GDPR

Privacy Policy ProDetailer

How ProDetailer collects, uses, and protects your personal data.

Privacy Policy — ProDetailer

Effective date: 29/04/2026 Last updated: 29/04/2026

1. Who we are

ProDetailer is a platform that connects vehicle owners with car-detailing businesses and mobile detailers in Romania.

This Privacy Policy describes how we handle your personal data when you use the ProDetailer mobile app, the web platform at prodetailer.app, and any related services (collectively, the "Service").

The data controller responsible for processing your personal data is:

VREAUCENTURI.RO SRL Str. Nerva Traian 27-33 Sc. B Et. 1 Ap. BIR. 6, Sector 3, București, Cod 031044, România Registration: J2025036462004 VAT ID: 51834370 Contact: office@vreaucenturi.ro · 07900 033 300

Throughout this policy, "we", "our", and "us" refer to that company.

This policy is governed by Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 implementing it.

2. Data we collect

We only collect data we actually use to run the Service. The categories below are the complete list — if a category isn't here, we don't collect it.

CategoryWhat it includesWhy we need it
Account identityName, email address, optional phone number, account type (personal / business), preferred languageTo create your account, sign you in, and identify you across sessions
Profile contentDisplay name, avatar photo, business address, company registration / VAT identifiers (business accounts only)To show your profile in the app and on invoices
VehiclesMake, model, year, license plate, VIN, photosTo pre-fill bookings and show garages what vehicle they will be servicing
LocationApproximate or precise GPS location while you actively use the discovery / booking features. We never track location in the background.To sort nearby garages and to dispatch mobile detailers to your address
Payment dataWe do not store full card numbers ourselves. Stripe Inc. handles card data directly inside their PCI-compliant SDK; we receive only payment status, last-four digits for display, and tokenized referencesTo process payments for mobile-detailer broadcast jobs and (for businesses) your platform subscription
Bookings & jobsService requested, scheduled date/time, address, photos before/after, chat between you and the garage / detailer, ratings and reviews you writeTo run the booking flow end-to-end and to maintain a service history
Invoices & fiscal recordsIssued invoices and any document required by Romanian tax lawLegal obligation under Legea Contabilității nr. 82/1991 (Art. 25) and the Romanian Fiscal Code
Diagnostic dataCrash reports and limited performance metrics via Sentry. No screen contents are captured.To find and fix bugs
Device dataApp version, OS version, push-notification tokenTo deliver push notifications and rule out version-specific bugs

We do not collect: precise advertising identifiers, contacts, calendar, microphone audio, body sensors, health data, or browsing history outside the Service.

3. Why we collect it (legal basis)

For each purpose below, we rely on a specific legal basis under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service you signed up for: account, bookings, chat, payments, ratings.
  • Legal obligation (Art. 6(1)(c)) — to keep invoices and fiscal records for the period required by Romanian tax law.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure (crash reports, abuse prevention) and to display reviews you publish (the platform interest in providing decision-useful information to other users).
  • Consent (Art. 6(1)(a)) — for any optional feature that requests it explicitly (e.g., marketing emails if you opt in). You can withdraw consent at any time without affecting prior processing.

4. Who we share data with

We share data only with the third parties below, and only the minimum necessary for them to perform their function. None of them sells your data.

ProviderWhere it's hostedWhat we shareWhy
Supabase (Supabase Inc., USA — DPF-certified; data hosted in EU)Frankfurt (eu-central-1)All app data: account, bookings, chat, photos, invoicesBackend database, authentication, storage, edge functions
Stripe (Stripe Inc., USA — DPF-certified)EU (Stripe Ireland) for EU customersPayment amount, customer reference, billing emailCard processing for mobile-detailer broadcast jobs and business subscriptions
Sentry (Functional Software Inc., USA — DPF-certified)EU regionAnonymized crash reports + minimal device metadataCrash reporting and stability monitoring
Google Maps Platform (Google LLC, USA — DPF-certified)Google's global infrastructureApproximate location for map tiles + place lookupsMap display and address autocomplete
Expo / EAS (650 Industries Inc., USA — DPF-certified)USA / globalPush notification tokens, build artifactsMobile app build pipeline and Expo Push delivery
Resend (Resend Inc., USA)EU regionEmail address + the contents of transactional emails we send youTransactional email (sign-up confirmation, booking notifications, deletion confirmation)
Hosting / DNS / CDN (Vercel, Cloudflare, or equivalent)Global edge networkStandard web request metadata (IP, user-agent, route)Serving the public website and APIs

We never share your personal data with advertisers, data brokers, or any third party for marketing purposes.

