Logo

Privacy policy

Last updated: 29 April 2026

This Privacy Policy explains how Ainevoie ("we", "us") processes personal data when you use our website, provider onboarding flow, account areas, newsletter, contact form, admin-operated communications, and related marketplace features (the "Platform"). It is intended to provide transparent information under Articles 12-14 of the GDPR.

1. Controller and contact

The controller is the legal entity operating Ainevoie in Romania, as identified in the Platform's public legal/contact details. Until the full legal notice is published, privacy requests can be sent to contact@ai-nevoie.ro.

We have not appointed a Data Protection Officer unless expressly stated in a separate legal notice. You can use the same contact address for privacy questions and GDPR requests.

2. Personal data we process

Depending on how you use the Platform, we may process the following categories:

  • Identity and contact data: name, email address, phone number, company name, and contact form details.
  • Account and authentication data: user ID, email, display name, authentication provider, password credentials handled by Firebase Authentication, login/session metadata, password reset and magic-link events where available.
  • Provider onboarding data: full name, email, phone, county, city, service type, legal status, company name, tax identifier (CUI), trade register number, estimated setup timeline, accountant/setup status, launch contact consent, newsletter choice, profile status, review status, and admin notes/events.
  • Provider files: profile/avatar image, identity document, professional or business verification document, file names, storage paths, upload/finalisation metadata, and review status.
  • Service and marketplace data: bookings, availability, service areas, profile content, requests, messages, reviews, ratings, and related operational records where these features are enabled.
  • Newsletter data: email address, status, consent records, source, tags, campaign delivery jobs, unsubscribe token, delivery logs, and related preferences.
  • Contact and support data: name, company, email, phone, message content, reply metadata, and any follow-up communication.
  • Payment and subscription data: selected price ID, checkout/session metadata, payment or subscription status, and payment-provider identifiers. Full card details are processed by Stripe or the relevant payment provider, not stored by Ainevoie.
  • Technical, security, and analytics data: IP address, device and browser information, request logs, cookies or local storage identifiers, language preference, approximate location derived from requests, diagnostics, crash/error reports, and security logs.
  • Admin and audit data: administrator user IDs, access checks, actions taken in admin panels, notification-read state, campaign activity, and provider review actions.

We do not intentionally request special categories of data (for example health, religion, political opinions, biometric templates) and ask you not to provide such data unless strictly necessary and specifically requested under an appropriate legal basis.

3. Sources of data

Most data is provided directly by you through forms, account creation, uploads, communication, or Platform use. Some data is generated automatically by the Platform, Firebase/Google Cloud, hosting, payment, email, analytics, and security systems. Where a provider or admin enters information about a booking, review, or support case, that information may relate to another user.

4. Purposes and legal bases

We process personal data for these purposes and legal bases:

  • Account creation, authentication, provider onboarding, marketplace operation, bookings, and support: performance of a contract or steps before a contract (GDPR Art. 6(1)(b)).
  • Provider review, fraud prevention, security, abuse prevention, service quality, admin controls, logs, and platform improvement: legitimate interests (Art. 6(1)(f)), balanced against your rights.
  • Newsletter, launch updates, optional marketing communications, and non-essential cookies where used: consent (Art. 6(1)(a)). You can withdraw consent at any time.
  • Payment, accounting, tax, compliance, legal claims, regulatory requests, and mandatory record keeping: legal obligation (Art. 6(1)(c)) or legitimate interests in establishing, exercising, or defending legal claims (Art. 6(1)(f)).
  • Contact form replies and operational communications: contract/pre-contract steps or legitimate interests, depending on the request.

5. Cookies and similar technologies

We use cookies and similar technologies for essential operation, language preference, security, analytics, and, where enabled, marketing or campaign measurement. Non-essential cookies should be used only with your consent where required. See the Cookie Policy for more detail.

6. Recipients and processors

We do not sell personal data. We may share data with:

  • Firebase/Google Cloud for authentication, Firestore database, file storage, cloud functions, hosting-related infrastructure, and operational services.
  • Stripe or another payment provider for checkout, subscription, payment, fraud, and compliance processing.
  • SMTP/email providers for welcome emails, provider approval or operational messages, contact replies, and newsletter delivery.
  • Sentry or similar error-monitoring tools for diagnostics and crash/error reporting.
  • Hosting, analytics, security, development, and content providers used to run and improve the Platform.
  • Administrators and authorised staff/contractors who need access for support, review, moderation, security, or operations.
  • Authorities, courts, advisers, insurers, or professional service providers where required by law or necessary for legal claims, compliance, accounting, or security.
  • Customers and providers to the extent necessary for marketplace functionality, such as profile information, booking details, reviews, and communication.

Processors must process data under contractual confidentiality and data-protection obligations.

7. International transfers

Some providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, or other mechanisms permitted by GDPR.

8. Retention

We keep personal data only as long as necessary for the purposes described above:

  • account and provider profile data: while the account is active and for a reasonable period afterwards for security, disputes, audit, and legal obligations;
  • provider documents and verification files: for the review period and any additional period needed for trust, safety, disputes, compliance, or legal claims;
  • newsletter records: until unsubscribe/withdrawal and then in suppression or consent logs as needed to prove compliance;
  • contact messages and support records: for as long as needed to handle the request and maintain business records;
  • payment/accounting records: for the statutory retention period required by tax/accounting law;
  • security logs and diagnostics: for a limited period appropriate to security, debugging, and abuse prevention.

When data is no longer needed, we delete, anonymise, or restrict it, unless law requires retention.

9. Your GDPR rights

Subject to legal conditions, you may have the right to request access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent where processing is consent-based.

You also have the right to object at any time to direct marketing. If you withdraw consent or object to marketing, we will stop marketing communications, while we may keep minimal suppression records to respect your choice.

To exercise rights, contact contact@ai-nevoie.ro. We may ask for information needed to verify your identity. We generally respond within one month, extendable where GDPR allows. Requests are free unless manifestly unfounded or excessive.

10. Automated decision-making

We do not intend to make decisions based solely on automated processing that produce legal or similarly significant effects. Provider review may include structured checks, but material approval, rejection, suspension, or reinstatement decisions should involve human/admin review.

11. Security

We use technical and organisational measures such as TLS, access controls, authentication, role-based admin access, cloud security controls, logging, and restricted access to documents. No internet service is completely secure, so please protect your credentials and notify us of suspected unauthorised access.

12. Children

The Platform is not intended for children. Users must be at least 18 years old for account, provider onboarding, requests, or paid features. If you believe a child has provided personal data, contact us.

13. Complaints

You may contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Romanian supervisory authority, the National Supervisory Authority for Personal Data Processing (ANSPDCP), at www.dataprotection.ro, or with another competent EU/EEA supervisory authority.

14. Changes

We may update this Policy as the Platform, providers, or legal requirements change. We will update the date above and may notify you of material changes by email, banner, or in-app notice where appropriate.

15. Contact

For privacy questions or GDPR requests, contact contact@ai-nevoie.ro.