Privacy Policy — ProDetailer
Effective date: 29/04/2026 Last updated: 29/04/2026
1. Who we are
ProDetailer is a platform that connects vehicle owners with car-detailing businesses and mobile detailers in Romania.
This Privacy Policy describes how we handle your personal data when you use the ProDetailer mobile app, the web platform at prodetailer.app, and any related services (collectively, the "Service").
The data controller responsible for processing your personal data is:
VREAUCENTURI.RO SRL Str. Nerva Traian 27-33 Sc. B Et. 1 Ap. BIR. 6, Sector 3, București, Cod 031044, România Registration: J2025036462004 VAT ID: 51834370 Contact: office@vreaucenturi.ro · 07900 033 300
Throughout this policy, "we", "our", and "us" refer to that company.
This policy is governed by Regulation (EU) 2016/679 (GDPR) and Romanian Law no. 190/2018 implementing it.
2. Data we collect
We only collect data we actually use to run the Service. The categories below are the complete list — if a category isn't here, we don't collect it.
| Category | What it includes | Why we need it |
|---|---|---|
| Account identity | Name, email address, optional phone number, account type (personal / business), preferred language | To create your account, sign you in, and identify you across sessions |
| Profile content | Display name, avatar photo, business address, company registration / VAT identifiers (business accounts only) | To show your profile in the app and on invoices |
| Vehicles | Make, model, year, license plate, VIN, photos | To pre-fill bookings and show garages what vehicle they will be servicing |
| Location | Approximate or precise GPS location while you actively use the discovery / booking features. We never track location in the background. | To sort nearby garages and to dispatch mobile detailers to your address |
| Payment data | We do not store full card numbers ourselves. Stripe Inc. handles card data directly inside their PCI-compliant SDK; we receive only payment status, last-four digits for display, and tokenized references | To process payments for mobile-detailer broadcast jobs and (for businesses) your platform subscription |
| Bookings & jobs | Service requested, scheduled date/time, address, photos before/after, chat between you and the garage / detailer, ratings and reviews you write | To run the booking flow end-to-end and to maintain a service history |
| Invoices & fiscal records | Issued invoices and any document required by Romanian tax law | Legal obligation under Legea Contabilității nr. 82/1991 (Art. 25) and the Romanian Fiscal Code |
| Diagnostic data | Crash reports and limited performance metrics via Sentry. No screen contents are captured. | To find and fix bugs |
| Device data | App version, OS version, push-notification token | To deliver push notifications and rule out version-specific bugs |
We do not collect: precise advertising identifiers, contacts, calendar, microphone audio, body sensors, health data, or browsing history outside the Service.
3. Why we collect it (legal basis)
For each purpose below, we rely on a specific legal basis under GDPR Article 6:
- Performance of a contract (Art. 6(1)(b)) — to provide the Service you signed up for: account, bookings, chat, payments, ratings.
- Legal obligation (Art. 6(1)(c)) — to keep invoices and fiscal records for the period required by Romanian tax law.
- Legitimate interests (Art. 6(1)(f)) — to keep the Service secure (crash reports, abuse prevention) and to display reviews you publish (the platform interest in providing decision-useful information to other users).
- Consent (Art. 6(1)(a)) — for any optional feature that requests it explicitly (e.g., marketing emails if you opt in). You can withdraw consent at any time without affecting prior processing.
4. Who we share data with
We share data only with the third parties below, and only the minimum necessary for them to perform their function. None of them sells your data.
| Provider | Where it's hosted | What we share | Why |
|---|---|---|---|
| Supabase (Supabase Inc., USA — DPF-certified; data hosted in EU) | Frankfurt (eu-central-1) | All app data: account, bookings, chat, photos, invoices | Backend database, authentication, storage, edge functions |
| Stripe (Stripe Inc., USA — DPF-certified) | EU (Stripe Ireland) for EU customers | Payment amount, customer reference, billing email | Card processing for mobile-detailer broadcast jobs and business subscriptions |
| Sentry (Functional Software Inc., USA — DPF-certified) | EU region | Anonymized crash reports + minimal device metadata | Crash reporting and stability monitoring |
| Google Maps Platform (Google LLC, USA — DPF-certified) | Google's global infrastructure | Approximate location for map tiles + place lookups | Map display and address autocomplete |
| Expo / EAS (650 Industries Inc., USA — DPF-certified) | USA / global | Push notification tokens, build artifacts | Mobile app build pipeline and Expo Push delivery |
| Resend (Resend Inc., USA) | EU region | Email address + the contents of transactional emails we send you | Transactional email (sign-up confirmation, booking notifications, deletion confirmation) |
| Hosting / DNS / CDN (Vercel, Cloudflare, or equivalent) | Global edge network | Standard web request metadata (IP, user-agent, route) | Serving the public website and APIs |
We never share your personal data with advertisers, data brokers, or any third party for marketing purposes.
