Privacy Policy

Albedo Technologies S.R.L. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal data when you use the iusevimbtw.com service (the "Service"). It also explains your rights under the EU General Data Protection Regulation (GDPR) and how you can exercise them. We provide this information in compliance with GDPR requirements for transparency and in clear language for easy understanding.

1. Who We Are and How to Contact Us

Data Controller: The Service is operated by Albedo Technologies S.R.L., a company registered in Romania. For the purposes of EU data protection law, Albedo Technologies S.R.L. is the "data controller" of your personal data processed via iusevimbtw.com.

• Company Name: Albedo Technologies S.R.L.
• Registered Address: Str. Mihail Kogălniceanu 23, Bl. C7, Ap. 16, Municipiul Braşov, Jud. Braşov, 500090, Romania
• Contact Email: contact@iusevimbtw.com

If you have any questions about this Privacy Policy or our data practices, you can reach us at the email address above. We do not have a designated Data Protection Officer, but you may direct any privacy-related inquiries to our contact email and we will respond promptly.

2. Service Description

iusevimbtw.com is a subscription-based web service that allows you to obtain a custom subdomain (e.g., yourname.iusevimbtw.com) and a corresponding email forwarding address (e.g., yourname@iusevimbtw.com). To use the Service, you must create an account using only your email address. We intentionally do not collect any other personal information such as your name, physical address, or phone number during account registration. This minimalist data collection approach helps protect your privacy by limiting the personal data we hold about you.

Reserved Names: If you joined a wait-list to reserve a specific subdomain or email name prior to subscribing, that reserved name will be linked to your user account when you sign up. We associate the reserved name with your account to ensure that the custom subdomain and email address you requested remain unique to you. We will not assign your reserved subdomain or email alias to anyone else. Even if you cancel your subscription or delete your account, we do not reassign your chosen subdomain/email to another user. (In such cases, we may retain a record of the reserved name in our system to prevent reuse, without retaining more personal data than necessary.)

3. Personal Data We Collect

When you use our Service, we collect only the personal data that we need to provide and operate the Service. This includes:

• Account Information: When you create an account, we collect your email address. This is the only piece of personal information required for registration. Your email address serves as your login credential and is used for account verification and important communications (e.g. password resets, service notices). We do not ask for your name or any other contact details.
• Subscription and Payment Information: If you subscribe to our paid services, payments are processed by our third-party payment processor Stripe. You will provide your payment details (such as credit card information) directly to Stripe. We do not collect or store your full payment card details on our servers. We may receive limited information about the transaction from Stripe (e.g. a confirmation of payment, subscription plan, and possibly the last four digits of your card or a transaction ID). This information is used for billing records and account status.
• Email Forwarding Content: Our Service enables email forwarding (receiving messages at your `...@iusevimbtw.com` address and forwarding them to your actual email). In providing this service, our systems will process the email messages (including sender, recipient, subject, and body content) for the purpose of routing them to you. We do not permanently store the content of forwarded emails beyond the technical necessity of delivering the messages. Email forwarding is performed automatically; we do not read or access the content of your forwarded emails except as needed for security scanning (e.g., virus or spam checks) or troubleshooting at your request.
• Technical and Usage Data: When you visit our website or use the Service, we automatically collect certain technical data to ensure the Service works correctly and to analyze usage for improvements. This data may include:
  • Cookies and Session Data: We use cookies (small text files stored in your browser) to manage logged-in sessions and remember preferences. These cookies are essential for the Service to function (e.g., keeping you signed in). We also use analytics cookies (see Section 5 below).
  • Log Information: Our servers may log basic information about your HTTP requests. This can include your IP address, browser type, and access times when you use the Service. We use these logs for security monitoring, debugging, and to compile usage statistics (e.g., to see aggregate access patterns). IP addresses may be considered personal data under GDPR, so we treat them accordingly. For analytics purposes, we employ IP anonymization where possible to avoid storing full IP addresses.
  • Analytics Data: Through Google Analytics (see details in Section 5), we collect information about how you interact with our website, such as pages visited, time spent, and referral links. This data is generally aggregated and does not directly identify you; however, it may be linked to your IP address or device ID which are pseudonymous identifiers.

