Privacy Policy

1. Introduction

SeasOptima ("we", "us", "our") operates the website seasoptima.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the Romanian Data Protection Law, and other applicable data protection legislation.

SeasOptima is operated from Romania, European Union.

2. Data We Collect

We collect the following categories of personal data:

Account Data

When you register, we collect your email address, name, and password (stored in hashed form). If you upgrade to a premium plan, payment processing is handled by Stripe — we do not store your credit card details.

Usage Data

We collect information about how you interact with our platform, including pages visited, features used, symbols analyzed, and alerts configured. This data helps us improve our service.

Technical Data

We automatically collect your IP address, browser type, operating system, referring URL, and device information through server logs and analytics tools.

Communication Data

If you contact us via the contact form, we collect your name, email address, and message content.

3. How We Use Your Data

We use your personal data for the following purposes:

• Provide our service: To create and manage your account, display seasonality data, send configured alerts, and process payments.
• Improve our platform: To analyze usage patterns, fix bugs, and develop new features.
• Communicate with you: To send service notifications, respond to inquiries, and deliver email alerts you have opted into.
• Analytics: To understand how our platform is used and measure the effectiveness of our features (only with your consent).
• Legal compliance: To comply with legal obligations and protect our legitimate interests.

4. Legal Basis for Processing

Under GDPR Article 6, we process your data based on the following legal grounds:

• Consent (Art. 6(1)(a)): For analytics cookies (Google Analytics) and marketing communications. You can withdraw consent at any time.
• Contract performance (Art. 6(1)(b)): To provide the services you have registered for, including account management, data display, and alert delivery.
• Legitimate interest (Art. 6(1)(f)): For platform security, fraud prevention, and service improvement, where our interests do not override your rights.

5. Cookies and Tracking

We use the following cookies and tracking technologies:

You can manage your cookie preferences at any time by clearing your browser's localStorage and refreshing the page. The cookie consent banner will reappear.

6. Third-Party Services

We share data with the following third-party processors:

• Google Analytics (Google LLC, USA) — Website analytics — tracks page views and user interactions. Only activated with your consent. Google processes data under Standard Contractual Clauses (SCCs) for EU-US data transfers.
• Stripe (Stripe Inc., USA) — Payment processing — handles premium subscription payments. Stripe acts as an independent data controller for payment data. Stripe is certified under the EU-US Data Privacy Framework.

We do not sell, rent, or trade your personal data to any third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes). Analytics data is anonymized and aggregated, and does not identify individual users after processing.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to restrict processing (Art. 18): Request limitation of how we process your data.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time for consent-based processing (e.g., analytics cookies).

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.

9. International Data Transfers

Some of our third-party service providers (Google, Stripe) are based in the United States. Data transfers to the US are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework. We ensure that any international transfer of personal data meets the requirements of GDPR Chapter V.

10. Children's Privacy

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of our platform after changes constitutes acceptance of the updated policy.

12. Contact & Complaints

For any questions about this Privacy Policy or to exercise your data protection rights, contact us at:

Email: contact@seasoptima.com

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):