Privacy policy

1. Who we are

The controller of the personal data collected through the Tissia platform is:

2. What data we collect

2.1 Data provided directly

• Account details: name, email address, phone number, company name, position
• Billing details address, CUI/CNP, bank details
• Uploaded content: knowledge Base documents, configurations, logos
• CommunicaCon: messages sent via contact form or email

2.2 Automatically collected data:

• Technical data: iP address, browser type, operating system, device
• Usage data: pages visited, time spent, actions performed in the platform
• Conversation Dates: messages processed by the AI Agent (as data controller)

2.3 Data from third party sources

We may receive data from:

• Payment platforms (to confirm transactions)
• Integrated services (WhatsApp, Facebook, etc.) - according to the authorizations granted

3. How do we use your data?

We use personal data to:

4. Legal basis

We process your data based on the following legal grounds according to GDPR:

• Execution of Contract (Art. 6(1)(b)): for the provision of the requested services
• Consent (Art. 6(1)(a)): for marketing and promotional communications
• legal obligation (Art. 6(1)(c)): for tax and legal compliance
• Legitimate Interest (Art. 6(1)(f)): for security, fraud prevention and service improvement

5. DATA SHARING

We don't sell your personal data. We only share them with:

• Service Providers hosting (Hetzner, EU), payment processing, email services
• Integration partners: Meta (WhatsApp/Facebook), only data necessary for the operation of integrations
• Authorities when the law obliges us

All our suppliers are contractually bound to comply with the GDPR and to protect your data.

6. International transfers

Your data is stored and processed in the European Union. In the case of transfers outside the EU (e.g. for certain technical services), we ensure that:

• The country of destination provides an adequate level of protection (adequacy decision)
• There are Standard Contractual Clauses approved by the European Commission
• Recipient is certified under an approved mechanism

7. Data Security

We implement technical and organizational measures to protect data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Two-factor authentication (2FA) available
• Continuous monitoring and intrusion detection
• Regular backups and disaster recovery plan
• 'need-to-know' restricted access
• Regular security audits

8. No, Keep

We retain data only as long as necessary for the stated purposes:

9. Your Rights

Under the GDPR, you have the following rights:

• Right of access: get a copy of your personal data
• Right to rectification: correct inaccurate data
• The right to erasure request the deletion of data ('right to be forgotten')
• Data Breach limit processing in certain situations
• Right to portability: receive your data in a structured, commonly used format
• Right to Object: to object to processing based on legitimate interest or marketing
• Right to withdraw consent: at any time, without affecting the legality of previous processing

To exercise your rights, contact us at dpo@tissia.ro. We will respond within a maximum of 30 days.

You have the right to lodge a complaint with the National Authority for Data Protection (ANSPDCP): www.dataprotection.ro

10. Cookies

We use cookies for website functionality and experience improvement. Full details are available in Cookie Policy.

11. POLICY CHANGES

We may update this policy periodically. We will notify you of significant changes through:

• Email at the contact address from the account
• Notification in the platform
• Updating the date of 'Last Update' on this page

12. Contact

For questions about privacy or exercising your rights: