hjkl
    :iusevimbtw.com

    Privacy Policy

    Effective Date: May 16, 2025
    Last Updated: December 15, 2025

    Albedo Technologies S.R.L. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal data when you use the iusevimbtw.com service (the "Service"). It also explains your rights under the EU General Data Protection Regulation (GDPR) and how you can exercise them.

    1. Who We Are and How to Contact Us

    Data Controller: The Service is operated by Albedo Technologies S.R.L., a company registered in Romania. For the purposes of EU data protection law, Albedo Technologies S.R.L. is the "data controller" of your personal data processed via iusevimbtw.com.

    • Company Name: Albedo Technologies S.R.L.
    • Registered Address: Str. Mihail Kogălniceanu 17, Bl. C4, Ap. 10, Municipiul Braşov, Jud. Braşov, 500090, Romania
    • Contact Email: contact@iusevimbtw.com

    If you have any questions about this Privacy Policy or our data practices, you can reach us at the email address above. We do not have a designated Data Protection Officer, but you may direct any privacy-related inquiries to our contact email and we will respond as soon as reasonably possible.

    2. Service Description

    iusevimbtw.com is a subscription-based service that allows you to:

    • obtain a custom subdomain (e.g., yourname.iusevimbtw.com) and use it as a simple links page, redirect, or, by request, host static HTML;
    • obtain one or more email addresses (e.g., yourname@iusevimbtw.com) and use them for forwarding, full inbox storage, and sending emails via the interfaces we provide.

    To use the Service, you must create an account using your email address and a password (or OAuth credential). We intentionally minimize the amount of personal data we collect. For example, we do not require your real name, physical address, or phone number for basic account registration.

    Reserved Names: If you joined a wait-list to reserve a specific subdomain or email name prior to subscribing, that reserved name will be linked to your user account when you sign up. We will not assign your reserved subdomain or email alias to anyone else. Even if you cancel your subscription or delete your account, we do not reassign your chosen subdomain/email to another user; we may retain a minimal, non-identifying record of the alias to prevent reuse.

    3. Personal Data We Collect

    We collect only the personal data needed to operate and improve the Service:

    • Account Information: When you create an account, we collect your email address and password (or OAuth identifier). Your email is your login identifier and contact address. Passwords are stored using industry standard hashing and are never stored in plain text.
    • Mailbox Secrets: For inbox-style email addresses, we derive encryption keys from your mailbox password or equivalent secret. We do not store those keys in a form that would let us decrypt your email content at rest without your cooperation.
    • Subscription and Payment Information: Paid subscriptions are handled through Stripe. You provide payment data (such as card details) directly to Stripe. We do not store your full card number or CVC. Stripe shares with us limited information such as payment status, masked card details (e.g. last four digits), and invoice data so we can maintain billing records.
    • Email Content and Metadata: For email forwarding and inbox service, our systems necessarily process email messages addressed to your @iusevimbtw.com addresses. This includes typical email metadata (sender, recipient, time, headers) and message content (subject and body, plus attachments) as needed to route, deliver, store, and display messages to you. Email content is:
      • handled in unencrypted form only within the mail transfer pipeline as needed for delivery and filtering;
      • stored encrypted at rest for inboxes using keys derived from your mailbox password;
      • not logged by us in plain text and not used for marketing or profiling.
    • Anti-spam and Abuse Signals: We maintain technical data related to email traffic patterns (for example, numbers of messages sent per hour/day, number of recipients, bounce statistics, and spam-detection scores from anti-spam tools). These signals help us detect abuse, apply rate-limits, and protect our infrastructure. We focus on patterns and automated scoring and do not manually inspect your email content except in rare cases where strictly necessary for security or troubleshooting with your explicit request.
    • Technical and Usage Data: When you visit our website or use the dashboard, we collect:
      • Log information such as IP address, browser type, device information, pages viewed, and timestamps, primarily for security and debugging;
      • Cookie and local storage data to keep you logged in and remember your preferences;
      • Analytics data from Google Analytics, but only if you explicitly consent to analytics cookies (see Cookie Policy).

    We do not intentionally collect special categories of personal data (such as health, political opinions, etc.), nor do we seek to identify you beyond what is needed to operate the Service (mainly your email address and pseudonymous identifiers).

