Skip to content

Privacy policy

Last updated: April 1, 2026

SC Web LOFT SRL, through the ProxyDrone platform ("ProxyDrone", "we") is committed to protecting the privacy of your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR β€” EU Regulation 2016/679).

1. Data Controller

The data controller is:

SC Web LOFT SRL
CUI: 44674942 · J40/13171/2021
Registered office: Str. Buzoeni 14, Bl. M33, Sc. 1, Et. 7, Ap. 45, Sector 5, Bucharest, Romania
Email: [email protected]

2. Data We Collect

2.1 Data you provide directly

  • Identification data: full name, email address, phone number;
  • Company data: company name, tax ID (CUI), trade registry number, registered address (for B2B users);
  • Operator data: drone pilot licence number, verification documents (licence, insurance), specialties;
  • Location data: addresses, GPS coordinates of fields/work sites, parcel polygons;
  • Generated content: chat messages, reviews, support tickets, attachments.

2.2 Data collected automatically

  • Technical data: IP address, browser type, operating system, device identifiers;
  • Usage data: pages visited, in-app actions, timestamps;
  • Cookies: session cookies, language preferences, authentication tokens.

3. Purposes of Data Processing

We process your data to:

  • Provide the service: account creation and management, booking processing, client-operator matching based on geographic proximity;
  • Payments: payment processing, escrow management, invoice generation;
  • Communication: job status notifications, transactional emails, support responses;
  • Safety: operator identity verification, fraud prevention, content moderation;
  • Service improvement: usage analytics, aggregate statistics (anonymized);
  • Legal obligations: tax compliance, responses to authority requests.

4. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR) β€” for providing Platform services;
  • Legal obligation (Art. 6(1)(c) GDPR) β€” for tax compliance and regulations;
  • Legitimate interest (Art. 6(1)(f) GDPR) β€” for fraud prevention and service improvement;
  • Consent (Art. 6(1)(a) GDPR) β€” for marketing communications (newsletter).

5. Data Sharing with Third Parties

We share your data only with:

  • Stripe β€” payment processor (transaction data, per Stripe Privacy Policy);
  • Google Maps Platform β€” geolocation services (GPS coordinates for matching);
  • Firebase (Google) β€” mobile push notifications;
  • Amazon Web Services (AWS) β€” file storage (documents, attachments);
  • Email provider β€” transactional email delivery.

We do not sell or share your data with third parties for advertising purposes.

6. International Data Transfers

Some of our providers (Stripe, AWS, Google) may process data outside the European Economic Area. These transfers are protected by Standard Contractual Clauses approved by the European Commission or appropriate certifications (e.g., EU-US Data Privacy Framework).

7. Data Retention Period

  • Account data: for the duration of the account + 5 years after deletion (tax obligations);
  • Transaction data: 10 years (Romanian tax legislation);
  • Operator documents: for the duration of the account + 3 years;
  • Messages and reviews: for the duration of the account;
  • Technical logs: maximum 12 months;
  • Marketing data: until consent withdrawal.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access β€” you may request a copy of your personal data;
  • Right to rectification β€” you may correct inaccurate data in your profile;
  • Right to erasure ("right to be forgotten") β€” you may request data deletion, except where required for legal obligations;
  • Right to restriction of processing β€” you may limit how we process your data;
  • Right to data portability β€” you may receive your data in a structured format (JSON/CSV);
  • Right to object β€” you may object to processing based on legitimate interest;
  • Right to withdraw consent β€” at any time, for consent-based processing.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest;
  • Secure token-based authentication (Sanctum);
  • Role-based access control;
  • Regular backups;
  • Access monitoring and logging.

10. Cookies

We use cookies and similar technologies for:

  • Essential cookies: authentication, language preferences, CSRF token;
  • Analytics cookies: Google Analytics (anonymized) to understand Platform usage.

You can manage cookie preferences in your browser settings.

11. Minors

The Platform is not intended for persons under 18 years of age. We do not knowingly collect data from minors.

12. Policy Changes

We may update this Policy periodically. Significant changes will be communicated by email. The date of the last update is displayed at the top of this page.

13. Supervisory Authority

If you believe that our processing of your data violates the GDPR, you have the right to file a complaint with:

National Supervisory Authority for Personal Data Processing (ANSPDCP)
Website: www.dataprotection.ro

14. Contact

For any privacy-related questions: