1. Data Controller
This Privacy Policy applies to the Ask4Date platform (askfordate.app), operated by a company registered in Romania (European Union). We are subject to the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and Romanian Law no. 190/2018. The supervisory authority is ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal).
For any privacy-related requests or questions, contact us at privacy@askfordate.app. Full legal details of the data controller are available in Section 12.
2. Data We Collect
Account data
- Email address and hashed password (or OAuth provider token)
- Display name, profile photo, date of birth (optional)
- Account creation date and last sign-in timestamp
Proposal data
- Creator name and recipient name you enter
- Personal message, selected activities, time slots
- AI-generated text produced for your proposal
- Recipient's selected slot, activity preference, dress code
- Proposal status and completion timestamp
Technical and anti-abuse data
- IP address (collected at proposal creation for free-plan abuse prevention)
- Browser fingerprint via FingerprintJS (free plan only, for anti-spam)
- Device type, browser, operating system (standard server logs)
- Analytics events: proposal opened, response given, slot selected
Payment data
- Stripe customer ID and subscription/session ID
- Plan purchased, amount, date of transaction
- We never store card numbers — all card data is handled exclusively by Stripe.
Important: Proposal content (names, messages, activities) is processed by Anthropic's Claude API to generate personalized text. No proposal content is stored by Anthropic beyond the API call.
3. Legal Basis for Processing (GDPR Art. 6)
| Data type | Legal basis | Article |
|---|---|---|
| Account creation & management | Performance of a contract | Art. 6(1)(b) |
| Proposal creation and delivery | Performance of a contract | Art. 6(1)(b) |
| Payment processing | Performance of a contract | Art. 6(1)(b) |
| IP address & fingerprint (anti-abuse) | Legitimate interest | Art. 6(1)(f) |
| Analytics events | Legitimate interest | Art. 6(1)(f) |
| Financial record keeping | Legal obligation | Art. 6(1)(c) |
| Email marketing (if opted in) | Consent | Art. 6(1)(a) |
4. How We Use Your Data
- Create and manage your account
- Generate AI-personalized proposal pages through Claude API
- Send confirmation emails and proposal invitations via Resend
- Process payments and manage your subscription plan via Stripe
- Prevent abuse and duplicate free invitations (IP + fingerprint checks)
- Provide real-time proposal analytics to creators
- Comply with legal and fiscal obligations (Romanian accounting law)
- Improve and secure the platform
We do not sell your personal data. We do not use your data for automated individual decision-making with legal effects as defined in GDPR Article 22.
6. International Data Transfers
Several of our processors are located in the United States. Transfers to the US are carried out under Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to GDPR Article 46(2)(c), ensuring an adequate level of protection.
Stripe processes payments through its Irish entity (Stripe Payments Europe, Limited), which is subject to EU data protection law directly.
7. Data Retention
| Data | Retention period | Reason |
|---|---|---|
| Account & profile data | Until account deletion + 30 days | Contract performance |
| Proposal content | Until account deletion | Contract performance |
| Payment records | 5 years after transaction | Romanian fiscal law (Legea contabilității) |
| IP address logs | 90 days | Security & anti-abuse |
| Browser fingerprint | 90 days | Anti-abuse (legitimate interest) |
| Analytics events | 24 months | Legitimate interest |
When you delete your account, we delete or anonymize all personal data within 30 days, except where retention is required by law (e.g. financial records).
8. Your Rights Under GDPR
As a data subject you have the following rights, exercisable free of charge:
- Right of access (Art. 15) — request a copy of all data we hold about you
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten")
- Right to restriction (Art. 18) — restrict processing while a dispute is resolved
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent — at any time, where processing is based on consent
To exercise any right, email us at privacy@askfordate.app. We will respond within 30 days as required by GDPR Article 12.
Right to lodge a complaint: You have the right to lodge a complaint with the Romanian supervisory authority — ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at www.dataprotection.ro, or with the supervisory authority of your EU country of residence.
9. Security
We implement appropriate technical and organizational measures to protect your data, including:
- All data transmitted over HTTPS/TLS encryption
- Passwords hashed using bcrypt (managed by Supabase Auth)
- Database access restricted via Row-Level Security (RLS) policies
- Payment data handled exclusively by PCI-DSS compliant Stripe
- API keys and credentials stored as environment variables, never in code
- Rate limiting on all sensitive endpoints
In the event of a personal data breach that poses a risk to your rights, we will notify ANSPDCP within 72 hours and affected users without undue delay, as required by GDPR Article 33-34.
10. Children's Privacy
Ask4Date is not directed to persons under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@askfordate.app and we will delete that data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Contact
For any privacy-related questions or to exercise your rights:
- Email: privacy@askfordate.app
- General support: support@askfordate.app
- Supervisory authority: ANSPDCP — www.dataprotection.ro
Ask4Date is a product of Black Keno S.R.L., a company registered in Romania under CUI 46207811, Trade Register no. J2022003445231, with registered office at Str. Tudor Arghezi nr. 7, Mangalia, Constanța, Romania, European Union.