We do not collect any special categories of personal data (such as sensitive information about health, race, religion, etc.), nor do we intentionally collect any information about your real identity beyond your email address. We also do not collect any personal data from third parties – all personal information we process is provided directly by you or generated through your use of our Service (e.g., usage data).

4. How We Use Your Personal Data

We use the personal data we collect strictly for the following purposes:

• To Provide and Maintain the Service: We use your email address to create and manage your user account, authenticate your login, and provide you with the custom subdomain and email forwarding service you subscribed to. This includes using your email to communicate with you about service-related matters (for example, sending verification emails, security alerts, subscription confirmations, or important notices about changes to the Service). We process your personal data in order to perform our contract with you, i.e. to deliver the features and services you expect.
• Email Forwarding: As described, our system processes the content of emails sent to your iusevimbtw.com address in order to forward them to your actual email. This automated processing is solely to perform the core function of the Service (delivering your emails) and for no other purpose. We do not use the content of your emails for any marketing or analytical purposes.
• Payment Processing and Account Billing: We use Stripe to handle subscription payments. Your payment data is used to process transactions, manage subscriptions (e.g., renewals, cancellations), and keep records of payments. Stripe processes the payment on our behalf and may send us confirmation data. We retain basic transaction records to fulfill our financial and legal obligations (such as accounting and tax requirements).
• Communicating with You: We may send you necessary transactional or administrative emails. For example, we might email you to confirm your subscription, notify you of invoice availability, send password reset links, or alert you to important changes or issues with the Service. These communications are not promotional in nature; they are intended to service your account. We send such emails either as part of performing our contract with you (e.g., delivering service updates) or based on our legitimate interest in keeping you informed about critical service matters.
• Customer Support: If you contact us at our support email (contact@iusevimbtw.com) with questions or requests, we will use your email address and any information you provide to respond to you and resolve your issue. We may keep a record of support communications (including your email and correspondence) for reference, training, or to improve our customer service.
• Improving and Analyzing the Service: We use Google Analytics to understand how our website is used so we can improve user experience and troubleshoot technical issues. Analytics data (e.g., which pages are most visited, how users navigate the site) helps us optimize our Service and plan new features. We only collect analytics data if you have given consent for analytics cookies (see Section 5 on Cookies & Analytics). This processing is based on your consent. We may also analyze aggregated usage data under our legitimate interest to better understand our business performance, but without identifying individual users in such analysis.
• Ensuring Security and Preventing Fraud: We may process certain data (such as IP addresses, logs, and usage patterns) under our legitimate interests to protect the security of the Service, our users, and our infrastructure. This includes detecting and preventing fraudulent activity, abuse of our platform, or security incidents. For example, we might use log data to detect multiple failed login attempts (which could indicate a hacking attempt) or to blacklist IPs that show malicious behavior. Any such processing is conducted in a proportionate manner and in accordance with applicable data protection laws.

We want to emphasize that we do not sell, rent, or trade your personal data to any third parties for marketing or any other purpose. All processing of personal data is done for the legitimate and necessary purposes described above.

5. Cookies and Analytics

Essential Cookies

We use a few essential cookies on our site to provide the Service. These cookies are necessary for the website to function and cannot be switched off in our systems. For instance, when you log in, we set a session cookie to keep you logged in as you navigate the site. Essential cookies may also remember your preferences (e.g. interface language) or other settings to enhance your experience. Because these cookies are required for the operation of the Service, we do not request your consent to use them. You can block or delete cookies in your browser settings, but be aware that some core features (like staying logged in) may not work if you disable essential cookies.

Analytics Cookies

With your consent, we use analytics cookies to collect information about how visitors use our website. Specifically, we use Google Analytics (a web analytics service provided by Google) to gather anonymous statistical data such as pages visited, time spent on pages, browser type, and referring pages. Google Analytics uses its own cookies to identify your browser and device, but these cookies do not reveal your name or email address to us. The information generated by Google Analytics cookies (including a truncated/anonymized IP address) is transmitted to and stored by Google on its servers. We have activated IP anonymization for Google Analytics, meaning Google will mask the last octet of your IP address within the European Economic Area before storing or processing it, further reducing the possibility of identifying you.

