Privacy Policy

1. Who we are

The controller of personal data collected through the Tissia platform is:

2. What data we collect

2.1 Directly provided data

• Account data: name, email address, phone number, company name, position
• Billing data: address, tax ID/personal ID, banking data
• Uploaded content: documents for Knowledge Base, configurations, logos
• Communications: messages sent via contact form or email

2.2 Automatically collected data

• Technical data: IP address, browser type, operating system, device
• Usage data: pages visited, time spent, actions taken in the platform
• Conversation data: messages processed by the AI Agent (as data controller)

2.3 Data from third parties

We may receive data from:

• Payment platforms (for transaction confirmation)
• Integrated services (WhatsApp, Facebook, etc.) - according to authorizations granted

3. How we use data

We use personal data for:

4. Legal basis

We process your data based on the following legal grounds under GDPR:

• Contract execution (Art. 6(1)(b)): for providing requested services
• Consent (Art. 6(1)(a)): for marketing and promotional communications
• Legal obligation (Art. 6(1)(c)): for tax and legal compliance
• Legitimate interest (Art. 6(1)(f)): for security, fraud prevention and service improvement

5. Data sharing

We don't sell your personal data. We only share it with:

• Service providers: hosting (Hetzner, EU), payment processing, email services
• Integration partners: Meta (WhatsApp/Facebook), only data necessary for integrations to function
• Authorities: when the law requires us

All our suppliers are contractually obligated to comply with GDPR and protect your data.

6. International transfers

Your data is stored and processed in the European Union. In case of transfers outside the EU (for example, for certain technical services), we ensure that:

• The destination country provides an adequate level of protection (adequacy decision)
• There are standard contractual clauses approved by the European Commission
• Recipient is certified under an approved mechanism

7. Data security

We implement technical and organizational measures to protect data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Two-factor authentication (2FA) available
• Continuous monitoring and intrusion detection
• Regular backups and disaster recovery plan
• Restricted access based on 'need-to-know' principle
• Regular security audits

8. Data retention

We only keep data as long as necessary for the stated purposes:

9. Your rights

According to GDPR, you have the following rights:

• Right of access: to obtain a copy of your personal data
• Right to rectification: to correct inaccurate data
• Right to erasure: to request data deletion ('right to be forgotten')
• Right to restriction: to limit processing in certain situations
• Right to portability: to receive data in a structured, commonly used format
• Right to object: to object to processing based on legitimate interest or marketing
• Right to withdraw consent: at any time, without affecting the legality of prior processing

To exercise your rights, contact us at dpo@tissia.ro. We will respond within 30 days maximum.

You have the right to file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP): www.dataprotection.ro

10. Cookies

We use cookies for website functionality and experience improvement. Complete details are available in Cookie Policy.

11. Policy changes

We may update this policy periodically. We will notify you of significant changes through:

• Email to the contact address in your account
• Platform notification
• Updating the 'Last updated' date on this page

12. Contact

For questions about privacy or exercising your rights: