Legal document

Privacy Policy

Last updated: May 25, 2026In accordance with Regulation (EU) 2016/679 (GDPR)

This policy explains how Sarghy Design Solutions SRL collects, uses, and protects personal data through the sarghy.com platform and the digital services sold through it.

Data protection notice

Unauthorized access, abusive automated data collection, or any attempt to compromise our systems is prohibited. Security events may be recorded and analyzed to protect users, infrastructure, and the operator's rights.

1. Data controller

The data controller is Sarghy Design Solutions SRL, CUI 41539879, Reg. Com. J40/10974/2019, Aleea Poiana Mare 8, Sector 6, Bucharest, Romania. You can contact the controller at office@sarghydesign.ro or at +40 730 095 824.

2. Personal data collected

We collect only the information necessary to provide our services:

Identification and contact data: name, email address, phone number (when submitted through forms or direct communication).
Billing data: billing address, country, tax ID (if applicable). Card data is processed exclusively by Stripe and is not stored on our servers.
Account and subscription data: email address, active plan, license details — managed in Supabase.
License validation data: license key, domain host identifier, IP address — collected automatically by the plugin installed on your WordPress site, solely to verify authenticity and prevent fraud.
Technical browsing data: anonymized IP address, browser type, operating system, pages visited, session duration — collected through traffic analytics mechanisms.
Support data: content of messages submitted through the contact or support form.

3. Legal bases for processing (Art. 6 GDPR)

We process your data on one or more of the following legal bases:

Performance of a contract — processing your order, issuing invoices, managing your account and license.
Legitimate interests — platform security, fraud prevention, license validation, technical logging.
Legal obligation — issuing invoices under Romanian tax law, archiving obligations.
Consent — analytics or advertising cookies (where the cookie banner is displayed and accepted).

4. Processing purposes and data disclosure

Data is used for: fulfilling orders and managing subscriptions; issuing invoices; validating and managing licenses; platform security and fraud prevention; responding to support requests; improving the user experience. We do not sell or rent your personal data. Data may be shared with the technical providers listed below, which process data in accordance with GDPR, or when there is a legal obligation.

5. Third-party processors and international transfers

We use the following third-party data processors:

Stripe Inc. (USA) — payment processing. Stripe is PCI-DSS certified and adheres to GDPR-approved transfer mechanisms (standard contractual clauses).
Supabase Inc. (USA/EU) — databases for accounts and licenses. Data may be stored on servers in the EU or outside the EU, with adequate GDPR safeguards.
Vercel Inc. (USA) — hosting of the sarghy.com platform, with globally distributed infrastructure. Transfers governed by standard contractual clauses.
Google LLC / Google Ireland Ltd. (USA/EU) — Google Tag Manager, Google Analytics, and, if enabled, Google Ads / AdSense. Loaded only after user consent, with Consent Mode v2. Legal basis: consent (GDPR Art. 6(1)(a)).
Functional Software, Inc. dba Sentry (USA) — error monitoring and security incident detection for platform integrity. Personal data is filtered before transmission. Legal basis: legitimate interest (GDPR Art. 6(1)(f) — security of systems).
Intelligent IT SRL — SmartBill (Romania) — issuing electronic fiscal invoices and automatic submission to the SPV e-Factura system (ANAF). Legal basis: legal obligation (GDPR Art. 6(1)(c) — Romanian tax law).

Transfers outside the EEA are made exclusively with adequate safeguards in accordance with Chapter V of the GDPR.

6. Data retention periods

We retain your data for as long as necessary for the purposes described in this policy:

Account and license data: for the duration of the subscription and up to 3 years after account closure, for potential disputes.
Billing and financial data: 10 years, under Romanian tax law obligations.
License validation logs: maximum 12 months from the last relevant activity.
Support data: 2 years from resolution of the request.
Technical browsing data: maximum 26 months (per the policies of the analytics tools used).

7. Data security

We apply appropriate technical and organizational measures, including secure TLS/SSL connections, protected infrastructure, regular backups, and limited data access on a need-to-know basis. Unauthorized access attempts may be monitored, blocked, and reported in accordance with the law.

8. Your GDPR rights

As a data subject, you have the following rights:

Right of access — to request a copy of the data we hold about you.
Right to rectification — to correct inaccurate or incomplete data.
Right to erasure — to request deletion of your data, within the limits of legal obligations.
Right to restriction and objection — to limit or object to certain processing activities.
Right to data portability — to receive your data in a structured, commonly used format.
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.

To exercise these rights, contact us at office@sarghydesign.ro. If you believe your rights have not been respected, you may lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — www.dataprotection.ro.

System integrity

Form submissions and technical interactions may be protected through validation, filtering, and security mechanisms. Unauthorized access, injection, or data exfiltration attempts may be documented and forwarded to competent authorities when permitted or required by law.