Legal Basis for Analytics: We only deploy Google Analytics cookies if you opt-in (consent) via our cookie banner or settings. Under GDPR, the use of non-essential cookies like analytics requires your consent, which is our legal basis (GDPR Art. 6(1)(a)). You are not required to accept these cookies to use the Service. If you decline or ignore the analytics consent, we will not load Google Analytics in your browser.

Managing Cookies: You can manage or revoke your cookie preferences at any time. Most web browsers allow you to refuse cookies or delete cookies that have already been set. For guidance on how to manage cookies, you can visit resources like AllAboutCookies.org. Please note that if you clear cookies, the next time you visit our site you may be prompted again for your cookie preferences.

Google Analytics Data Use: Google Analytics helps us understand website traffic and usage. Google uses the data collected to track and examine the use of our site, and may share this data with other Google services. We do not receive personally identifiable information through Google Analytics – we only see aggregated statistics (for example, total number of visitors in a week, or which countries our visitors are from). Nonetheless, because Google Analytics involves Google acting as a data processor, we have a Data Processing Agreement in place with Google to comply with GDPR. For more information about Google's data practices, you can read Google's Privacy Policy on their website. You can also opt-out of Google Analytics across all websites by using the Google Analytics Opt-out Browser Add-on.

Other Third-Party Cookies or Tracking

Aside from Google Analytics, we do not use any third-party advertising cookies or social media trackers on iusevimbtw.com. The only other third-party that may set cookies is Stripe, our payment processor. Stripe may set cookies on its checkout page or when processing payments to prevent fraud and remember your session with them (for example, Stripe may place a cookie to recognize you as a returning customer if you pay again). These Stripe cookies are under Stripe's control and are used for security and fraud prevention in payment processing; they should only be present during a payment process. We inform you of them here, but they are considered necessary for secure payment (and in some cases required by Stripe's fraud detection, which operates under legitimate interest or legal obligation to prevent fraud). For details, see Stripe's own cookie and privacy policies.

6. Third-Party Service Providers (Data Recipients)

To run our Service efficiently, we rely on a few trusted third-party service providers. We only share your data with these providers to the extent necessary for them to perform services on our behalf. Each of these providers has been carefully chosen for their commitment to data protection and GDPR compliance. We have agreements (including Data Processing Addendums where applicable) in place to ensure they protect your data. The third parties we use, and the data we share with them, are:

• Stripe (Payment Processor): We use Stripe to handle all credit card payments and subscription billing. When you make a payment, the information you provide on the payment form (such as your card number, expiration, CVC, and billing email) is transmitted directly to Stripe. Stripe processes your payment data securely in accordance with their own security certifications. We (Albedo Technologies S.R.L.) do not see or store your full credit card information. Stripe may share with us a token or reference for the transaction, the card type (e.g. Visa) and last 4 digits, the billing name/email, and whether the payment was successful. We use this information to record your subscription and for invoicing. Stripe is a global company with entities in the EU; for EU customers, Stripe Payments Europe, Ltd. (located in Ireland) is typically the responsible party. Stripe's handling of personal data (including any potential transfers) is governed by Stripe's Privacy Policy and Stripe's GDPR-compliant data processing agreements, including the use of Standard Contractual Clauses if data is transferred outside the EU.
• Google Analytics: As described in Section 5, we use Google Analytics for website analytics. Google acts as a data processor for us when collecting analytics data. Through Google Analytics cookies, Google may receive your truncated IP address, device information, and usage info. Google, LLC is based in the United States, which means analytics data may be transferred to or stored on servers in the U.S. However, Google has committed to GDPR compliance and uses Standard Contractual Clauses and other safeguards for international data transfers. We have configured Google Analytics to enhance privacy (IP anonymization and no sharing of data with other Google services by default). You have control over whether Google Analytics is used (via consent), as noted above.
• Hosting Provider: Our website and service are hosted on servers located in the European Union. (For example, our servers may be in an EU data center or cloud region, ensuring that your account data and forwarded emails reside within EU territory.) We use reputable hosting infrastructure that employs robust security measures. Our hosting provider acts as a data processor, storing data on our behalf. They do not access your data except for storage and backup purposes. We do not transfer your stored data to any data centers outside the EU.