International transfers. Where data is transferred outside the EU/EEA (e.g., to US-based providers above), we rely on the EU–US Data Privacy Framework where applicable, or on Standard Contractual Clauses (Art. 46 GDPR) signed with the provider.
5. How long we keep your data
| Data | Retention |
|---|---|
| Account + profile | While your account is active. After deletion: see Section 7 below |
| Bookings, jobs, chat | While your account is active, then anonymized (see Section 7) |
| Invoices and fiscal records | 10 years from the end of the fiscal year, as required by Legea Contabilității 82/1991 Art. 25. Personal identifiers in invoices are anonymized after account deletion; the fiscal totals stay |
| Crash logs (Sentry) | 90 days, then automatic delete |
| Email logs (Resend) | 30 days, then automatic delete |
| Backups | Up to 30 days rolling |
6. Your rights
Under GDPR you have the following rights regarding your personal data:
- Access — get a copy of the data we hold about you (Art. 15)
- Rectification — correct inaccurate data (Art. 16). Most fields are editable directly in the app; for anything that isn't, contact us.
- Erasure — delete your account and personal data (Art. 17). See Section 7.
- Restriction — pause processing in certain cases (Art. 18)
- Portability — receive your data in a machine-readable format (Art. 20)
- Object — object to processing based on our legitimate interests (Art. 21)
- Withdraw consent — for processing where consent is the basis (Art. 7(3))
- Complain to a supervisory authority — the Romanian Data Protection Authority (ANSPDCP, www.dataprotection.ro) or any EU DPA where you live or work
To exercise any of these rights, email office@vreaucenturi.ro. We respond within 30 days. There's no fee unless your request is manifestly unfounded or excessive.
7. Account deletion
You can delete your account directly in the app at any time:
- Mobile: Profile → Danger zone → Delete account
- Web: Settings → Account → Danger zone → Delete account. If you cannot use the in-app flow, email contact@prodetailer.app and we'll handle the deletion for you.
When you confirm deletion:
- Your account is hidden immediately. You cannot sign in.
- You have 30 days to log back in to cancel — your account will be restored as it was. After 30 days, the deletion becomes permanent.
- On day 30: personal data (profile, photos, vehicles, chat messages you sent, broadcast requests not yet fulfilled) is permanently deleted from our active systems. Backups containing this data are pruned within 30 additional days.
- Invoices and completed paid jobs are anonymized, not deleted, because Romanian law requires us to keep fiscal records for 10 years. Your name, email, phone, and address are replaced with a tombstone ([Deleted user — GDPR]); the financial figures remain.
- Reviews you wrote stay published with the author identity replaced by a generic label, because they serve future users (GDPR Art. 17(3)(a) — freedom of expression and information).
- We log every deletion in an audit trail for legal accountability (GDPR Art. 5(2)). The audit log contains your user ID and a hash of your email — never your email or name in cleartext.
If you cannot use the in-app flow (for example, because your account is a platform-admin or business owner with active team members), email office@vreaucenturi.ro and we'll handle it.
8. Children
The Service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with their data, please contact us and we will delete it.
9. Cookies and tracking
The web platform uses strictly necessary cookies for sign-in and preferences. We do not use advertising or third-party tracking cookies. The mobile app does not use cookies; it stores your session locally on the device.
10. Security
We protect your data with: encryption in transit (TLS 1.2+), encryption at rest for the database and storage, role-based access controls (Postgres Row Level Security), audit logging for sensitive operations, and a documented vulnerability disclosure process.
If we ever discover a personal-data breach that's likely to affect your rights, we will notify you and the Romanian DPA within 72 hours, as required by GDPR Art. 33–34.
11. Changes to this policy
We will update this policy when our practices change. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated via in-app notification or email at least 14 days before they take effect.
12. Contact
For any privacy question or to exercise your rights:
office@vreaucenturi.ro Phone: 07900 033 300 Subject line: "Privacy request — [your topic]"
You can also reach the Data Protection Authority directly:
ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București anspdcp@dataprotection.ro · www.dataprotection.ro