International transfers. Where data is transferred outside the EU/EEA (e.g., to US-based providers above), we rely on the EU–US Data Privacy Framework where applicable, or on Standard Contractual Clauses (Art. 46 GDPR) signed with the provider.

5. How long we keep your data

DataRetention
Account + profileWhile your account is active. After deletion: see Section 7 below
Bookings, jobs, chatWhile your account is active, then anonymized (see Section 7)
Invoices and fiscal records10 years from the end of the fiscal year, as required by Legea Contabilității 82/1991 Art. 25. Personal identifiers in invoices are anonymized after account deletion; the fiscal totals stay
Crash logs (Sentry)90 days, then automatic delete
Email logs (Resend)30 days, then automatic delete
BackupsUp to 30 days rolling

6. Your rights

Under GDPR you have the following rights regarding your personal data:

  • Access — get a copy of the data we hold about you (Art. 15)
  • Rectification — correct inaccurate data (Art. 16). Most fields are editable directly in the app; for anything that isn't, contact us.
  • Erasure — delete your account and personal data (Art. 17). See Section 7.
  • Restriction — pause processing in certain cases (Art. 18)
  • Portability — receive your data in a machine-readable format (Art. 20)
  • Object — object to processing based on our legitimate interests (Art. 21)
  • Withdraw consent — for processing where consent is the basis (Art. 7(3))
  • Complain to a supervisory authority — the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro) or any EU DPA where you live or work

To exercise any of these rights, email office@vreaucenturi.ro. We respond within 30 days. There's no fee unless your request is manifestly unfounded or excessive.

7. Account deletion

You can delete your account directly in the app at any time:

  • Mobile: Profile → Danger zone → Delete account
  • Web: Settings → Account → Danger zone → Delete account. If you cannot use the in-app flow, email contact@prodetailer.app and we'll handle the deletion for you.

When you confirm deletion:

  1. Your account is hidden immediately. You cannot sign in.
  2. You have 30 days to log back in to cancel — your account will be restored as it was. After 30 days, the deletion becomes permanent.
  3. On day 30: personal data (profile, photos, vehicles, chat messages you sent, broadcast requests not yet fulfilled) is permanently deleted from our active systems. Backups containing this data are pruned within 30 additional days.
  4. Invoices and completed paid jobs are anonymized, not deleted, because Romanian law requires us to keep fiscal records for 10 years. Your name, email, phone, and address are replaced with a tombstone ([Deleted user — GDPR]); the financial figures remain.
  5. Reviews you wrote stay published with the author identity replaced by a generic label, because they serve future users (GDPR Art. 17(3)(a) — freedom of expression and information).
  6. We log every deletion in an audit trail for legal accountability (GDPR Art. 5(2)). The audit log contains your user ID and a hash of your email — never your email or name in cleartext.

If you cannot use the in-app flow (for example, because your account is a platform-admin or business owner with active team members), email office@vreaucenturi.ro and we'll handle it.

8. Children

The Service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with their data, please contact us and we will delete it.

9. Cookies and tracking

The web platform uses strictly necessary cookies for sign-in and preferences. We do not use advertising or third-party tracking cookies. The mobile app does not use cookies; it stores your session locally on the device.

10. Security

We protect your data with: encryption in transit (TLS 1.2+), encryption at rest for the database and storage, role-based access controls (Postgres Row Level Security), audit logging for sensitive operations, and a documented vulnerability disclosure process.

If we ever discover a personal-data breach that's likely to affect your rights, we will notify you and the Romanian DPA within 72 hours, as required by GDPR Art. 33–34.

11. Changes to this policy

We will update this policy when our practices change. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated via in-app notification or email at least 14 days before they take effect.

12. Contact

For any privacy question or to exercise your rights:

office@vreaucenturi.ro Phone: 07900 033 300 Subject line: "Privacy request — [your topic]"

You can also reach the Data Protection Authority directly:

ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București anspdcp@dataprotection.ro · www.dataprotection.ro