We do not share your personal data with any other third parties, except in the following special situations:

• Legal Requirements: If we are compelled by law or a valid legal process (such as a court order or a subpoena) to disclose your personal data, we may do so to comply with our legal obligations. In such cases, we will only disclose what is necessary and will inform you of the request if we are legally permitted to do so.
• Business Transfers: In the unlikely event that Albedo Technologies S.R.L. undergoes a major business transaction such as a merger, acquisition, or sale of assets, user data (including personal data) may be transferred to the successor entity. If such a transfer occurs, we will ensure the recipient agrees to respect your personal data in a manner consistent with this Privacy Policy and applicable law. We will also notify you of any change in data control.
• Enforcing Our Rights: We may disclose data if necessary to enforce our Terms of Service or other agreements, or to protect the rights, property, or safety of our company, our customers, or others (for example, to prevent fraud or cyberattacks).

Importantly, we do not sell or rent your personal information to any third party for marketing or any other purposes. We do not share data with advertisers or social media platforms. Any third-party access to personal data is solely for the purposes of providing our Service to you or for legal compliance.

7. Legal Bases for Processing Personal Data

We process your personal data only when we have a valid legal reason (lawful basis) to do so under the GDPR. Depending on the specific processing activity, we rely on one or more of the following legal bases:

• Performance of a Contract (GDPR Article 6(1)(b)): Most of our data processing is done on this basis. When you sign up for our Service, a contract is formed (the Terms of Service) and we need to process your data to fulfill our obligations under that contract. This includes providing you the custom subdomain and email forwarding service, maintaining your account, handling payments, and communicating with you about the Service. We cannot provide the Service without processing your email address and related account data. Therefore, such processing is considered "necessary for the performance of a contract" – no separate consent is required for these essential uses of your data.
• Consent (GDPR Article 6(1)(a)): We rely on your consent for certain processing activities that are not strictly necessary for the core service. In particular, we ask for your consent to use analytics cookies (Google Analytics) as described in Section 5. If we ever decide to send any optional newsletters or marketing communications (which we do not currently), we would also seek your prior consent. Where we process data based on consent, you have the right to withdraw your consent at any time, and we will stop the processing in question. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
• Legitimate Interests (GDPR Article 6(1)(f)): In certain cases, we process your data as necessary for our legitimate interests, and we do so in a way that does not override your rights and freedoms. We have carefully balanced our interests with your privacy. Examples of processing on this basis include:
  • Sending you essential transactional emails about your account or subscription (e.g., service notifications, renewal reminders). While one could argue these are also part of performing the contract, we mention them here especially if they are not strictly required for service but help enhance your user experience or our service quality (e.g., an email letting you know about a new feature available to you as a user).
  • Security measures: Using data like IP addresses and log entries to detect fraud, prevent abuse, and ensure the integrity of our platform is in our legitimate interest as a service provider committed to security.
  • Improving our Service: We might analyze how users interact with our Service (in aggregate and without identifying you) to improve functionality or user experience. This is a legitimate interest in understanding and optimizing our product. Note that analytics that are not strictly necessary will only be done with consent via cookies, as mentioned above. But other forms of service improvement (e.g., looking at support query trends or using internal logs to improve performance) may rely on legitimate interest.

  Whenever we rely on legitimate interests, we ensure that we only process data in ways you would reasonably expect and that have minimal privacy impact. You have the right to object to processing based on legitimate interests (see Section 9 on your rights).

