent at any time through the unsubscribe link in the email.

  • Legal basis: consent under GDPR Art. 6(1)(a).
  • Retention: while subscribed and for up to 3 years after unsubscribe to prove consent and withdrawal.
  • Processor: Resend is used for email delivery and newsletter contact management.

What we collect

We collect and process the following categories of personal data:

  • Identity and contact data — name, email address provided during registration or contact forms.
  • Project data — briefs, requirements, uploaded files, and messages exchanged in the client portal.
  • Payment data — billing details and transaction records processed by Stripe. Card data is never stored on our servers.
  • Usage data - page visits and interaction events collected via Cloudflare Analytics and/or PostHog only after consent where required. This data is used to understand conversion and site quality.
  • AI data - messages sent to the on-site assistant and project briefs submitted through contact forms may be processed by Google Gemini to qualify scope, urgency, fit, and next steps.

Legal basis for processing (GDPR Art. 6)

We process your personal data under the following legal bases:

  • Contractual necessity (Art. 6(1)(b)) — processing your account, orders, project communication, and invoices is necessary to provide the services you requested.
  • Legal obligation (Art. 6(1)(c)) — invoices and financial records must be retained for 10 years under Romanian fiscal law (Legea 82/1991) and EU VAT regulations.
  • Legitimate interests (Art. 6(1)(f)) — security monitoring, fraud prevention, and platform integrity. These interests do not override your rights.

How long we keep your data

Retention periods depend on the type of data:

  • Account and profile data — retained until you delete your account.
  • Project data, messages, and support tickets — retained for the duration of the service engagement plus one year, then deleted.
  • Financial records (invoices, orders) — retained for 10 years as required by Legea 82/1991 and EU VAT rules. Your personal details are anonymised upon account deletion.
  • AI chat sessions - anonymous sessions use a chatSession cookie for up to 7 days and messages may be stored in the database for follow-up, support, abuse prevention, and continuity. Authenticated chat is tied to your account until deletion or retention expiry.
  • Analytics data — aggregated; no individual retention period applies.

What happens when you delete your account

Deleting your account triggers immediate removal of:

  • Your profile, name, and email from our authentication system.
  • All projects, milestones, and files you uploaded.
  • All messages, support tickets, ticket comments, and notifications.
  • Your personal details from invoice and order records (name and email are anonymised, the financial document itself is retained for the legally required period).

Third-party processors

We use the following sub-processors, each operating under their own data processing agreements and privacy policies:

  • Cloudflare — hosting infrastructure and analytics (cloudflare.com).
  • Neon — managed PostgreSQL database (neon.tech).
  • Clerk — user authentication and session management (clerk.com).
  • Stripe — payment processing (stripe.com).
  • Resend — transactional email delivery (resend.com).
  • Google (Gemini) - AI inference for chatbot replies and optional lead brief analysis (ai.google.dev). Messages and briefs sent for AI processing are processed by Google's API.
  • Cal.com — appointment scheduling (cal.com).

Your rights under GDPR

As a data subject in the EU/EEA, you have the following rights. To exercise any of them, email contact@danielgherasim.com:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your data. Note: financial records subject to legal retention obligations cannot be deleted before the retention period expires.
  • Right to restriction of processing (Art. 18) — request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.

Supervisory authority

If you believe your data is processed unlawfully, you have the right to lodge a complaint with the Romanian data protection authority:

  • Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
  • Website: www.dataprotection.ro
  • Email: anspdcp@dataprotection.ro

Updates to this policy

This policy may be updated from time to time. The "Last updated" date at the top of this page reflects when material changes were last made. Continued use of the platform after an update constitutes acceptance of the revised policy.