Privacy Policy

Last updated: February 7, 2026

1. Introduction

Stratevo (“we”, “the Controller”) is committed to protecting the privacy of your personal data. This policy describes what data we collect, how we use it and your rights, in accordance with the General Data Protection Regulation (GDPR - EU 2016/679).

2. Data Collected

We collect the following categories of personal data:

Data provided by you:

  • First and last name
  • Email address
  • Phone number (optional)
  • Company name (optional)
  • Messages sent through the contact form

Automatically collected data:

  • IP address and user agent (upon contract acceptance)
  • Google OAuth authentication data (name, email, avatar)
  • Payment data processed through Stripe (we do not store card data)

3. Purpose of Processing

Personal data is processed for the following purposes:

  • Providing purchased services
  • Managing the client account
  • Processing payments and issuing invoices
  • Service-related communications (project status, invoices)
  • Responding to inquiries and contact requests
  • Legal compliance (ANPC, tax obligations)

4. Legal Basis for Processing

  • Contract performance - for providing purchased services (Art. 6(1)(b) GDPR)
  • Consent - for processing data provided through the contact form (Art. 6(1)(a) GDPR)
  • Legal obligation - for maintaining tax documents (Art. 6(1)(c) GDPR)
  • Legitimate interest - for improving services and platform security (Art. 6(1)(f) GDPR)

5. Data Sharing

Your data may be shared with:

  • Stripe - payment processor (Stripe Policy)
  • Google - OAuth authentication (Google Policy)
  • Supabase - database hosting (EU)
  • Vercel - web application hosting

We do not sell or rent your personal data to third parties.

6. Data Retention

  • Account data: for the duration of the account + 30 days after deletion
  • Payment/invoice data: 10 years (legal tax obligation)
  • Contact form messages: 12 months
  • Contract acceptance data: 5 years from the date of acceptance

7. Your Rights

Under GDPR, you have the following rights:

  • Right of access - to request a copy of your personal data
  • Right to rectification - to correct inaccurate data
  • Right to erasure - to request deletion of data (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object - to oppose processing based on legitimate interest
  • Right to lodge a complaint with ANSPDCP (National Supervisory Authority for Personal Data Processing)

To exercise any right, contact us at hello@stratevo.ro. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures for data protection, including: SSL/TLS encryption for all communications, secure authentication through OAuth 2.0, PCI DSS compliant payment processing (through Stripe), and role-based limited access to data.

9. Cookies

We use strictly necessary cookies for site functionality (authentication, session). We do not use marketing or third-party tracking cookies without your explicit consent.

10. DPO Contact

For any questions regarding data protection:

See also Terms and Conditions, Cookie Policy and Return Policy.