Privacy Policy & Cookies
# Privacy & Cookie Policy
Last updated: 11 June 2026
This Policy explains how ETIENNE SOLUTIONS SRL ("Seenly", "we") collects, uses, discloses and protects personal data, in accordance with Regulation (EU) 2016/679 (**GDPR**) and applicable Romanian law.
---
## 1. Controller Identity
ETIENNE SOLUTIONS SRL
- Registered office: Bucharest, Romania
- Trade Register No.: J40/4960/2014
- CUI: 33090409
- Data protection e-mail: [email protected]
- General e-mail: [email protected]
We have not appointed a statutory Data Protection Officer (DPO), but any data-related request may be sent to [email protected].
---
## 2. Our Role: Controller vs. Processor
This distinction is essential:
- As CONTROLLER, we process data we collect directly to create and manage your account, bill and operate the contract (Sections 3–9).
- As PROCESSOR, we process data you, as the Customer, enter or connect in the Platform (Customer Content). For that data, you are the controller and we process strictly on your documented instructions and per the Data Processing Agreement (DPA) (Section 11).
---
## 3. Data We Collect and How
a) Data you provide: name, e-mail, phone, job title, company; authentication data (username, hashed password); billing data (billing address, CUI/CIF; card data is handled directly by Stripe, not us); communications (support, feedback).
b) Data collected automatically: technical data (IP, browser, OS, ISP, timestamps); usage data (login frequency, features accessed, dashboard settings); AI metadata (prompt volume, LLM model types, estimated cost); cookies (Section 4).
c) Data from sources you connect: when you connect third-party accounts (e.g. Google Analytics, Google Search Console), we access the data you authorize, solely to provide the Service. This may be Customer Content (Section 11).
---
## 4. Cookies and Similar Technologies
We use cookies to operate and improve the Service. You can manage them via the consent banner and your browser.
| Category | Purpose | Basis |
|---|---|---|
| Essential (strictly necessary) | Session, authentication, security (CSRF), payment security (Stripe) | Legitimate interest / necessary — no consent required |
| Analytics | Google Analytics 4 – usage measurement | Consent |
| Marketing (optional) | Google Ads, LinkedIn Insight Tag, Meta Pixel – remarketing | Consent |
Non-essential cookies are activated only after your consent and can be withdrawn anytime.
---
## 5. Purposes and Legal Bases (as Controller)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Account creation/management, Service provision | Contract performance (6(1)(b)) |
| Billing, collection, accounting | Legal obligation (6(1)(c)) + contract |
| Support and transactional communications | Contract performance (6(1)(b)) |
| Security, fraud prevention, logging | Legitimate interest (6(1)(f)) |
| Service improvement, usage statistics | Legitimate interest / Consent (cookies) |
| Direct marketing (newsletter, offers) | Consent (6(1)(a)), revocable anytime |
| Defending a legal claim | Legitimate interest (6(1)(f)) |
---
## 6. Who Has Access (Recipients and Sub-processors)
We do not sell your data. We disclose it only to: our staff and contractors on a need-to-know basis; service providers (sub-processors) who help us operate the Service, under confidentiality and data-protection obligations; authorities where legally required.
Sub-processor categories:
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and billing | EU / US |
| Claus Web SRL (clausweb.ro) | Application and database hosting | Romania (EU) |
| OpenAI (ChatGPT) | Processing monitored prompts | US |
| Anthropic (Claude) | Processing monitored prompts | US |
| Google (Gemini, Google AI Overviews/AI Mode, Custom Search, GA4, Search Console) | Prompt processing, domain resolution, traffic analysis | EU / US |
| Perplexity | Processing monitored prompts | US |
| Transactional e-mail provider | Sending system e-mails | EU / US |
| Google Analytics | Traffic statistics (anonymized/pseudonymized) | EU / US |
The current sub-processor list is available on request and/or on our dedicated sub-processors page. We will notify relevant changes per the DPA.
> Important note on prompts: to measure visibility, the prompts you monitor are transmitted to the third-party AI Engines above. We recommend you do not include personal data or sensitive confidential information in prompts.
---
## 7. International Data Transfers
Some sub-processors (e.g. OpenAI, Anthropic, Perplexity, Stripe, Google) may process data outside the European Economic Area, including in the US. Such transfers are protected by appropriate legal mechanisms under the GDPR, in particular the Standard Contractual Clauses (SCCs) and/or applicable adequacy frameworks (e.g. the EU-US Data Privacy Framework, where the provider is certified).
---
## 8. Data Security
We implement appropriate technical and organizational measures: password hashing, encryption in transit (HTTPS/TLS), role-based access control, per-organization data separation (multi-tenant), backups, logging and monitoring, least-privilege access. No system is 100% secure; we cannot guarantee absolute security.
In the event of a personal data breach with risk to data subjects, we will notify the supervisory authority (ANSPDCP) and, where required, affected individuals, within legal deadlines.
---
## 9. Data Retention
| Data type | Period |
|---|---|
| Account data | For the life of the account |
| Usage data / technical logs | Deleted 30 days after account closure |
| Billing/accounting data | 10 years (Romanian Accounting Law 82/1991) |
| Marketing data | Until consent is withdrawn |
| Customer Content | Per the DPA and Customer instructions (Section 11) |
---
## 10. Your Rights (GDPR)
You have the right to: access, rectification, erasure ("right to be forgotten"), restriction, data portability, objection (including to direct marketing), and not to be subject to a decision based solely on automated processing with significant legal effects. You may withdraw consent anytime, without affecting prior lawful processing.
To exercise your rights, write to [email protected]. We respond within 30 days.
You may also lodge a complaint with the Romanian Supervisory Authority (ANSPDCP) – Bd. G-ral Gh. Magheru 28-30, Bucharest; www.dataprotection.ro.
> If your data was entered into the Platform by one of our Customers (e.g. your employer or an agency), we act as a processor and requests must be addressed to that controller (the Customer). We will redirect or assist the Customer per the DPA.
---
## 11. Customer-Entered Data (Processor Role)
11.1. For data within Customer Content (brands, prompts, competitors, domains, GA4/GSC-connected data, any included personal data), the Customer is the controller and Seenly is the processor.
11.2. We process such data only on the Customer's documented instructions and to provide the Service, per the Data Processing Agreement (DPA).
11.3. The Customer is responsible for having a valid legal basis and for informing data subjects of such processing.
11.4. On termination, we delete or return Customer Content per the DPA and Customer instructions, subject to legal retention obligations.
---
## 12. Automated Decisions and AI
The Service uses automated processing (visibility scores, recommendations) and third-party AI Engines. These are support tools and do not produce decisions with legal or similarly significant effects on data subjects within the meaning of Art. 22 GDPR.
---
## 13. Minors
The Service is not aimed at persons under 18, and we do not knowingly collect minors' data.
---
## 14. Updates and Contact
We may update this Policy. Material changes will be notified by e-mail or in the Platform. Questions: [email protected].