    4. How We Use Your Personal Data

    We use your personal data for the following purposes and legal bases:

    • Providing and maintaining the Service (contract performance): creating and managing your account; authenticating you; configuring and operating your subdomains and email addresses; routing, delivering, encrypting, and storing your emails; applying anti-spam rules and rate limits; and allowing you to send and receive email.
    • Payment and subscription management (contract, legal obligation): processing payments through Stripe; managing renewals and cancellations; issuing invoices; and maintaining accounting records.
    • Communicating with you (contract, legitimate interest): sending essential operational emails such as account verification, password resets, security alerts, renewal reminders, and important changes to the Service or Terms. We do not send you marketing newsletters at this time.
    • Customer support (contract, legitimate interest): responding to support emails sent to contact@iusevimbtw.com and resolving issues.
    • Improving the Service (legitimate interest, consent for analytics): understanding how users interact with the website and dashboard, improving performance and usability, and planning new features. We use Google Analytics only if you have consented to analytics cookies via our cookie banner.
    • Security, abuse prevention, and fraud detection (legitimate interest, legal obligation): monitoring for suspicious account activity, spam or abusive emailing behavior, denial-of-service attacks, and other threats; blocking or limiting abusive traffic; and cooperating with law enforcement when legally required.

    We do not sell, rent, or trade your personal data to third parties.

    5. Cookies and Analytics

    We use cookies and similar technologies on iusevimbtw.com and dashboard.iusevimbtw.com to keep you logged in, remember your preferences, and (with your consent) measure usage via analytics. Essential cookies are always active; analytics cookies are only set if you opt in through our cookie banner.

    Our cookie practices are described in more detail in our Cookie Policy. That policy explains the types of cookies we use, their purposes, and how you can manage or withdraw consent.

    We use Google Analytics only after you have explicitly consented to analytics cookies. Until you click "Accept" (or similar) for analytics, we do not load the Google Analytics script or set its cookies in your browser.

    6. Third-Party Service Providers (Data Recipients)

    We share personal data with third parties only when necessary to provide and secure the Service or when required by law. These third parties act as data processors and are bound by contracts to protect your data and process it only on our instructions:

    • Hosting (Hetzner): We host our backend infrastructure and email services on servers provided by Hetzner in the European Union. Hetzner stores account data, encrypted mailbox data, and related logs on our behalf. Hetzner does not use your data for its own purposes.
    • Cloudflare: We use Cloudflare as a DNS and content delivery provider and for performance and security features. When you access our Site, requests may be routed through Cloudflare's network, which can process your IP address, basic request information, and security-related metadata (for example, to filter malicious traffic). Cloudflare may set security cookies (such as__cf_bm or similar) to distinguish legitimate visitors from bots. Cloudflare acts as our processor for these purposes.
    • Stripe (Payments): Stripe processes your payment information when you subscribe. Stripe receives your payment card details and billing information directly; we do not see full card numbers. Stripe shares with us only what we need to manage subscriptions and records (such as payment status and masked card data).
    • Google Analytics: If you consent to analytics cookies, Google Analytics processes pseudonymous identifiers (like cookie IDs and truncated IP addresses) to provide us with aggregated usage statistics.

    We may also disclose personal data when required by law, court order, or governmental authority, or when we believe in good faith that disclosure is reasonably necessary to protect our rights, users, or the public.

    In the event of a merger, acquisition, or other corporate transaction, your data may be transferred to a successor entity subject to this Privacy Policy or an equivalent level of protection. We will notify you of such a change where appropriate.

    7. Legal Bases for Processing Personal Data

    Under GDPR, we rely on the following legal bases to process your personal data:

    • Performance of a Contract (Art. 6(1)(b) GDPR): Most processing is necessary to provide the Service under our Terms of Service, including account management, email routing/storage, and subscription handling.
    • Consent (Art. 6(1)(a) GDPR): We rely on your consent for non-essential cookies and analytics (Google Analytics) and for any optional communication that is clearly marked as based on consent. You can withdraw consent at any time.
    • Legitimate Interests (Art. 6(1)(f) GDPR): We process limited data to secure our systems, prevent abuse and spam, respond to support requests, and improve our Service in ways that are compatible with your expectations and do not override your rights.
    • Legal Obligations (Art. 6(1)(c) GDPR): We may process and retain certain data to comply with tax, accounting, and other mandatory legal requirements, or to respond to lawful requests from authorities.