• Legal Obligation (GDPR Article 6(1)(c)): In some situations, we must process and retain certain personal data to comply with our legal obligations. For instance, as a business operating in Romania, we are required by tax and accounting laws to keep records of transactions (which may include personal data like your email or Stripe transaction IDs on invoices) for a certain period. If we receive a lawful request from law enforcement or a court order, processing data to comply with that request would also fall under legal obligation. We will only process the minimum data necessary for compliance.

We do not normally collect or process any data based on vital interests or public interest/official authority. If that were ever to occur (for example, in a life-threatening situation), we would do so in accordance with the law.

8. Data Retention: How Long We Keep Your Data

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws. This section explains the retention periods for different types of data:

• Account Data (Email Address, Subdomain association): We keep your account data (your email address, your login credentials, and the link between your account and your custom subdomain/email alias) for as long as you have an active account with us. This is necessary to provide you with the Service continuously. If you decide to cancel your subscription or request deletion of your account, we will delete or anonymize your personal data associated with the account (including removing your email from our user database) after fulfilling any pending obligations. However, we may retain hashed or irreversibly anonymized identifiers for security and audit purposes (for example, a record that an account with a certain email existed, without the email itself). Additionally, as noted, the custom subdomain or alias you used will not be reassigned to another user; we may keep a non-personal record of the alias to prevent future reuse, but that record will not identify you personally once your account is fully deleted.
• Wait-list Data: If you were on a wait-list prior to account creation (meaning you provided an email to reserve a name), that data became part of your account once you signed up. We do not maintain separate wait-list records after you have created an account. If someone joins a wait-list but never creates an account, we will retain their provided email and desired subdomain only until the opportunity for account creation is provided or for a maximum of 12 months, whichever is shorter, unless they consent to a longer retention (for example, remaining on a wait-list beyond 12 months).
• Payment and Transaction Data: We keep records of payments, invoices, and transaction history as required for our accounting and tax purposes. Under Romanian financial regulations, we might need to retain invoicing records for a minimum of 5 years (or longer, depending on the law) from the end of the financial year in which the transaction occurred. These records may include your email, subscription details, and payment amounts. We do not store your full card details, as those are handled by Stripe, but we keep records of the fact that a payment was made. After the mandatory retention period, we will securely delete or anonymize those records. Any Stripe-related tokens or IDs we hold will be deleted when no longer needed (for example, if you cancel your subscription, we might delete the Stripe customer reference after a certain period unless needed for tax records).
• Email Logs and Content: For the email forwarding service, we do not store email content long-term. Emails are processed and forwarded in real-time. We may keep temporary logs of email routing events (for example, to track delivery success/failure) for a short period (e.g., a few weeks) for troubleshooting and spam/abuse monitoring. After that, such logs are deleted. If an email fails to deliver, we might retain it on our server for a short duration to attempt redelivery or to diagnose issues, but typically not longer than 30 days. Any content of forwarded emails is not stored permanently. If you delete your account, any remaining email routing data associated with your account will be erased or anonymized promptly.
• Analytics Data: Data collected via Google Analytics is retained as per Google's settings. Currently, we have set Google Analytics to retain user-level and event-level data for 14 months (a common default) before automatic deletion. This analytics data is aggregated, but any identifiers Google uses (like cookies or advertising IDs) are removed after that retention period. You can also clear this data by withdrawing consent or using Google's opt-out mechanisms, which stops new data collection.
• Server Logs: Our server logs (which may include IP addresses and timestamps) are generally retained for 90 days. We find that a three-month period is usually sufficient to investigate security incidents or technical problems. After 90 days, logs are automatically purged or anonymized (unless we need to retain them longer for a specific investigation, in which case we would archive the relevant logs securely and limit access).
• Communications and Support: If you correspond with us (for example, via email to contact@iusevimbtw.com), we may retain that correspondence for as long as needed to address your issue and maintain a record of our communications. Typically, we might keep support emails for up to 2 years to reference past communications if you contact us again. You can request deletion of a support conversation record if you wish, and we will delete it unless we are required to retain it for legal reasons.

After the applicable retention periods above expire, we will either delete your personal data or irreversibly anonymize it so that it can no longer be associated with you. When we say delete, we mean remove from our active databases. Please note that deletion from backups may not be immediate, but if we ever need to restore data from a backup, we will re-delete the data that should no longer be in production.

