Privacy Policy
This privacy policy details eStudent’s data protection and privacy practices and commitments to our users. The policy is formulated to reflect compliance with Regulation (EU) 2016/679 (“GDPR“), protecting users’ rights and ensuring full transparency in data processing. We comply with the principles of lawfulness, fairness and transparency, ensuring responsible and secure handling of your data.
- Data Collected
- Personal Data: This includes, but is not limited to:
- First and Last Name: Used to identify the user within the application.
- Email: Used for official communications, notifications and password reset.
- Password: Stored in encrypted format to ensure user account security.
- Address (optional): Required when invoicing users.
- CNP/CUI (optional): Stored in accordance with tax regulations, only if the user has opted for invoicing.
- Device Data: The application collects information about the user’s device, including operating system, application version, and unique device identifiers.
- Error Logs: In order to improve the app, eStudent will store error logs and usage statistics. This information is anonymized and is not used to identify users.
- Purpose of Data Collection
- Provision of Services: Data is needed to provide personalized assistance to users and to respond to user inquiries.
- Account Management: We use the information to manage user accounts, process deletion requests, and ensure account security.
- Application Analysis and Improvement: Error logs and usage data are used to identify problems and optimize application performance.
- User Consent
- Users’ Rights
- Right of Access: Users may request information about the personal data stored and how it is used.
- Right to Rectification: Users may request the correction of inaccurate or incomplete personal data.
- Right to Erasure: Users may request the deletion of personal data. This process will be handled according to the data erasure policy in the Terms and Conditions of the Application.
- Right to Object: Users may refuse the processing of personal data under certain circumstances.
- Right to Restrict Processing: Users have the right to request restriction of data processing in certain circumstances, such as challenging data accuracy or objecting to processing.
- Right to Data Portability: Users may request that their data be transferred to another controller in a structured, commonly used and machine-readable format.
- Data Storage
- Firebase: The eStudent Application uses the Firebase platform, a service owned by Google, for several critical functionalities. The database and technical infrastructure are hosted by Firebase, with servers located in Google data centers that meet the highest security standards. Firebase modules used include:
- Firebase Authentication: used for secure authentication of users into the application.
- Firestore: Real-time data storage service used for storing chat messages and other user interactions with the AI system.
- Firebase File Storage: Used for uploading and storing files/documents added by users.
- Firebase Crashlytics: Used for monitoring and reporting application errors to improve performance.
- Firebase Functions: Uses serverless functions to run operations and processes on the backend securely and efficiently.
- Stripe: eStudent uses Stripe to process payments that are not made through the App Store. Stripe stores and processes users’ financial information in compliance with international PCI DSS standards, ensuring complete protection of payment data.
- OneSignal: Used to manage push notifications in the app. These notifications are sent to users to inform them about important updates or activities related to their account.
- Enlivy.com: The app uses the Enlivy service to automatically generate invoices and, if necessary, send them to the ANAF SPV in accordance with tax legislation. Enlivy manages the invoice-related data and stores it in an encrypted and secure format.
- eStudent Application Employees: only authorized eStudent staff have access to user data for technical support and service operation purposes.
- Enlivy SRL: Enlivy SRL, as the developer of the application and provider of the billing service, has access to invoice data and the information needed to process the invoices.
- Error Logs: These are stored through Firebase Crashlytics and are used for diagnosing and troubleshooting technical problems with the Application.
- iNotes and User Uploaded Files: Any files or documents uploaded by users are stored on Firebase File Storage, securely protected and accessible only to the uploading user and the AI system.
- Chat Messages and AI Responses: Interactions between users and the AI-based chatbot are stored on Firestore to improve responses and allow users to review conversation history.
- Tags and User Profiles: The Application stores tags and information associated with user profiles to personalize the user experience and improve the relevance of the content provided.
- Billing Information: Users’ billing information is stored in both Stripe for payment management and Enlivy for invoicing.
- Data Transfer
- Cookies and Similar Technologies
- Audit
- Changes to the Privacy Policy
- Contact