    8. Data Retention: How Long We Keep Your Data

    We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law:

    • Account data: We keep your account data (email, hashed password, subdomain and mailbox associations) for as long as you maintain an account. If you delete your account or request deletion, we remove or anonymize personal data that is no longer needed, subject to legal retention obligations.
    • Email content and logs: Inbox content is stored encrypted at rest until you delete it or delete your mailbox/account. Forwarded-only messages are typically not stored long-term beyond what is technically necessary for delivery and temporary retries. Delivery logs and spam/abuse logs are kept for a limited period (often up to 90 days) for troubleshooting and security, then deleted or anonymized unless needed longer for a specific incident.
    • Payment and billing data: We retain billing records and invoices for the periods required by Romanian and EU accounting and tax laws (typically at least 5 years).
    • Analytics data: Google Analytics data is retained according to the retention period we configure in Google Analytics (commonly 14 months) and is then automatically deleted or aggregated.
    • Server logs: Web and application logs (including IP addresses) are generally retained for up to 90 days and then deleted or anonymized, unless we need specific logs for a longer period to investigate security incidents.
    • Support correspondence: We may retain support emails and tickets for up to 2 years to help us understand past issues and improve our support. You can ask us to delete past support conversations unless we need to keep them for legal reasons.

    9. Your Rights Under GDPR

    As a data subject in the EU/EEA, you have the following rights in relation to your personal data:

    • Right of access – to obtain confirmation whether we process your data and to access a copy.
    • Right to rectification – to correct inaccurate or incomplete personal data.
    • Right to erasure – to request deletion of your data in certain circumstances (for example, when it is no longer necessary or you withdraw consent).
    • Right to restriction of processing – to request that we limit processing in certain cases (for example while a dispute over accuracy is resolved).
    • Right to object – to object to processing based on legitimate interests, and to object at any time to any direct marketing.
    • Right to data portability – to receive certain data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
    • Right to withdraw consent – where processing is based on consent (for example analytics cookies), you can withdraw your consent at any time.

    To exercise any of these rights, please contact us at contact@iusevimbtw.com. We may need to verify your identity before fulfilling your request (for example, by confirming that you control the email address on the account).

    We aim to respond within one month of receiving your request. In complex cases or where we receive many requests, this period may be extended by up to two further months, in which case we will inform you.

    10. Children's Privacy

    Our Service is not intended for children under the age of 16, and we do not knowingly collect personal data from anyone under 16 years old. By using the Service, you confirm that you are at least 16.

    If you believe that a child under 16 has provided us with personal data, please contact us so we can delete that information.

    11. International Data Transfers

    We host our core infrastructure (including mail storage and application servers) in the European Union, primarily with Hetzner. Our goal is to keep personal data within the EU/EEA.

    However, some of our providers (such as Cloudflare, Google, and Stripe) are global companies that may process data in countries outside the EU/EEA. Where this happens, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) and other contractual and technical measures, to ensure your data remains protected at a level essentially equivalent to EU law.

    If you would like more information about international transfers and the safeguards we use, you can contact us using the details above.

    12. Data Security

    We take the security of your data seriously and implement technical and organizational measures to protect it, including:

    • HTTPS/TLS encryption for all connections to our web interfaces.
    • Password hashing and mailbox encryption key derivation from user secrets.
    • Access controls and logging on our servers and admin interfaces.
    • Firewalls, monitoring, and regular updates of our infrastructure.
    • Use of reputable third-party providers with strong security practices.

    While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously review and refine our safeguards.

    You are responsible for keeping your account credentials safe. If you believe your account has been compromised, please contact us immediately.

    13. Changes to this Privacy Policy

    We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we may also notify you by email or through the dashboard.

    Your continued use of the Service after an updated Privacy Policy becomes effective constitutes your acceptance of the updated policy. If you do not agree, you should stop using the Service and may request deletion of your account and data.

    14. Contact and Complaints

    If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at:

    Email: contact@iusevimbtw.com
    (Preferred and fastest contact method.)

    Address: Albedo Technologies S.R.L., Str. Mihail Kogălniceanu 17, Bl. C4, Ap. 10, Municipiul Braşov, Jud. Braşov, 500090, Romania.

    You also have the right to lodge a complaint with your local supervisory authority or with our lead authority in Romania:

    Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

    • Website: http://www.dataprotection.ro/
    • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
    • Telephone: +40.318.059.211
    • Email: anspdcp@dataprotection.ro

    We would appreciate the chance to address your concerns before you contact a regulator, so please consider reaching out to us first.

    Thank you for reading our Privacy Policy. By using iusevimbtw.com, you trust us with your information, and we take that responsibility seriously.