Privacy Policy

This Privacy Policy explains how Matei-Radu Chetreanu, Authorized Sole Proprietor (PFA) (referred to as "vorba", "we", or "the Controller") collects, uses, and protects your personal data when you visit vorba.dev or use our services. We are committed to complying with Regulation (EU) 2016/679 (GDPR) and Romanian Law 190/2018 implementing GDPR.

Matei-Radu Chetreanu, Authorized Sole Proprietor (PFA)
Tax ID (CIF): 54624380
Romanian Trade Registry: F2026023727001
Business address: B-dul Bucureștii Noi 136, et. Parter, ap. 5, Sector 1, București, România
Commercial brand: vorba (vorba.dev)
Privacy contact: privacy@vorba.dev

(a) Data you provide via contact form:

• First and last name
• Email address
• Company name (optional)
• Message content (project/problem description)

(b) Data collected automatically during your visit:

• IP address (logged technically by hosting provider)
• Visit date and time
• Pages visited
• Browser and operating system type

(c) Data collected for active clients (under contract):

• Company identification (Tax ID, name, address)
• Billing data per Romanian fiscal legislation
• Contact data of designated project personnel

We use the following processors, all with signed DPAs per Art. 28 GDPR:

• Supabase Inc. — database infrastructure — EU region (Frankfurt)
• Google LLC (Workspace) — business email — EU/US, DPF certified
• Stripe Inc. — payment processing — US, DPF certified
• Cloudflare Inc. — CDN, hosting and security — EU/Global
• Resend (Plus Five Five, Inc.) — transactional email delivery — US, DPF certified
• ElevenLabs Inc. — voice transcription ("speak it" feature) — US
• Anthropic PBC — AI processing (stack analysis tool) — US

We do not sell or transfer your data to third parties for marketing purposes.

Some processors (Google, Stripe) may process data in the US. These transfers are protected by:

• Standard Contractual Clauses (SCC) issued by the European Commission
• Adherence to the EU-U.S. Data Privacy Framework (DPF)

Under GDPR Articles 15-22 you have the right to:

• Access — confirmation that your data is processed plus a copy
• Rectification — correction of inaccurate data
• Erasure — deletion (under GDPR conditions)
• Restriction — limiting processing in certain cases
• Portability — receiving data in structured format
• Objection — against processing based on legitimate interest
• Withdraw consent — for consent-based processing

To exercise these: privacy@vorba.dev. We respond within 30 days.

If you believe your rights have been violated, you may file a complaint with: ANSPDCP (Romania) — National Supervisory Authority for Personal Data Processing
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest
Web: www.dataprotection.ro For visitors from Switzerland: FDPIC / EDÖB — www.edoeb.admin.ch

We implement reasonable technical and organizational measures:

• TLS encryption for all communications
• Restricted database access (Bearer tokens)
• Row-Level Security (RLS) on all tables
• Audit logs and access monitoring
• Certified processors (ISO 27001, SOC 2)

Our site uses strictly necessary cookies only:

• vorba_lang — your language preference (1-year duration, no personal data)

For the /crm area (restricted access), we use localStorage for authentication session. We do not use marketing, analytics, or advertising cookies.

We do not engage in automated decision-making with legal effects on you (e.g., profiling). Your data is evaluated by a human.

This policy may be updated periodically. The current version is always available at vorba.dev/privacy. Material changes are announced via email to active clients.

For any questions about data processing:

• Email: privacy@vorba.dev
• Postal: B-dul Bucureștii Noi 136, et. Parter, ap. 5, Sector 1, București, România

Last updated: 18 mai 2026