1. Introduction

At TUPI.ro, operated by Răzvan Ioan Petrescu, we are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and the Organic Law on Data Protection (LOPD).

2. Data Controller

Company Name: Răzvan Ioan Petrescu
Tax ID: ESZ2210924P
Privacy Email: [email protected]

3. Data We Collect

We collect the following information:

• Registration Data: Name, email, password (encrypted)
• Usage Data: Created QR codes, collections, settings
• Technical Data: IP address, browser type, device
• Analytics Data: Scan statistics (approximate geographic location, device, timestamp)

4. Purpose of Processing

• Provide and maintain our services
• Manage your user account
• Send service-related communications (confirmations, notifications, security updates)
• Send offers, promotions, and commercial communications (ONLY if you have given explicit consent)
• Improve our services and user experience
• Comply with legal obligations

5. Legal Basis

We process your data based on:

• Contract performance: To provide the requested services and essential communications
• Explicit consent: To send offers, promotions, and commercial communications. You can withdraw your consent at any time.
• Legitimate interest: To improve our services and prevent fraud

Commercial communications are OPTIONAL. You can accept or decline at registration and can change your preferences at any time from your account or through the unsubscribe link in each email.

6. Data Retention

We retain your data as long as your account is active. After account deletion, your data is deleted within a maximum period of 30 days, except for data we must retain by legal obligation.

7. Data Sharing

We do NOT sell, rent, or share your personal data with third parties for commercial or marketing purposes. We do NOT use your data for advertising or profiling. We share data ONLY in the following cases:

• Stripe (payment processor): For secure processing of token purchases. We do NOT store your card data.
• Infrastructure providers (hosting): To keep the application functional and secure.
• Legal obligations: When required by law or competent authorities.

All data sharing is strictly limited to what is necessary for service operation.

8. Your Rights

According to GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Restriction: Restrict processing of your data
• Portability: Receive your data in a structured format
• Objection: Object to processing of your data

To exercise these rights, contact [email protected]

9. Cookies

We use ONLY essential cookies for application functionality:

• Essential Cookies: Necessary for authentication, session, and security. These are strictly necessary and cannot be disabled.

We do NOT use marketing, advertising, or third-party tracking cookies.

10. Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, or alteration. We use SSL/TLS encryption and secure storage.

11. Minors

Our services are not directed to minors under 16 years of age. If you are a minor, you must have the consent of your parents or legal guardians.

12. Policy Changes

We reserve the right to update this policy. Important changes will be notified by email.

13. Contact

For any questions about privacy:

Email: [email protected]