Privacy Policy

1. Introduction

Testly.app ("we", "us" or "the company") respects the privacy of your personal data and is committed to protecting it in accordance with the European Union General Data Protection Regulation (GDPR) (EU 2016/679).

This privacy policy explains what data we collect, how we use it, who we share it with, and what rights you have regarding your personal data.

2. Data Controller

The data controller is Testly.app, responsible for the collection and processing of your personal data. You can contact us at:

• Email: privacy@testly.app
• Address: [Company full address]

3. Personal Data We Collect

We collect the following categories of personal data:

4. Purpose of Data Processing

We process your personal data for the following purposes:

• Service provision: authentication, test administration, certificate generation
• Service improvement: performance analysis, personalized AI feedback
• Communication: account notifications, technical support
• Legal compliance: billing, auditing, fraud prevention

5. Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

• Contract execution (Art. 6(1)(b) GDPR): to provide requested services
• Consent (Art. 6(1)(a) GDPR): for non-essential cookies, marketing
• Legitimate interest (Art. 6(1)(f) GDPR): for service improvement, security
• Legal obligations (Art. 6(1)(c) GDPR): for accounting, tax auditing

6. Sharing Data with Third Parties

We only share your data with necessary service providers:

• Stripe: payment processing (GDPR compliant, PCI-DSS certified)
• Supabase: database hosting (servers in EU)
• Anthropic: AI feedback generation (anonymized data, not used for model training)
• AWS: cloud infrastructure (servers in eu-central-1 region)

International transfers: Data may be transferred to Anthropic (USA), but based on adequate safeguards (Standard Contractual Clauses - SCC).

7. Data Retention

We retain your data only as long as necessary:

• Active account data: as long as the account is active
• Financial data: 10 years (legal tax obligation)
• Backup data: 90 days in encrypted backups
• After account deletion: anonymized data for aggregate statistics

8. Your GDPR Rights

In accordance with GDPR, you have the following rights:

• Right of access (Art. 15): to request a copy of your data
• Right to rectification (Art. 16): to correct inaccurate data
• Right to erasure (Art. 17): "right to be forgotten"
• Right to restriction (Art. 18): to limit processing
• Right to portability (Art. 20): to receive data in structured format
• Right to object (Art. 21): to object to processing
• Right to withdraw consent: at any time, without affecting the lawfulness of prior processing

To exercise your rights: privacy@testly.app
We respond to requests within 30 days.

9. Data Security

We implement technical and organizational measures to protect data:

• TLS/SSL encryption for data transmission
• AES-256 encryption for sensitive data storage
• Multi-factor authentication for admin
• Automated encrypted backups
• Security audit logging and monitoring
• Need-to-know access (least privilege)

10. Cookies

We use the following types of cookies:

• Essential cookies: for authentication and functionality (no consent required)
• Functional cookies: for saving preferences (consent required)

You can manage cookies from your browser settings or from our consent banner.

11. Minors

Our services are intended for individuals aged 16 and over. We do not intentionally collect data from minors under 16 without parental consent.

12. Policy Changes

We reserve the right to modify this policy. We will notify you by email 30 days before significant changes.

13. Supervisory Authority

You have the right to file a complaint with the supervisory authority:

• Romania: National Supervisory Authority for Personal Data Processing (ANSPDCP)
• Website: www.dataprotection.ro
• Email: anspdcp@dataprotection.ro

14. Contact

For any questions about this policy or your data:

• Email: privacy@testly.app
• Data Protection Officer (DPO): dpo@testly.app