Your GDPR rights

01What GDPR is

GDPR (General Data Protection Regulation — EU Regulation 2016/679) is the European legislation that came into force in May 2018, regulating the collection, storage, and use of personal data of EU citizens and residents.

Our position

We are required to and willing to comply with GDPR in full. We act as a data controller — meaning we decide the purposes and methods of processing, and we are responsible for data protection.

The local-first model of the application makes GDPR compliance simpler: your operational data (audits, reports) never passes through our servers. That doesn't mean we're exempt from GDPR obligations — for the admin account and site we collect personal data and treat it according to the regulation.

02How we apply GDPR in the app

The local-first model has concrete GDPR implications:

2.1 Desktop Application data

The Operator does not process this data. Audits, reports, settings, API keys, AI prompts are stored exclusively on your computer in the local SQLite database. You are the only one who can access, modify, delete, or export them.

For this data, no GDPR request to us is possible — we simply don't have it. You manage it directly from the Application interface.

2.2 Admin account data (admin.seo-master.ro)

Classic GDPR applies here. We collect:

• Email + encrypted password
• Optional profile (name, company, phone, VAT ID)
• Invoice history + issued license keys
• Contact messages

For this data, you have all 7 GDPR rights described below.

2.3 Site analytics data (seo-master.ro)

Anonymous, aggregated, optional (with consent). See Cookie Policy.

03Your GDPR rights

Per GDPR (EU 2016/679), you have the following 7 rights:

3.1 Right of access (Art. 15)

What it means: you can request a copy of all data we hold about you.

What you receive: structured export (JSON or CSV) with profile, invoice history, issued license keys, contact messages, account login logs.

Response time: maximum 30 calendar days.

3.2 Right of rectification (Art. 16)

What it means: if data about you is incorrect or incomplete, you have the right to correct it.

How: directly from the administration panel → "Profile" section, or email gdpr@seo-master.ro with the correct details.

Time: immediate (self-service) or maximum 7 days (email).

3.3 Right to erasure ("right to be forgotten", Art. 17)

What it means: you can request deletion of your account and associated data.

How: self-service in the administration panel → Settings → "Delete account", or email gdpr@seo-master.ro with the subject "Data deletion request".

Response time: maximum 30 calendar days.

Legal exceptions: invoices are kept for 5 years for tax obligations (Romanian law), even after account deletion. After those 5 years, permanently deleted.

3.4 Right to portability (Art. 20)

What it means: you have the right to receive your data in a structured, machine-readable format (JSON/CSV) and transfer it to another provider.

How: email gdpr@seo-master.ro with the subject "Portability export request".

Delivery format: structured JSON per schema.org or CSV — your choice.

Time: maximum 30 days.

3.5 Right to object (Art. 21)

What it means: you can object to processing based on legitimate interest (e.g., security, fraud prevention) or consent (newsletter, analytics cookies).

How: for cookies — cookie banner → "Essential only"; for newsletter — "Unsubscribe" link in any received email; for others — email gdpr@seo-master.ro.

Note: if you disable processing related to security, we may suspend the account (for platform protection).

3.6 Right to restriction (Art. 18)

What it means: you can request a temporary halt of processing (for example, while investigating a rectification).

How: email gdpr@seo-master.ro.

Effect: we keep the data but don't actively process it until the case is resolved.

3.7 Right to withdraw consent (Art. 7.3)

What it means: where you've given consent (analytics cookies, newsletter), you can withdraw it at any time.

How: for cookies — persistent cookie banner in footer → "Cookie settings"; for newsletter — "Unsubscribe" link in any email; for direct marketing — email gdpr@seo-master.ro.

Effect: immediate. Does not retroactively affect data already collected.

04How to exercise your rights

4.1 Step-by-step

1. Send an email to gdpr@seo-master.ro with the subject: "Data access request" / "Deletion request" / "Portability request" / "Objection request" / "Restriction request".
2. Include in the message: the email used at purchase / admin account registration (for identification).
3. Wait for confirmation — we respond within 48 business hours with receipt confirmation + delivery estimate.
4. Identity verification — for sensitive requests (account deletion, full export), we may request additional confirmation (e.g., reply from a specific email, invoice details).
5. Receive the response — within max 30 calendar days (extendable by 60 days in complex cases, with prior notice).

4.2 Costs

All GDPR requests are FREE. The only case when we may charge a reasonable fee: manifestly unfounded or excessive requests (e.g., the same request repeated 10 times in 30 days).

4.3 Refusal

We can only refuse a request in specific cases provided by GDPR (e.g., inability to identify the requester, conflict with a legal obligation). Refusal comes with a written justification and includes notice of your rights (ANSPDCP complaint).

05Categories of data processed

• Account identifier — email, encrypted password. Source: directly from you at registration.
• Optional profile — name, company name, phone, VAT ID. Source: directly from you (optional).
• Invoice data — name, address, VAT ID/registration, country. Source: directly from you at purchase.
• Payment history — amount, date, plan, status. Source: automatically generated at each payment.
• Issued license keys — key + seat count + status. Source: automatically generated at purchase.
• Contact messages — email/form content + sender email. Source: directly from you when you contact us.
• Server logs (temporary) — IP, browser, request. Source: automatically when accessing the site.
• Analytics cookies (with consent) — anonymized IP, pages visited. Source: automatic if you accept.

No sensitive data (data on health, ethnic origin, political opinions, etc.) — we don't collect it, it's not needed for the service.

06Legal grounds

• Consent (GDPR Art. 6.1.a) — Analytics cookies, newsletter, marketing communications.
• Contract performance (Art. 6.1.b) — Admin account, invoicing, license keys.
• Legal obligation (Art. 6.1.c) — 5-year invoice archive, response to authorities.
• Legitimate interest (Art. 6.1.f) — Security, fraud prevention, server protection.

07Sub-processors and international transfers

See full list in Privacy Policy § 7.

In short:

• Stripe — payment processing (EU + US with Standard Contractual Clauses)
• EU hosting (operator TBC at launch) — admin + site servers
• Transactional email (provider TBC) — invoice + notification emails
• Plausible / GA4 (with consent) — anonymous analytics
• No sub-processor for the desktop Application — your operational data stays on your computer

No transfer of admin account data outside the EU without GDPR safeguards.

08Complaint to the supervisory authority

If you believe the processing of your data violates GDPR and we do not respond satisfactorily, you have the right to contact the competent authority:

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

• Site: www.dataprotection.ro
• Email: anspdcp@dataprotection.ro
• Phone: +40 318 059 211
• Address: B-dul G-ral Gheorghe Magheru 28-30, sector 1, Bucharest

Recommendation: try direct resolution with us first — we respond fast and honestly. ANSPDCP is the last resort, not the first.

09GDPR contact

Dedicated GDPR email: gdpr@seo-master.ro

General email: contact@seo-master.ro

Contact page: seo-master.ro/en/contact

Operator: TD Mircea

Full legal data: pending in the final version (company name, physical address, VAT ID, Trade Register).

Related documents: Terms and Conditions · Privacy Policy · Cookie Policy.