Privacy Policy

1. Who we are

The controller of personal data collected through the Tissia platform is:

2. What data we collect

2.1 Data provided directly

• Account data: name, email address, phone number, company name, position
• Billing data: address, CUI/CNP, banking data
• Uploaded content: documents for the Knowledge Base, settings, logos
• Communications: messages sent through contact form or email

2.2 Data collected automatically

• Technical data: IP address, browser type, operating system, device
• Usage data: pages visited, time spent, actions taken on the platform
• Data from conversations: messages processed by the AI Agent (as data controller)

2.3 Data from third parties

We can receive data from:

• Payment platforms (for transaction confirmation)
• Integrated services (WhatsApp, Facebook, etc.) - in accordance with authorisations granted

3. How we use your data

We use personal data for:

4. Legal basis

We process your data based on the following legal bases in accordance with GDPR:

• Contract performance (Art. 6(1)(b)): for provision of requested services
• Consent (Art. 6(1)(a)): for marketing and promotional communications
• Legal obligation (Art. 6(1)(c)): for tax and legal compliance
• Legitimate interest (Art. 6(1)(f)): for security, fraud prevention and service improvement

5. Data sharing

We do not sell your personal data. We only share it with:

• Service providers: hosting (Hetzner, EU), payment processing, email services
• Integration partners: Meta (WhatsApp/Facebook), only data necessary for integrations to work
• Authorities: when the law requires

All our suppliers are contractually required to comply with GDPR and protect your data.

6. International transfers

Your data is stored and processed in the European Union. In case of transfers outside the EU (for example, for certain technical services), we ensure that:

• The destination country offers an adequate level of protection (adequacy decision)
• Standard contractual clauses approved by the European Commission exist
• The recipient is certified under an approved mechanism

7. Data security

We implement technical and organisational measures to protect data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Two-factor authentication (2FA) available
• Continuous monitoring and intrusion detection
• Regular backups and disaster recovery plan
• Restricted access based on 'need-to-know' principle
• Periodic security audits

8. Data retention

We retain data only as long as necessary for the stated purposes:

9. Your rights

In accordance with GDPR, you have the following rights:

• Right of access: to obtain a copy of your personal data
• Right to rectification: to correct inaccurate data
• Right to deletion: to request data deletion ('right to be forgotten')
• Right to restrict: to limit processing in certain situations
• Right to portability: to receive data in a structured, commonly used format
• Right to object: to object to processing based on legitimate interest or marketing
• Right to Withdraw Consent: at any time, without affecting the legality of previous processing

To exercise your rights, contact us at dpo@tissia.ro. We will respond within a maximum of 30 days.

You have the right to lodge a complaint with the National Authority for Data Protection Supervision (ANSPDCP): www.dataprotection.ro

10. Cookies

We use cookies for website operation and experience improvement. Full details are available in Cookie Policy.

11. Policy changes

We may update this policy periodically. We will notify you about significant changes through:

• Email to the contact address in your account
• Notification in the platform
• Updating the 'Last Updated' date on this page

12. Contact

For questions about privacy or exercising your rights: