Privacy Policy

This privacy policy details eStudent’s data protection and privacy practices and commitments to our users. The policy is formulated to reflect compliance with Regulation (EU) 2016/679 (“GDPR“), protecting users’ rights and ensuring full transparency in data processing. We comply with the principles of lawfulness, fairness and transparency, ensuring responsible and secure handling of your data.
  1. Data Collected
The eStudent Application collects the following types of data, essential for the delivery of its services:
  • Personal Data: This includes, but is not limited to:
  • First and Last Name: Used to identify the user within the application.
  • Email: Used for official communications, notifications and password reset.
  • Password: Stored in encrypted format to ensure user account security.
  • Address (optional): Required when invoicing users.
  • CNP/CUI (optional): Stored in accordance with tax regulations, only if the user has opted for invoicing.
  • Device Data: The application collects information about the user’s device, including operating system, application version, and unique device identifiers.
  • Error Logs: In order to improve the app, eStudent will store error logs and usage statistics. This information is anonymized and is not used to identify users.
  1. Purpose of Data Collection
Data collected is used for the following purposes:
  • Provision of Services: Data is needed to provide personalized assistance to users and to respond to user inquiries.
  • Account Management: We use the information to manage user accounts, process deletion requests, and ensure account security.
  • Application Analysis and Improvement: Error logs and usage data are used to identify problems and optimize application performance.
Automated processing of your data, including profiling, is performed to provide a personalized experience and improve our services. Profiling is based on the data of your interactions with the app and is performed solely to tailor content and notifications to your preferences. You have the right to object to automated profiling that produces legal or significant effects on you. The processing of your data is based on one of the following legal grounds, depending on the context: your explicit consent, the need to perform a contract, eStudent’s legitimate interests (such as improving the application) or compliance with legal obligations. Data processing is always carried out in accordance with these grounds to ensure legal compliance and the protection of your rights.
  1. User Consent
By downloading and using the Application, users consent to the collection and processing of personal data in accordance with this policy. Users may revoke consent at any time by contacting the support team. However, revoking consent may affect the functionality of the Application.
  1. Users’ Rights
Users have the following rights in relation to personal data:
  • Right of Access: Users may request information about the personal data stored and how it is used.
  • Right to Rectification: Users may request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: Users may request the deletion of personal data. This process will be handled according to the data erasure policy in the Terms and Conditions of the Application.
  • Right to Object: Users may refuse the processing of personal data under certain circumstances.
  • Right to Restrict Processing: Users have the right to request restriction of data processing in certain circumstances, such as challenging data accuracy or objecting to processing.
  • Right to Data Portability: Users may request that their data be transferred to another controller in a structured, commonly used and machine-readable format.
  1. Data Storage
eStudent uses several third-party services to store, process and secure user data. These services are essential for the operation of the Application and ensure compliance with security and data protection regulations, including GDPR. Your personal data is retained for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable law. Specifically, error logs are kept for a reasonable period of time, uploaded files are available for the duration of your account usage, and billing data is retained in accordance with applicable tax obligations. Upon expiration of retention periods, data is securely and irreversibly deleted. 5.1 Storage and Processing Services Used Data collected from users is stored and processed through the following external platforms and services:
  • Firebase: The eStudent Application uses the Firebase platform, a service owned by Google, for several critical functionalities. The database and technical infrastructure are hosted by Firebase, with servers located in Google data centers that meet the highest security standards. Firebase modules used include:
  • Firebase Authentication: used for secure authentication of users into the application.
  • Firestore: Real-time data storage service used for storing chat messages and other user interactions with the AI system.
  • Firebase File Storage: Used for uploading and storing files/documents added by users.
  • Firebase Crashlytics: Used for monitoring and reporting application errors to improve performance.
  • Firebase Functions: Uses serverless functions to run operations and processes on the backend securely and efficiently.
  • Stripe: eStudent uses Stripe to process payments that are not made through the App Store. Stripe stores and processes users’ financial information in compliance with international PCI DSS standards, ensuring complete protection of payment data.
  • OneSignal: Used to manage push notifications in the app. These notifications are sent to users to inform them about important updates or activities related to their account.
  • Enlivy.com: The app uses the Enlivy service to automatically generate invoices and, if necessary, send them to the ANAF SPV in accordance with tax legislation. Enlivy manages the invoice-related data and stores it in an encrypted and secure format.
5.2 Access to Data Access to user data is strictly limited and managed responsibly on a need-to-know basis:
  • eStudent Application Employees: only authorized eStudent staff have access to user data for technical support and service operation purposes.
  • Enlivy SRL: Enlivy SRL, as the developer of the application and provider of the billing service, has access to invoice data and the information needed to process the invoices.
5.3 Data Stored by eStudent The eStudent application collects and stores the following types of data:
  • Error Logs: These are stored through Firebase Crashlytics and are used for diagnosing and troubleshooting technical problems with the Application.
  • iNotes and User Uploaded Files: Any files or documents uploaded by users are stored on Firebase File Storage, securely protected and accessible only to the uploading user and the AI system.
  • Chat Messages and AI Responses: Interactions between users and the AI-based chatbot are stored on Firestore to improve responses and allow users to review conversation history.
  • Tags and User Profiles: The Application stores tags and information associated with user profiles to personalize the user experience and improve the relevance of the content provided.
  • Billing Information: Users’ billing information is stored in both Stripe for payment management and Enlivy for invoicing.
  1. Data Transfer
eStudent will not transfer users’ personal data outside the European Union. All data is managed and stored in accordance with GDPR regulations. eStudent may share your personal data with affiliated entities or contractual partners that ensure the functionality of the application, under strict confidentiality agreements. All partners and employees involved in the data processing are contractually bound to respect the privacy principles and provide a level of protection equivalent to that applied by eStudent.
  1. Cookies and Similar Technologies
The Application does not use cookies as it is a mobile application. However, there may be tracking technologies used to collect data about the use of the Application and to improve the user experience.
  1. Audit
eStudent carries out regular internal and external audits to ensure compliance with applicable data protection legislation and to maintain the highest standards of privacy. In the event of any significant legislative changes or changes in application infrastructure, we review and update our privacy procedures.
  1. Changes to the Privacy Policy
eStudent reserves the right to modify this Privacy Policy at any time. Users will be notified of significant changes through the Application. Continued use of the Application after the changes constitute acceptance of the new terms.
  1. Contact
For any questions or concerns regarding this Privacy Policy, users may contact the eStudent team at their contact address. ([email protected])