Privacy Policy

This Privacy Policy explains how TIMPIA S.R.L. ("we", "us", "our") collects, uses, and protects your personal data when you visit timpia.ai or use our services. We are committed to protecting your privacy in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).

1. Data Controller

TIMPIA S.R.L.
Registered Address: Mun. Brașov, Str. Zizinului, nr. 6, bl. 40, sc. A, et. 5, ap. 15, jud. Brașov, Romania
VAT ID: RO52050273
Trade Registry: J20/2504/2024
Email: hello@timpia.ai

2. Personal Data We Collect

We collect the following categories of personal data:

Information you provide directly: Name, email address, phone number, company name, and any other information you submit through our contact forms or in communications with us.

Information collected automatically: IP address, browser type and version, device information, pages visited, time spent on pages, and referring website. This data is collected through cookies and similar technologies as described in our Cookie Policy.

Client project data: Files, documents, and data you provide for the purpose of receiving our AI and automation services.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide our services and fulfill our contractual obligations to you.
• Legitimate interests (Art. 6(1)(f)): For analytics, improving our services, and ensuring security, where our interests do not override your fundamental rights.
• Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): For compliance with tax, accounting, and other legal requirements under Romanian and EU law.

4. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our AI engineering and automation services
• Respond to your inquiries and communicate about your projects
• Process payments and issue invoices
• Send service updates and, with your consent, marketing communications
• Analyze website usage to improve user experience
• Comply with legal and regulatory obligations

5. Data Sharing and Transfers

We may share your data with the following categories of recipients:

• Service providers: Including hosting (Vercel), payment processing (Stripe), and analytics (Google Analytics).
• Analytics providers: We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies. Additionally, we use this information for site optimization and fraud/security purposes. Data is transmitted to the independent controller Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
• Consent management: Cookiebot (Cybot A/S, Denmark) for cookie consent management in compliance with GDPR.
• AI service providers: OpenAI and Anthropic for AI processing, with appropriate data processing agreements in place.
• Professional advisors: Accountants, lawyers, and auditors as necessary.
• Legal authorities: When required by law or to protect our legal rights.

For transfers to countries outside the European Economic Area, we rely on EU Standard Contractual Clauses as approved by the European Commission pursuant to GDPR Article 46(2)(c), or other lawful transfer mechanisms.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Client data and project files: Duration of the business relationship plus 5 years
• Invoices and financial records: 10 years (as required by Romanian fiscal legislation)
• Contact form submissions: 2 years from last interaction
• Analytics data: 26 months, then anonymized

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Obtain confirmation of processing and a copy of your data.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at hello@timpia.ai. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with GDPR Article 32. These measures include encryption in transit and at rest, access controls, and regular security assessments.

9. Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Romanian Data Protection Authority:

ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, Romania
Website: www.dataprotection.ro

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. The "Effective Date" at the top indicates when the policy was last revised.

11. Contact

For questions about this Privacy Policy or our data practices, please contact us at:
hello@timpia.ai