Privacy Policy

1 Data controller

The personal data controller is:

In this policy, "we", "our", or "RefrenulMeu.ro" refers to the data controller mentioned above.

2 What data we collect

When you use our personalized song service, we collect the following categories of data:

• Email address — for song delivery and order-related communications
• Recipient's name — for song personalization (first name of the person the song is dedicated to)
• Story / song text — the details you provide for composing the song
• Musical preferences — the musical style, tone, dedications, and options chosen
• IP Address — collected at order placement for fraud prevention and geographic analysis. Stored for the duration of the order.
• Payment data — processed exclusively by Stripe; we do not store your card data (number, CVV, expiry date)

3 Purpose of processing

Your personal data is processed for the following purposes:

• Song generation — we use your story and preferences to compose the personalized song
• Email delivery — we send the completed song to the email address you provided
• Order-related communications — payment confirmation, order status, possible technical issues
• Service improvement — anonymized analysis of preferences to offer a better experience

We do not use your data for direct marketing, unless you give explicit consent (e.g., newsletter subscription).

4 Legal basis for processing

We process your data based on the following legal grounds, in accordance with Regulation (EU) 2016/679 (GDPR):

• Performance of contract (Art. 6(1)(b)) — processing is necessary for providing the ordered service (song generation and delivery)
• Consent (Art. 6(1)(a)) — for marketing communications, newsletter, or other optional purposes. You may withdraw consent at any time.
• Legitimate interest (Art. 6(1)(f)) — for service improvement, fraud prevention, and platform security
• Legal obligation (Art. 6(1)(c)) — for maintaining fiscal documents in accordance with Romanian law

5 Who we share data with

We do not sell your personal data. We share it only with partners necessary for the operation of the service:

• Stripe (payment processing) — Stripe, Inc., USA. Data transfer is protected by Standard Contractual Clauses (SCC) approved by the European Commission. Stripe Privacy Policy
• Vercel (hosting) — Vercel, Inc., USA. Data transfer is protected by Standard Contractual Clauses (SCC). Vercel Privacy Policy
• Music generation provider — receives only the anonymized story (without name, email, or other direct personal data) for song composition

6 Storage duration

We keep your data only as long as necessary:

• Order data (email, order details, invoices) — 5 years from the order date, in accordance with Romanian fiscal obligations
• Email address (for newsletter or optional communications) — until deletion request or unsubscription
• Generated songs — 24 hours from generation, then automatically deleted from our servers. We recommend downloading immediately.
• Song story / text — stored for the duration needed for generation, then anonymized

After the storage period expires, data is permanently deleted or irreversibly anonymized.

7 Your rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the data we hold about you
• Right to rectification — you may request correction of inaccurate data
• Right to erasure ("right to be forgotten") — you may request deletion of your data, except for data we are legally required to retain
• Right to restriction of processing — you may request limitation of how we use your data
• Right to data portability — you may receive your data in a structured, commonly used, and machine-readable format
• Right to object — you may object to the processing of your data in certain situations
• Right to withdraw consent — you may withdraw consent at any time, without affecting the lawfulness of prior processing

8 Cookies

We use cookies and similar technologies for the proper functioning of the site and to provide you with a better experience.

For complete details about the types of cookies used, their purpose, and how to manage them, please see our Cookie Policy.

9 Data security

We protect your data through appropriate technical and organizational measures:

• HTTPS/SSL encryption — all communications between your browser and our servers are encrypted
• Restricted access — only authorized personnel have access to personal data, based on the "need-to-know" principle
• Secure payment processing — through Stripe, certified PCI DSS Level 1 (the highest security standard)
• Continuous monitoring — we monitor data access and potential security incidents

No method of electronic transmission or storage is 100% secure. However, we are committed to using commercially accepted means to protect your data.

10 Policy amendments

We reserve the right to update this privacy policy. Changes will be published on this page with the date of the last update.

For significant changes, we will display a visible notification on the site. Continued use of the service after publication of changes constitutes acceptance of the new policy.

11 Supervisory authority

If you are not satisfied with how we handle your data, you have the right to file a complaint with the supervisory authority:

Before contacting ANSPDCP, please write to us at contact@refrenulmeu.ro. We will do our best to resolve any issue directly.

12 Contact

For any questions related to personal data protection or to exercise your rights: