Privacy Policy for Flevario

Last Updated: January 20, 2026

TIIN S.R.L. ("Flevario", "we", "us", or "our") operates the Flevario mobile application. We are committed to protecting your privacy and ensuring your personal data is processed in compliance with the EU General Data Protection Regulation (GDPR) and Romanian legislation (Law no. 190/2018).

This Privacy Policy explains what data we collect, why we collect it, and your rights regarding your personal information.

1. Who We Are (Data Controller)

The entity responsible for processing your data is:

Company Name: TIIN S.R.L.
Fiscal Code (CUI): RO52329821
Registered Address: București Sectorul 3, Strada NERVA TRAIAN, Nr. 27-33, BIROU NR.6, Scara B, Etaj 1
Contact Email: privacy@flevario.com

2. The Data We Collect

We collect data necessary to provide our coffee subscription and discount services. This includes:

A. Information You Provide to Us

Account Data: Name, email address, and encrypted password.
Subscription Details: Current plan (e.g., Launch Pass, Explorer), renewal dates, and payment status.
Support Queries: Information you provide when contacting our support team.
Marketing Preferences: Your consent status regarding newsletters and promotional offers.

B. Information We Collect Automatically

Device Data (Security): To prevent fraud and enforce our "one active device per client" rule, we collect a unique device identifier (Device Hash) and your device model/OS version.
Location Data (Optional): If you grant permission, we collect your precise location (GPS coordinates) solely to display nearby partner cafés on the map.
Usage Logs & Analytics: We log your interactions with the app to improve the user experience, including:
- Redemptions: Time of scan, participating store, and discount amount.
- QR Generation: Timestamps of when you generate a discount token.
- App Performance: Crash reports and navigation flows.

C. Information from Third Parties

Payment Processors: We do not store your full credit card details. Payments are processed by Stripe, Apple Pay, or Google Pay, who provide us with a token to verify your subscription status.

3. Why We Process Your Data

Purpose	Data Used	Legal Basis (GDPR)
Service Delivery	Account data, Plan status	Contractual Necessity
Fraud Prevention	Device ID, QR logs	Legitimate Interest
Finding Cafés	GPS Location	Consent
Billing & Invoicing	Payment tokens, History	Legal Obligation

4. How We Share Your Data

We do not sell your personal data. We share data only in strictly necessary scenarios:

Partner Cafés (Merchants): When you scan your QR code, the merchant receives confirmation of your eligibility and discount amount. They do not receive your email or phone number.
Service Providers: We use trusted third-party processors:
- Microsoft Azure: Hosting & Server infrastructure.
- Google Maps: To display the café map.
- Stripe: Payment processing.
- Analytics & Performance: Google Firebase, Sentry, Mixpanel.
Legal Authorities: If required by Romanian law or valid court order.

5. Data Retention

Active Accounts: We keep your data while you have an account.
Redemption History: Retained for 5 years for fraud analysis.
Financial Records: Invoices kept for 10 years (Romanian fiscal law).
Deleted Accounts: Identifiers are anonymized immediately. Non-personal logs may be kept for statistics.

6. Your Rights (GDPR)

Right to Access & Rectification: Request a copy or correction of your data.
Right to Deletion: Request account deletion via app settings or email.
Right to Withdraw Consent: Unsubscribe from marketing anytime.
Right to Data Portability: Receive your data in a readable format.

To exercise any of these rights, please email us at privacy@flevario.com or use the "Delete Account" option in the app settings.

7. Security

We protect your data using SSL/TLS encryption, cryptographic device binding (`jti`), and strict access controls.

Contact & Complaints

If you have questions, contact us at privacy@flevario.com.

You have the right to file a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.