PRIVACY POLICY – TRUSTORA
Effective date: January 17, 2026
1. INTRODUCTION
The privacy of your data is fundamental to Trustora ("We", "Platform", "Company"). As a trusted digital infrastructure ("Digital Trust Infrastructure"), we are committed to protecting the personal information of Clients and Providers who use our services.
This Policy explains how we collect, use, store, and protect your data when you access our website (trustora.ro) and use our application.
2. DATA CONTROLLER
The controller of your personal data is:
- Company name: PTECHIT S.R.L.
- Registered office: Bdul. Mamaia Nord 14 CORP B2 Et. 2 Ap. 38 Cod 905700
- GDPR contact email: contact@trustora.ro
- Representative: Ion Arsene Claudiu
3. WHAT DATA WE COLLECT
We collect data necessary to facilitate B2B contracting, secure payments, and identity verification.
3.1. Data provided directly by you
- Account data: Name, surname, email address, password (stored encrypted), phone number.
- Profile data (Providers): CVs, portfolio, technical skills (admin/services), hourly/project rate, profile photo.
- Identification data (KYC/KYB): For identity verification, we may collect copies of identity documents, company registration certificates (CUI/CIF), bank statements.
- Note: Processing of sensitive identity documents is primarily handled by our partner Rapyd, under banking security standards.
- Financial data: Bank account details (IBAN), transaction history, invoicing details. We do not store full card numbers on our servers; these are processed securely by Rapyd.
- Communications: Messages sent through our Chat system (components/chat), details about scheduled video calls (admin/calls), and files uploaded within projects.
- Video interviews: Recordings or notes resulting from the providers' video verification process, required to validate skills ("Verified People").
3.2. Data collected automatically
When you use the Platform, our code (ActivityTracker.tsx, analytics) automatically collects:
- IP address and device/browser data.
- Activity logs: access date and time, pages visited, actions performed (e.g., signing a contract, approving a milestone).
- Cookies and similar technologies (to keep authentication sessions and language preferences - LocaleSwitcher).
4. PURPOSES AND LEGAL BASIS FOR PROCESSING
| Processing purpose | Legal basis (GDPR) |
|---|---|
| Account creation and management | Performance of contract (Terms and Conditions) |
| Payment processing and escrow | Performance of contract |
| Identity verification (KYC/KYB) | Legal obligation (anti-money laundering) and Legitimate interest (platform security) |
| Facilitating contracts between Client and Provider | Performance of contract |
| Service communications (project notifications) | Performance of contract |
| Performance analysis and security | Legitimate interest (service improvement) |
| Marketing (Newsletter) | Your explicit consent |
5. SHARING DATA WITH THIRD PARTIES
We do not sell your data. We only share it with partners necessary for service operation:
- Payment processors (Rapyd): For payment processing, management of "Connected Accounts", and identity verification procedures. Their privacy policy applies to data collected directly by them (dashboard/Rapyd/onboard).
- Infrastructure providers: Hosting services (e.g., Vercel, AWS), databases (e.g., Supabase/PostgreSQL), and file storage.
- Authorities: If required by law (e.g., ANAF, judicial authorities) to report financial or suspicious activities.
- Other users: Clients see the provider's professional profile.
- Parties involved in a Project see identification data required to generate the Service Contract.
6. INTERNATIONAL DATA TRANSFERS
Trustora operates primarily within the European Economic Area (EEA).
- Transfers to the United Kingdom are covered by the European Commission's Adequacy Decision.
- If we use providers in the US (e.g., email or analytics services), we ensure they participate in the Data Privacy Framework (DPF) or we sign Standard Contractual Clauses (SCC) to guarantee data protection.
7. DATA SECURITY
We implement robust technical and organizational measures, reflected in the platform's source code:
- Encryption: Sensitive data is encrypted in transit (SSL/TLS) and at rest.
- Access control: We use secure authentication (server-auth.ts, proxy.ts) and strict user roles (Admin, Client, Provider) to limit data access (PermissionMatrixTab).
- Audit: We monitor activity to detect fraud attempts or unauthorized access (ActivityTracker).
8. DATA RETENTION
We retain data only as long as necessary:
- Account data: For the lifetime of the account + 30 days after deletion (for backups).
- Financial and contractual data: At least 5 or 10 years, in accordance with Romanian fiscal and archiving obligations.
- Technical data (logs): Up to 12 months, for security.
9. YOUR RIGHTS
Under GDPR, you have the following rights:
- Right of access: Request a copy of the data we hold.
- Right to rectification: Correct inaccurate profile data (app/[locale]/provider/profile).
- Right to erasure ("Right to be forgotten"): Request account deletion, except data we are legally required to retain (e.g., invoices).
- Right to restriction and objection.
- Right to data portability.
To exercise these rights, contact us at contact@trustora.ro.
10. COOKIE POLICY
The platform uses essential cookies for:
- Authentication (keeping you signed in).
- Security (preventing CSRF attacks).
- Preferences (language, dark/light theme).
You can control cookies in your browser settings, but disabling essential cookies may affect the platform's functionality.
11. UPDATES
We may periodically update this Policy. Any major change will be notified via email or a visible message in the application Dashboard.
Loading...