Privacy Policy

Last updated: 22 May 2026

1. Who we are

This website is operated by Emad Leodari, an independent AI consultant and software developer based in Baia Mare, Maramureș, Romania (emadai.dev). Contact: hamidleo1984@gmail.com

2. What data we collect

Account data: email address and full name when you register.
Profile data: phone number and notes you optionally provide.
Service requests: details you submit when requesting a service (business name, travel preferences, etc.).
Booking data: date, time, service type, and payment reference.
Contact messages: name, email, subject, and message content.
Technical data: IP address (for rate limiting only, not stored long-term), browser type via standard server logs.

3. Why we collect it (legal basis)

Contract performance (Art. 6(1)(b) GDPR): to deliver the services you request and manage your bookings.
Legitimate interest (Art. 6(1)(f) GDPR): to protect our platform against abuse (rate limiting, security).
Consent (Art. 6(1)(a) GDPR): to send you service notifications and updates (you can withdraw at any time).

4. Who we share data with

Supabase (database & authentication) — EU region, GDPR-compliant.
Stripe (payment processing) — your card details go directly to Stripe; we never see or store them.
Resend (transactional email) — used to send booking confirmations.
Anthropic (AI processing) — your service request content is sent to Claude to generate outputs. Anthropic does not train on API data.
Google (internal tracking only) — service request summaries are logged in a private Google Sheet accessible only to the site owner.

We do not sell your data to third parties.

5. How long we keep your data

Account and profile data: until you delete your account.
Booking records: 3 years (accounting obligation).
Contact messages: 1 year.
Service request outputs: until you request deletion.

6. Your rights (GDPR)

You have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Erase your data ("right to be forgotten").
Restrict processing.
Data portability — receive your data in a machine-readable format.
Object to processing based on legitimate interest.
Withdraw consent at any time without affecting prior processing.

To exercise any right, email hamidleo1984@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP) at dataprotection.ro.

7. Cookies

We use only essential cookies required for authentication (Supabase session) and security. No advertising or tracking cookies are set.

8. Security

Data is transmitted over HTTPS. Passwords are hashed by Supabase (bcrypt). Payment data is handled exclusively by Stripe and never touches our servers. We apply Content Security Policy, HSTS, and rate limiting to protect the platform.

9. Changes to this policy

We may update this policy. The "last updated" date at the top will reflect any changes. Continued use of the service after changes constitutes acceptance.

2. What data we collect

Account data: email address and full name when you register.

Profile data: phone number and notes you optionally provide.

Service requests: details you submit when requesting a service (business name, travel preferences, etc.).

Booking data: date, time, service type, and payment reference.

Contact messages: name, email, subject, and message content.

Technical data: IP address (for rate limiting only, not stored long-term), browser type via standard server logs.

3. Why we collect it (legal basis)

Contract performance (Art. 6(1)(b) GDPR): to deliver the services you request and manage your bookings.

Legitimate interest (Art. 6(1)(f) GDPR): to protect our platform against abuse (rate limiting, security).

Consent (Art. 6(1)(a) GDPR): to send you service notifications and updates (you can withdraw at any time).

4. Who we share data with

Supabase (database & authentication) — EU region, GDPR-compliant.

Stripe (payment processing) — your card details go directly to Stripe; we never see or store them.

Resend (transactional email) — used to send booking confirmations.

Anthropic (AI processing) — your service request content is sent to Claude to generate outputs. Anthropic does not train on API data.

Google (internal tracking only) — service request summaries are logged in a private Google Sheet accessible only to the site owner.

We do not sell your data to third parties.

6. Your rights (GDPR)

You have the right to:

Access the personal data we hold about you.

Correct inaccurate data.

Erase your data ("right to be forgotten").

Restrict processing.

Data portability — receive your data in a machine-readable format.

Object to processing based on legitimate interest.

Withdraw consent at any time without affecting prior processing.