9. Your Rights Under GDPR

As a user of our Service and a data subject under the GDPR, you have several important rights regarding your personal data. We are committed to honoring these rights. Below we outline your key data protection rights:

• Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you. This allows you to know and verify the lawfulness of our processing. We will provide you with a copy of your data, along with information on how it's used, usually within one month of your request. For additional copies, we may charge a reasonable fee based on administrative costs (but we will not charge for the initial copy).
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data that we hold about you. If you believe the email address in your account or any other information is wrong or outdated, please contact us to have it updated. We strive to keep your data accurate and will act on rectification requests promptly.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances. This includes situations such as: the data is no longer necessary for the purposes it was collected; you withdraw consent (where the processing was based on consent); you object to processing and we have no overriding legitimate grounds; or we are required by law to erase your data. Please note this right is not absolute – for example, if we have a legal obligation to retain certain data (e.g., transaction records for tax purposes), we may not be able to delete those until the obligation is fulfilled. However, we will evaluate each request individually and will comply if we have no lawful reason to retain your data. If you request erasure of your account data, we will also remove your Service access and delete your account.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. For example, if you contest the accuracy of your data, you can request we restrict processing while we verify the data's accuracy. Or if you object to our processing based on legitimate interests, you can request restriction pending verification of whose interests prevail. When processing is restricted, we can still store your data but not use it further (unless for legal claims, or to protect others' rights, etc.). We will inform you when a restriction is lifted.
• Right to Object: You have the right to object to our processing of your personal data at any time if the processing is based on legitimate interests or direct marketing. This means that if we are processing your data on the ground of legitimate interest, you can object, and we must stop unless we demonstrate compelling legitimate grounds that override your rights or the processing is for legal claims. If we were to do any direct marketing (currently we do not), you can object at any time and we would stop using your data for that purpose immediately. For example, you have the right to object to analytics processing; if you do so by withdrawing consent or telling us, we will stop any analysis that involves your personal data.
• Right to Data Portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, machine-readable format and have the right to transmit that data to another service provider, where technically feasible. This right applies when the processing is based on your consent or on a contract and is carried out by automated means. In practice, this right would allow you to get, for instance, the account data you gave us (your email and any settings, etc.) in a format like CSV or JSON, so you could import it into another service. If you require such data portability, please contact us and we will work with you to provide the data in a usable format.
• Right to Withdraw Consent: Where we process your data based on your consent (e.g., for analytics cookies or any future marketing emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing done before the withdrawal. If you withdraw consent for analytics, we will stop collecting your data via Google Analytics. You can withdraw consent by updating your cookie settings on our site or by contacting us.
• Right not to be Subject to Automated Decisions: We do not make any decisions about you that have legal or similarly significant effects based solely on automated processing (no profiling or automated decision-making without human involvement). If that ever changes, you would have the right to request human intervention and to contest the decision.

If you wish to exercise any of these rights, you can contact us at contact@iusevimbtw.com with your request. Please specify which right you wish to exercise and provide details to help us fulfill your request. For your security, we may need to verify your identity before proceeding with certain requests (for example, by confirming you have access to the email address associated with your account).

Response Time: We will respond to your request as soon as possible, and no later than one month from receiving it. If your request is complex or if we have received many requests, we may extend this period by up to two further months, but we will inform you of any extension within the first month. There is generally no fee for exercising your rights. However, if a request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse to act on it, as permitted by GDPR.

10. Children's Privacy

Our Service is not intended for children under the age of 16, and we do not knowingly collect personal data from anyone under 16 years old. The GDPR imposes special conditions for processing data of children under 16 in relation to online services. To ensure compliance, we have a strict policy of not allowing individuals under 16 to sign up or use our Service. By creating an account and using iusevimbtw.com, you confirm that you are at least 16 years old.

If you are under 16, please do not use this Service or provide any personal information to us. If we learn that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that data from our records. If you are a parent or guardian and you believe your child under 16 may have provided us with personal information, please contact us immediately at contact@iusevimbtw.com so that we can take appropriate action.

