LawBud - Privacy Policy
Company Logo

PRIVACY POLICY FOR THE AVOCATEL.RO PLATFORM

Last updated: 09.07.2025.

For information regarding the terms of use of the platform, please refer to theTerms and Conditions

1. General Information

This Privacy Policy explains how Bács M-Cs. Balázs ÎI ("we," "LawBud," or "Data Controller") collects, uses, stores, and protects the personal data of users of the https://avocatel.ro web application (hereinafter "Platform" or "Website") in accordance with the General Data Protection Regulation (GDPR - EU 2016/679). By accessing and using the Platform, you accept this Privacy Policy. If you do not agree with this policy, please do not use our services. Data Controller: Name: Bács M-Cs. Balázs ÎI Headquarters: Bixad, 147, CV, RO Tax ID: 51894240 Email: bmcb.dev@gmail.com Phone: +40743234307

2. What Data Do We Collect?

We do not actively collect names, phone numbers, or other personal data. Messages transmitted on the platform are stored only on the user's device, locally, and are encrypted to ensure confidentiality. Users may provide additional information, including sensitive data, in questions asked to the AI. These are not stored or processed for any other purpose. Location data is processed in real-time and is not stored on our servers.

  • The user's email address, used for authentication (via magic link) and communication related to the account.
  • Geolocation data (latitude and longitude coordinates) when explicitly permitted by the user through browser location permissions, used to determine the user's city for providing location-based legal professional recommendations.

3. How Do We Collect Data?

We do not intentionally request or collect other personal data. Geolocation data is only used when users grant permission through their browser's location permission prompt.

  • By filling out the website's authentication form;
  • Through the user's voluntary interaction with the platform;
  • Through browser geolocation API when explicitly permitted by the user.

4. Purpose and Legal Basis for Data Processing

Data is processed for the following purposes:

  • Providing access to the platform via magic link authentication;
  • Viewing the user's message history on their own device;
  • Processing payments via Stripe for credit purchases;
  • Creating and managing user accounts;
  • Communicating with the user regarding their account and purchased services;
  • Providing location-based legal professional recommendations based on the user's city;
  • Complying with legal obligations and preventing fraud.

5. How and Where Do We Store Data?

Access to data is secure and restricted to authorized personnel only.

  • Messages are stored locally on the user's device and are not accessible on other devices upon reconnection.
  • We do not retain conversation history on our servers.
  • The email address is stored in the Supabase service database, which we use as backend infrastructure. Supabase servers are located in the European Union (or other GDPR-compliant locations, as applicable).
  • Payment data is handled exclusively by Stripe, and avocatel.ro does not have access to bank card details.

6. Who Do We Share Your Data With?

  • We do not sell or share your email address with third parties for commercial purposes.
  • Questions formulated on the platform are transmitted to the OpenAI API for response generation, without personal identifiers.
  • Location coordinates are sent to OpenStreetMap's Nominatim service to determine the user's city for location-based recommendations. This service is operated by the OpenStreetMap Foundation.
  • Infrastructure providers (Supabase, Stripe) have limited access under contractual regulations and applicable laws.

7. Data Retention Period

The email address is retained as long as the user account is active or until explicitly requested for deletion. After account deletion, data will be removed within a maximum of 30 days.

8. Security Measures

  • Encrypted access via HTTPS;
  • Restricted access to the database;
  • Secure authentication mechanisms (magic link);
  • Internal policies for data access and handling.

9. User Rights

Under GDPR, you have the following rights:

  • Right to access data;
  • Right to rectify or delete data;
  • Right to restrict data processing;
  • Right to object;
  • Right to withdraw consent;
  • Right to file a complaint with ANSPDCP (National Supervisory Authority for Personal Data Processing).

10. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy as necessary. All changes will be prominently posted on the website. Continued use of the Platform constitutes acceptance of the revised policy.