Privacy policy

1. Introduction

DEVELOPMINT SERVICES SRL, Tax ID (CUI) 47087233, Trade Registry no. J40/21512/2022 (hereinafter referred to as "Storno.ro", "we" or the "Controller") respects the privacy of your personal data and is committed to protecting it in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and applicable national legislation.

This Privacy Policy describes how we collect, use, store and protect your data when you use the Storno.ro platform.

2. Personal data collected

We collect the following categories of data:

2.1 Account identification data

First and last name
Email address
Password (stored in irreversibly encrypted format)

2.2 Company tax data

Tax Identification Code (CIF)
Company name
Registered office address
Trade Register registration number
VAT payer status

2.3 ANAF and invoicing data

ANAF access tokens (stored encrypted)
Electronic invoices issued and synchronised from SPV (XML, PDF, digital signature)
Invoice metadata (number, date, amounts, partner tax codes)
Client, product and supplier data managed in the Platform
Payment and collection information

2.4 Technical data

IP address
Browser type and version
Platform usage data (pages visited, actions performed)
Log data for debugging and security purposes

3. Purpose and legal basis of processing

Purpose	Legal basis
Providing the Service (invoice synchronisation)	Performance of contract (Art. 6(1)(b) GDPR)
User account management	Performance of contract (Art. 6(1)(b) GDPR)
Service-related communications (notifications, alerts)	Legitimate interest (Art. 6(1)(f) GDPR)
Tax compliance (invoice archiving)	Legal obligation (Art. 6(1)(c) GDPR)
Security and fraud prevention	Legitimate interest (Art. 6(1)(f) GDPR)
Service improvement (aggregated analytics)	Legitimate interest (Art. 6(1)(f) GDPR)

We do not sell, rent or share your personal data with third parties for marketing purposes. Data may be shared only in the following situations:

Service providers: hosting, payment processing (Stripe), email delivery — only to the extent necessary to provide the Service
Legal obligations: at the request of competent authorities, in accordance with applicable law
With your consent: in any other case, only with your explicit consent

5. Data storage and security

Data is stored on secure servers within the European Union
All connections are encrypted with TLS/HTTPS
ANAF tokens are stored encrypted at the database level
Passwords are stored using irreversible hashing algorithms (bcrypt)
Data access is restricted through role-based access controls
We perform regular backups and continuous monitoring

6. Data retention periods

Data category	Retention period
User account data	For as long as you have an active subscription with us + 30 days after cancellation or account deletion
Invoices and tax documents	Minimum 5 years (in accordance with Romanian tax legislation)
ANAF tokens	For the duration of validity + immediate deletion upon disconnection
Security logs	12 months
Analytics data (aggregated)	24 months

7. Your rights

In accordance with GDPR, you have the following rights:

Right of access — you may request a copy of your data
Right to rectification — you may request the correction of inaccurate data
Right to erasure — you may request the deletion of your data (except data retained due to legal obligations)
Right to restriction of processing — you may request the limitation of processing in certain situations
Right to data portability — you may request your data in a structured, commonly used format
Right to object — you may object to processing based on legitimate interest
Right to lodge a complaint — with the National Supervisory Authority for Personal Data Processing (ANSPDCP)

To exercise these rights, you may contact us at the email address mentioned below. We will respond within a maximum of 30 days.

Email: [email protected]