Skip to content
SeniorHelp

Privacy Policy

Last updated: 29 June 2026

This is an informative English translation. The legally binding version of this Privacy Policy is the Romanian one.

Questions or GDPR requests?

Email us at help@seniorhelp.ro or use our Contact. We respond within 30 days, per Art. 12 GDPR.

This policy explains how SeniorHelp collects, uses and protects your personal data in accordance with EU Regulation 2016/679 (GDPR), Romanian Law 190/2018 and the recommendations of the Romanian Data Protection Authority (ANSPDCP).

1. Data controller

The controller of personal data is:

  • SC ANYMAG DIGITAL SOLUTIONS SRL
  • VAT ID: RO44274326
  • Trade Register: J2021008567409
  • Address: Calea Dudești 188, Sector 3, Bucharest, postal code 031088, Romania
  • Contact email: help@seniorhelp.ro

We have not appointed a Data Protection Officer (DPO) as we do not meet the thresholds in Art. 37 GDPR. For any data-related request, contact us at the email above.

2. Data we collect

We collect only data strictly necessary to operate the platform and deliver our services:

  • User account: first name, last name, email, password (bcrypt-hashed, never stored in clear text), optional phone, preferred language
  • Company profile (for owners): company name, address, business phone, business email, description, photos, optional video, VAT ID
  • Contact forms: name, email, phone, message, IP (stored as SHA-256 hash), user-agent
  • Reviews: rating, text, date, association with your account
  • Billing data (for paid plans): legal name, VAT ID, trade register, address, city, county, postal code, VAT status. Card details are not stored with us — they are processed directly by Stripe (PCI DSS Level 1).
  • Cookies and similar technologies: see our Cookie Policy
  • Conversations with Hermina (AI assistant): messages and history, stored in your account and browser localStorage

3. Purpose of processing

We use your data to:

  • Deliver the service (showing company profiles, search results, comparison)
  • Enable communication between users and companies (contact forms, notifications)
  • Process payments and issue invoices for subscriptions
  • Send transactional communications (account confirmations, message notifications, subscription alerts)
  • Marketing (newsletter, weekly favourites digest) — only with your explicit consent
  • Security and fraud prevention (rate limiting, audit logs)
  • Improving the platform (aggregated analytics, no personal identification)

4. Legal basis (Art. 6 GDPR)

  • Performance of contract (Art. 6(1)(b)): delivering services you requested (account, subscription, contact with a company)
  • Legitimate interest (Art. 6(1)(f)): security, audit logs, spam prevention, product improvement
  • Consent (Art. 6(1)(a)): marketing, non-essential cookies, AI article generation
  • Legal obligation (Art. 6(1)(c)): retention of invoices for at least 10 years (Art. 25 Romanian Tax Code), tax reporting, ANAF e-Factura

5. Data recipients

We work with the following processors (under Art. 28 GDPR data processing agreements):

  • Stripe (Ireland + USA) — card payment processing
  • Resend (USA) — transactional email delivery
  • Cloudflare R2 (EU — Eastern Europe) — company photos storage
  • Vercel (USA) — application hosting
  • Neon (EU — Frankfurt) — PostgreSQL database
  • SmartBill (Romania) — fiscal invoice issuance
  • termene.ro (Romania) — VAT ID lookup for billing autofill
  • Anthropic (USA) — Claude AI model for the Hermina assistant and article generation (your messages to Hermina are sent for processing)
  • Google Maps / Mapbox (USA) — interactive maps
  • ANAF / SmartBill SPV (Romania) — e-Factura reporting per law

We do not sell or rent your data to third parties for marketing.

6. Transfers outside the EU

Some providers (Stripe, Resend, Vercel, Anthropic, Google) process data in the United States. These transfers are protected by Standard Contractual Clauses (SCC) approved by the European Commission (Decision 2021/914) and/or adherence to the EU-US Data Privacy Framework.

7. Retention period

  • Active account: as long as you use it, plus 3 years of inactivity
  • Invoices and accounting data: 10 years (legal obligation, Art. 25 Romanian Tax Code)
  • Contact messages: 2 years (for records and dispute mediation)
  • Audit logs: 1 year
  • Cookies: maximum 12 months (consent expires and is requested again)
  • Hermina conversations: as long as you have the account; deletable anytime from the user panel

When you delete your account, your data is deleted or anonymised within 30 days, except where we are legally required to retain it (invoices).

8. Your rights (GDPR)

Under GDPR, you have the following rights:

  • Access (Art. 15)find out what data we hold about you
  • Rectification (Art. 16)correct inaccurate data
  • Erasure (Art. 17)"right to be forgotten", subject to legal exceptions
  • Restriction (Art. 18)temporarily stop processing
  • Portability (Art. 20)receive your data in a structured format (JSON / CSV)
  • Objection (Art. 21)object to processing based on legitimate interest
  • Consent withdrawal (Art. 7(3))anytime, without affecting prior processing
  • Right not to be subject to automated decisions (Art. 22)we do not use automated profiling with legal effects

To exercise any right, email us at help@seniorhelp.ro. We respond within 30 days.

9. Cookies

We use essential cookies (authentication, session) and, with your consent, analytics and marketing cookies. Full details and consent controls in our Cookie Policy.

10. Security

We apply reasonable technical and organisational measures to protect your data:

  • HTTPS mandatory (TLS 1.2+) on all pages
  • Passwords hashed with bcrypt (cost factor 12)
  • IPs from contact forms stored as SHA-256 hash
  • Production data access restricted to authenticated admins
  • Daily encrypted backups (Neon Point-in-Time Recovery)
  • Audit log for administrative actions

In the event of a security incident affecting your data, we notify you within 72 hours (Arts. 33-34 GDPR) and report to ANSPDCP.

11. Minors

The platform is not intended for persons under 16. We do not knowingly collect data about minors. If you discover a minor has provided us data, please contact us and we will delete it immediately.

12. Policy changes

We may update this policy to reflect legal or service changes. We will notify you by email and/or a banner on the site at least 30 days before significant changes take effect.

13. Complaints to the supervisory authority

If you believe we are unlawfully processing your data, you have the right to lodge a complaint with the Romanian supervisory authority:

  • Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
  • Address: B-dul. G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest 010336, Romania
  • Phone: +40 318 059 211
  • Email: anspdcp@dataprotection.ro
  • Website: dataprotection.ro

We recommend contacting us first — we try to resolve any issue promptly and amicably.

See also

Back to home