1. Introduction and Contact Details
Data Controller:
IMEIGuard
CUI: 48264880
Reg. No.: J40/XXXX/2024
Address: Str. Exemplu nr. 1, București, Sector 1, România
Email: support@imeiguard.ro
Phone: +40 721 171 995
Data Protection Officer (DPO):
Data Protection Officer
Email: dpo@imeiguard.ro
This Privacy Policy describes how we collect, use, store, and protect your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 on the protection of personal data.
IMEIGuard
CUI: 48264880
Reg. No.: J40/XXXX/2024
Address: Str. Exemplu nr. 1, București, Sector 1, România
Email: support@imeiguard.ro
Phone: +40 721 171 995
Data Protection Officer (DPO):
Data Protection Officer
Email: dpo@imeiguard.ro
This Privacy Policy describes how we collect, use, store, and protect your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 on the protection of personal data.
2. Personal Data Collected
2.1. Identification and Contact Data:
- First and last name (for registered users and invoicing)
- Email address
- Phone number (optional)
- Billing address (for users requesting invoices)
- CUI/CNP (optional, for invoicing)
2.2. Verification Data:
- IMEI number verified
- Verification date and time
- Verification results
- Device brand and model
2.3. Usage and Technical Data:
- IP address
- Browser and operating system
- Language preferences
- Cookies and unique identifiers
- Pages visited and browsing behavior
- FANE BOT (AI assistant) conversation history
2.4. Payment Data:
- Transaction information (processed by Stripe)
- We do not store bank card data (processed exclusively by Stripe)
- Purchase and invoice history
2.5. Session Data:
- Session ID
- Cookie preferences
- Authentication status
- Selected language
3. Purposes of Data Processing
We process your personal data for the following purposes:
3.1. Service Provision (legal basis: contract execution) - Processing IMEI verifications - Displaying verification results - Managing user accounts - Ensuring platform functionality 3.2. Communication (legal basis: contract execution and legitimate interest) - Sending OTP verification codes - Notifications about verification results - Responses to your questions and requests - Important administrative communications 3.3. Payment Processing (legal basis: contract execution and legal obligation) - Processing payments through Stripe - Generating and issuing invoices - Managing refunds - Tax compliance 3.4. Service Improvement (legal basis: legitimate interest) - Analysis of platform usage - Improving user experience - Developing new features - Resolving technical issues 3.5. Security and Fraud Prevention (legal basis: legitimate interest and legal obligation) - Detecting and preventing unauthorized access - Protecting against spam and abuse - Maintaining system integrity - Complying with legal obligations 3.6. Marketing and Promotional Communications (legal basis: consent) - Sending offers and promotions (only with your explicit consent) - Informative newsletters - Announcements about new features 3.7. Legal Compliance (legal basis: legal obligation) - Complying with tax obligations - Responding to authority requests - Compliance with applicable legislation
3.1. Service Provision (legal basis: contract execution) - Processing IMEI verifications - Displaying verification results - Managing user accounts - Ensuring platform functionality 3.2. Communication (legal basis: contract execution and legitimate interest) - Sending OTP verification codes - Notifications about verification results - Responses to your questions and requests - Important administrative communications 3.3. Payment Processing (legal basis: contract execution and legal obligation) - Processing payments through Stripe - Generating and issuing invoices - Managing refunds - Tax compliance 3.4. Service Improvement (legal basis: legitimate interest) - Analysis of platform usage - Improving user experience - Developing new features - Resolving technical issues 3.5. Security and Fraud Prevention (legal basis: legitimate interest and legal obligation) - Detecting and preventing unauthorized access - Protecting against spam and abuse - Maintaining system integrity - Complying with legal obligations 3.6. Marketing and Promotional Communications (legal basis: consent) - Sending offers and promotions (only with your explicit consent) - Informative newsletters - Announcements about new features 3.7. Legal Compliance (legal basis: legal obligation) - Complying with tax obligations - Responding to authority requests - Compliance with applicable legislation
4. Data Sharing with Third Parties
4.1. Essential Service Providers:
We share your data with the following third-party providers for Service operation: Stripe - Payment processing - Data shared: email, transaction amount - Location: USA/EU (with standard contractual clauses) - Purpose: secure payment processing - Their policy: stripe.com/privacy MongoDB Atlas / Cloud Database - Data storage - Data shared: all account data - Location: EU (Frankfurt/Ireland) - Purpose: database hosting - Security measures: encryption, restricted access EmailJS / Email Service - Email sending - Data shared: email address, name, message content - Purpose: sending OTP codes and verification results - Security: TLS encrypted connections IMEI Verification APIs - Device verification - Data shared: IMEI number - Purpose: obtaining device information - Note: IMEI number is transmitted to third-party providers for verification 4.2. Legal Obligations:
We may disclose your data if: - We are legally required to do so - It is necessary to protect our legal rights - It is necessary to prevent fraud or illegal activities - It is requested by competent authorities with a valid legal warrant 4.3. International Transfer:
Some service providers may be located outside the European Economic Area (EEA). In these cases, we ensure appropriate protection measures are implemented (EU standard contractual clauses, Privacy Shield, etc.). 4.4. We Do NOT Sell Your Data:
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
We share your data with the following third-party providers for Service operation: Stripe - Payment processing - Data shared: email, transaction amount - Location: USA/EU (with standard contractual clauses) - Purpose: secure payment processing - Their policy: stripe.com/privacy MongoDB Atlas / Cloud Database - Data storage - Data shared: all account data - Location: EU (Frankfurt/Ireland) - Purpose: database hosting - Security measures: encryption, restricted access EmailJS / Email Service - Email sending - Data shared: email address, name, message content - Purpose: sending OTP codes and verification results - Security: TLS encrypted connections IMEI Verification APIs - Device verification - Data shared: IMEI number - Purpose: obtaining device information - Note: IMEI number is transmitted to third-party providers for verification 4.2. Legal Obligations:
We may disclose your data if: - We are legally required to do so - It is necessary to protect our legal rights - It is necessary to prevent fraud or illegal activities - It is requested by competent authorities with a valid legal warrant 4.3. International Transfer:
Some service providers may be located outside the European Economic Area (EEA). In these cases, we ensure appropriate protection measures are implemented (EU standard contractual clauses, Privacy Shield, etc.). 4.4. We Do NOT Sell Your Data:
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
5. Data Retention Period
5.1. Active Accounts:
Data of registered users is retained as long as the account is active. 5.2. Closed Accounts:
After account closure, data is: - Anonymized or deleted within 30 days - Retained for legal obligations (invoices, accounting) for 10 years according to tax legislation - Essential data for legal compliance is archived separately 5.3. Orders and Verifications:
- Verification history: 2 years (then deleted or anonymized) - Invoices and tax documents: 10 years (legal obligation) - Stripe payment data: according to Stripe's policy 5.4. Guest Users:
- Verification data: 90 days (then automatically deleted) - Invoices: 10 years (legal obligation) - Cookie consent: 12 months 5.5. Right to Deletion:
You can request deletion of your data at any time, except for data we are legally required to retain.
Data of registered users is retained as long as the account is active. 5.2. Closed Accounts:
After account closure, data is: - Anonymized or deleted within 30 days - Retained for legal obligations (invoices, accounting) for 10 years according to tax legislation - Essential data for legal compliance is archived separately 5.3. Orders and Verifications:
- Verification history: 2 years (then deleted or anonymized) - Invoices and tax documents: 10 years (legal obligation) - Stripe payment data: according to Stripe's policy 5.4. Guest Users:
- Verification data: 90 days (then automatically deleted) - Invoices: 10 years (legal obligation) - Cookie consent: 12 months 5.5. Right to Deletion:
You can request deletion of your data at any time, except for data we are legally required to retain.
6. Data Security
Technical and Organizational Measures:
We implement robust security measures to protect your data: Technical: - SSL/TLS encryption for all communications - Password encryption with bcrypt - CSRF and XSS protection - Rate limiting and DDoS protection - Regular security updates - Continuous monitoring - Regular encrypted backups Organizational: - Restricted data access (authorized personnel only) - Internal security policies - Regular security training - Incident response procedures - Periodic security audits In case of incident:
In the event of a security breach affecting your data, we will notify you within 72 hours as required by GDPR and take necessary measures to limit the impact.
We implement robust security measures to protect your data: Technical: - SSL/TLS encryption for all communications - Password encryption with bcrypt - CSRF and XSS protection - Rate limiting and DDoS protection - Regular security updates - Continuous monitoring - Regular encrypted backups Organizational: - Restricted data access (authorized personnel only) - Internal security policies - Regular security training - Incident response procedures - Periodic security audits In case of incident:
In the event of a security breach affecting your data, we will notify you within 72 hours as required by GDPR and take necessary measures to limit the impact.
7. Your Rights
Under GDPR, you have the following rights:
7.1. Right of Access: You can request a copy of the personal data we hold about you. 7.2. Right to Rectification: You can request correction of inaccurate or incomplete data. 7.3. Right to Erasure ("right to be forgotten"): You can request deletion of your data (except data we are legally required to retain). 7.4. Right to Restriction of Processing: You can request limitation of how we use your data. 7.5. Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format. 7.6. Right to Object: You can object to processing based on legitimate interest or for direct marketing purposes. 7.7. Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time. 7.8. Right to Complain: You can file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP). To exercise your rights, contact:
Email: dpo@imeiguard.ro
We will respond within 30 days of receiving the request.
7.1. Right of Access: You can request a copy of the personal data we hold about you. 7.2. Right to Rectification: You can request correction of inaccurate or incomplete data. 7.3. Right to Erasure ("right to be forgotten"): You can request deletion of your data (except data we are legally required to retain). 7.4. Right to Restriction of Processing: You can request limitation of how we use your data. 7.5. Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format. 7.6. Right to Object: You can object to processing based on legitimate interest or for direct marketing purposes. 7.7. Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time. 7.8. Right to Complain: You can file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP). To exercise your rights, contact:
Email: dpo@imeiguard.ro
We will respond within 30 days of receiving the request.
8. Cookies and Tracking Technologies
We use cookies and similar technologies for platform operation. For detailed information about cookies, types used, purposes, and management, please consult our Cookie Policy.
9. Policy Changes
We reserve the right to update this Privacy Policy. Significant changes will be communicated via email or platform notification. The date of the last update is displayed at the top of this page.
10. Minors
Our Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor without parental/guardian consent, we will delete this data immediately.