11. International Data Transfers

We are based in the European Union (Romania) and we store and process personal data on servers located in the EU. Our policy is to avoid transferring your personal data outside the EU/EEA, and no routine transfers outside the EU occur in the normal course of using our Service. All data processing activities we control take place within the EU, which means your data is protected under European data protection standards.

However, some of our third-party service providers (mentioned in Section 6) are international organizations that may process data in or from outside the EU:

Google (Analytics) are headquartered in the United States, and using their services can involve transferring data to the U.S. Similarly, Stripe is a global service; while our integration is via its European entity, some Stripe processing (for example, global fraud monitoring) could involve servers in the U.S. or other countries. We ensure that when your personal data is handled by these providers outside the EEA, adequate safeguards are in place. These safeguards typically include the European Commission's Standard Contractual Clauses (SCCs), which are contractual commitments those providers make to protect Europeans' personal data, and any additional measures required by EU law. For example, Google Analytics' data transfers to the U.S. are covered by SCCs between Google and us (and we have also enabled IP anonymization to reduce personal data sent).

In summary, we do not directly transfer your data to any country outside the EU for our own operations. Where our service providers might process data abroad, we contractually bind them to GDPR-compliant standards. If in the future we need to transfer any of your personal data outside the EU for other reasons, we will only do so in accordance with GDPR (for example, by relying on an adequacy decision or by implementing appropriate safeguards like SCCs, and informing you about it).

If you have questions about our data transfer practices or want more information about the safeguards we have in place, please contact us.

12. Data Security

We take the security of your personal data very seriously. We have implemented appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption: All communications between your browser and our Service are encrypted using HTTPS/TLS. This protects your data from eavesdropping while in transit. Sensitive data (such as passwords) is stored in our database in a hashed or encrypted form.
• Access Control: Our databases and systems are accessible only by authorized personnel who need access to operate or maintain the Service. We limit access to your personal data to employees or contractors who have a business need-to-know and are subject to confidentiality obligations.
• Network Security: Our servers are protected by firewalls and monitoring systems to guard against external attacks. We keep our software and infrastructure updated to mitigate vulnerabilities. Regular backups are performed to ensure data integrity and availability.
• Third-Party Security: We choose reputable third-party providers (Stripe, etc.) that demonstrate robust security practices. For example, Stripe is certified as a PCI-DSS Level 1 service provider (the highest level of payment data security standard). We ensure our vendors handle data securely via our agreements with them.
• Monitoring and Auditing: We monitor our systems for suspicious activity and have incident response plans ready. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority of the breach without undue delay, as required by law.

Despite our best efforts, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information. However, we continuously evaluate and update our security measures to follow best practices and respond to emerging threats.

We also advise you to take precautions on your end. Keep your account credentials (password) confidential and do not share them. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately.

13. Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the "Last Updated" date at the top. If changes are significant, we may also notify you by email or by placing a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes acceptance of those changes, to the extent permitted by law. If you do not agree with any update, you should stop using the Service and you may exercise your rights (such as requesting deletion of your data).

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us as follows:

Email: contact@iusevimbtw.com
(This is the preferred and fastest contact method.)

Address: Albedo Technologies S.R.L., Str. Mihail Kogălniceanu 23, Bl. C7, Ap. 16, Municipiul Braşov, Jud. Braşov, 500090, Romania.

We will happily answer any questions you have and address any issues to the best of our ability.

15. Your Right to Lodge a Complaint

We hope to resolve any privacy concerns directly with you. If you believe we have not complied with our obligations under data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU country where you reside, work, or where the alleged infringement occurred.

As our company is established in Romania, our lead supervisory authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

• Website: http://www.dataprotection.ro/
• Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
• Telephone: +40.318.059.211
• Email: anspdcp@dataprotection.ro

You can contact ANSPDCP or your local Data Protection Authority to raise any concerns. We would, however, appreciate the chance to deal with your concerns before you approach a regulator, so please consider reaching out to us first.