Privacy Policy
Acasavi Platform · June 2026 version
Last updated: June 2026
1. Introduction
This Privacy Policy describes how TechPioneers Romania SRL through the Acasavi Platform ("we") collects, uses, and protects your personal data when you use Acasavi (acasavi.com). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Romanian data protection law (Law 190/2018).
2. Data controller
The data controller for Acasavi is TechPioneers Romania SRL, registered in Romania. For any questions about data processing or to exercise your rights, contact our Data Protection Officer at contact@acasavi.com.
3. Data we collect
We collect the following categories of personal data:
3.1. Account data (all users)
- First and last name / Company name (for legal entities)
- Email address
- Phone number
- City / Location
- Preferred language
- Role (individual Client, business Client, or Provider)
3.2. Business Client data
- Company name and tax ID (CUI)
- Registered office
- Contact person and role
- Billing details (for invoiced services)
3.3. Provider data
- Identity document (ID card front/back)
- Tax code (CUI) and entity type (PFA/SRL)
- IBAN and banking details (processed through Stripe)
- Service areas and availability
- Photo gallery and profile description
3.4. Booking and quote request data
- Service addresses (collected for each booking or subscription)
- Dates, times, frequency, and service details
- Space details (surface area, property type, B2B requirements)
- Prices and payment status
- Reviews and ratings
- In-platform communication between Clients and Providers
- B2B quote requests (need description, surface area, desired frequency)
3.5. Recurring subscription data
- Subscription configuration (frequency, preferred day/time, estimated duration)
- Address and space details for recurring services
- Stripe Subscription identifiers and monthly billing history
- Generated sessions (scheduled dates, status, cancellations)
3.6. Payment data
Processed securely by Stripe. We do not store card numbers. For B2B services, we store billing data as required by Romanian tax law.
3.7. Technical data
- IP address
- Browser type and device information
- Cookies for session management (see section 10)
- Geographic coordinates (at booking, via Mapbox, for exact address identification)
4. How we use your data
- Creating and managing your Platform account
- Matching Clients with suitable service Providers
- Processing bookings, recurring subscriptions, and payments through Stripe
- Verifying Provider identity and fiscal compliance
- Sending booking confirmations, reminders, and notifications for recurring sessions
- Processing B2B Quote Requests and forwarding them to Providers
- Resolving disputes between parties
- Generating anonymised Platform statistics
- Meeting legal obligations, including tax reporting (DAC7)
- Marketing communications (only with your explicit consent)
5. Legal basis for processing
- Contract performance — necessary to provide requested booking and payment services
- Legal obligation — tax reporting (DAC7), identity verification under Romanian law
- Legitimate interest — Platform security, fraud prevention, service improvement
- Consent — for marketing communications and non-essential cookies (you may withdraw consent at any time)
6. Sharing data with third parties
We share the minimum necessary data with the following processors, selected for high security and GDPR compliance:
| Processor | Purpose | Data location |
|---|---|---|
| Stripe Inc. | Payment processing | USA (EU Standard Contractual Clauses) |
| Brevo / Resend | Transactional email | EU / per provider |
| Supabase | Database and authentication | EU (Frankfurt) |
| Vercel | Web hosting | Global (with EU routing) |
| Mapbox | Map and geocoding services | USA (EU Standard Contractual Clauses) |
We do not sell your personal data to third parties. Provider names and service areas are visible to Clients on public profile pages. For B2B quote requests and commercial recurring subscriptions, contact details and space information are shared with the selected Provider to configure the service. These data are used solely for that purpose.
7. Data retention
- While your account is active
- After account deletion: booking, subscription, and payment records are kept for 5 years under Romanian tax law
- Provider identity documents: deleted within 30 days of account closure
- Anonymised analytics data may be kept indefinitely
- In-platform communications: 3 years from the last interaction
8. Data security
- Encrypted data transmission (TLS/HTTPS) across the Platform
- Row Level Security on database tables, ensuring users access only their own data
- Identity documents stored in private buckets with controlled access
- Restricted admin access for verified administrators, with audit logging
- Secure authentication managed through Supabase Auth
- Regular vulnerability checks and security updates
9. Your GDPR rights
- Right of access — to your personal data and to receive a copy
- Right to rectification — correcting inaccurate data through profile settings
- Right to erasure ("right to be forgotten") — requesting account deletion, subject to fiscal obligations
- Right to restriction — limiting processing in certain circumstances
- Right to data portability — receiving your data in a structured, machine-readable format
- Right to object — to processing based on legitimate interest
- Right to withdraw consent — for optional processing, at any time
- Right to lodge a complaint — with the Romanian data protection authority (ANSPDCP)
To exercise these rights, contact us at contact@acasavi.com. We will respond within 30 days.
10. Cookies
- Strictly necessary cookies — for session management and authentication (no consent required)
- Analytics cookies (optional) — to understand Platform usage and improve it (requires your explicit consent)
- Marketing cookies (optional) — for personalised communications (requires your explicit consent)
You may change cookie preferences at any time via the cookie banner or your account settings.
11. Children’s privacy
The Platform is not intended for use by anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, contact us at contact@acasavi.com and we will delete it promptly.
12. International data transfers
Some of our services (Stripe, Mapbox) process data in the United States. For these transfers, we use Standard Contractual Clauses (SCC) approved by the European Commission, ensuring an adequate level of protection for your data. Most data is processed and stored in the European Union (Supabase — Frankfurt, Brevo — EU).
13. Changes to this Policy
We may update this Privacy Policy periodically. Material changes will be communicated by email or in-app notification at least 30 days before they take effect. The "May 2026 version" date at the top reflects the latest revision.
14. Contact and Data Protection Officer (DPO)
For privacy questions or to exercise GDPR rights: TechPioneers Romania SRL General email: contact@acasavi.com Data protection officer (DPO): contact@acasavi.com Website: www.acasavi.com You may also contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at anspdcp.ro.