Privacy Policy v2.0 — March 2026
1. Data Controller
SIBSTIL DOORS SRL
Str. Oștirii, Nr. 6, Sc. B, Et. 7, Ap. 73
Municipiul Sibiu, Județul Sibiu, România
Registration: J32/358/2009 | CIF: RO25411699
Email: sibstil@gmail.com
Website: typiq-app.com
2. What Data We Collect and Why
We apply strict data minimization. We only collect what is strictly necessary.
| Data | Why we collect it | Legal Basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Email address | Deliver license key after purchase; respond to support requests | Art. 6(1)(b) — contract performance | 5 years (Romanian accounting law) |
| Payment metadata (order ID, amount, date) | Accounting and tax compliance | Art. 6(1)(c) — legal obligation | 5 years |
| Hardware fingerprint (machine ID) | License activation and anti-piracy; stored locally on your device only, never transmitted to our servers | Art. 6(1)(f) — legitimate interest | Local only, deleted when you uninstall |
| Student progress data (schools only) | Progress tracking dashboard for teachers | Art. 6(1)(b) — contract with school; parental consent where required | Duration of school license |
We do NOT collect: names, phone numbers, IP addresses, location data, browsing history, device specifications beyond the hardware fingerprint, or any behavioral tracking data.
3. Transparency — How We Use Your Data (GDPR Art. 12-14)
In compliance with GDPR Articles 12, 13, and 14, and the EDPB's 2026 coordinated enforcement priorities on transparency, we provide the following detailed information:
- Purpose of processing: Exclusively as described in Section 2. We do not use your data for profiling, advertising, or any purpose beyond what is listed.
- Automated decision-making: We do not use your personal data for any automated decision-making or profiling as defined in GDPR Art. 22.
- Source of data: All data is provided directly by you (email at purchase) or generated locally on your device (hardware fingerprint).
- Recipients: Your email and payment metadata are processed by Stripe (see Section 4). No other third parties receive your personal data.
4. Data Access Rights — EU Data Act (Regulation 2023/2854)
Under the EU Data Act, applicable since September 12, 2025, you have the right to access data generated through your use of Typiq. Specifically:
- Your typing progress data (WPM, accuracy, lessons completed) is stored locally on your device in your browser's localStorage and is fully accessible to you at all times.
- For school accounts, administrators can export all student progress data in CSV format from the dashboard.
- We do not retain usage data on our servers for personal license users.
5. Data Processors
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe Inc. | Payment processing | USA | EU-U.S. Data Privacy Framework (confirmed valid by CJEU, Sept. 2025) |
| SmartBill SRL | Invoice generation and delivery | Romania (EU) | EU jurisdiction, GDPR compliant |
| Hetzner Online GmbH | Web hosting (typiq-app.com) | Germany (EU) | EU jurisdiction, GDPR compliant |
6. International Data Transfers
Payment processing by Stripe involves transfer of data to the United States. This transfer is lawful under the EU-U.S. Data Privacy Framework, whose validity was confirmed by the Court of Justice of the European Union in September 2025. Invoice generation by SmartBill is processed within the EU (Romania). No other international transfers occur.
7. Your Rights (GDPR Art. 15-22)
You have the following rights regarding your personal data:
| Right | Description | How to exercise |
|---|---|---|
| Access (Art. 15) | Receive a copy of all data we hold about you | Email us |
| Rectification (Art. 16) | Correct inaccurate data | Email us |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") | Email us |
| Portability (Art. 20) | Receive your data in machine-readable format | Email us |
| Object (Art. 21) | Object to processing based on legitimate interest | Email us |
| Restrict processing (Art. 18) | Limit how we use your data | Email us |
| Withdraw consent (Art. 7(3)) | Where processing is based on consent, withdraw at any time | Email us |
We will respond to all requests within 30 days as required by GDPR Art. 12(3). To exercise any right: sibstil@gmail.com
8. Children's Privacy
Typiq may be used by minors in an educational context under a school license. We apply the following protections:
- We do not collect personal data from students under 16 without verifiable parental or guardian consent, as required by GDPR Art. 8 and applicable national law.
- Schools are responsible for obtaining appropriate parental consent in their jurisdiction (including COPPA for U.S. users under 13).
- Student accounts use only a display name — we do not require or store real names, dates of birth, or any sensitive data of minors.
- Student data is never used for advertising, profiling, or any purpose beyond educational progress tracking.
9. Security
We implement the following technical and organizational security measures:
- HTTPS encryption for all data in transit on typiq-app.com
- Access controls and authentication for school admin dashboards
- Regular security reviews and vulnerability assessments
- No sensitive personal data stored on application servers for personal license users
- Hardware fingerprint processed locally only — never transmitted
In the event of a personal data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33, and in accordance with the single-entry point procedures introduced by Regulation (EU) 2025/2518.
10. Cookies
We use only essential cookies. No advertising or tracking cookies. See our Cookie Policy.
11. Supervisory Authorities
Romania (lead authority):
ANSPDCP — Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30, București | www.dataprotection.ro
You also have the right to lodge a complaint with the supervisory authority in your country of residence within the EU/EEA. Under Regulation (EU) 2025/2518 (in force since January 1, 2026), cross-border enforcement cooperation between EU authorities has been further harmonized.
12. Changes to This Policy
We may update this policy to reflect changes in law or our practices. Material changes will be communicated via email at least 30 days before taking effect. The current version is always available at typiq-app.com/privacy-policy.
13. Contact
All privacy requests: sibstil@gmail.com
We aim to respond within 5 business days for general inquiries and within 30 days for formal data subject rights requests.