Privacy Policy

How we collect, use, and protect your data

Last updated: February 14, 2026

1. Data Controller

The data controller is NOTSOWMS, based in Timișoara, Romania. Contact email: [email protected] Phone: +40 743 548 754

2. Data Collected

We collect the following categories of data: - Account data: name, email, phone, company name, role in organization - Usage data: access logs, platform actions, IP addresses, browser type - Warehouse data: products, inventory, orders, end-customer information, AWBs, invoices - Payment data: processed exclusively through Stripe; we do not store card data - Form data: information submitted through the contact or demo request form

3. Purpose of Processing

Data is processed for: - Providing and operating the WMS service - Generating AWBs and communicating with courier services - Issuing invoices and compliance with e-Factura ANAF - Technical support and Client communication - Improving platform performance and functionality - Compliance with legal obligations (tax, GDPR, e-Transport)

4. Legal Basis

Data processing is based on: - Contract performance (Art. 6(1)(b) GDPR) — for service delivery - Legal obligation (Art. 6(1)(c) GDPR) — for tax compliance, e-Factura, e-Transport - Legitimate interest (Art. 6(1)(f) GDPR) — for security, fraud prevention, and service improvement - Consent (Art. 6(1)(a) GDPR) — for marketing communications (optional)

5. Data Sharing

Data may be shared with: - Courier services (FAN Courier, Sameday, Cargus, etc.) — for parcel generation and delivery - Invoicing platforms (SmartBill, Oblio) — for invoice issuance - ANAF — for e-Factura and e-Transport compliance (legal obligation) - Stripe — for payment processing - EU cloud infrastructure provider — for hosting and backup We do not sell or share data with third parties for marketing purposes.

6. Data Retention

- Account data: for the duration of the contract + 30 days after termination - Warehouse data: for the duration of the contract + 30 days (export available) - Tax data (invoices, e-Factura): 10 years per Romanian tax legislation - Security logs: 1 year - Contact form data: 12 months

7. Your Rights

Under GDPR, you have the following rights: - Right of access — you can request a copy of your data - Right to rectification — you can correct inaccurate data - Right to erasure — you can request deletion of data (except data retained by legal obligation) - Right to portability — you can receive data in a structured format - Right to object — you can object to processing based on legitimate interest - Right to lodge a complaint with ANSPDCP (National Supervisory Authority)

8. Cookies

The Platform uses: - Essential cookies — required for platform operation (authentication, session) - Analytics cookies — to understand usage patterns (anonymized) We do not use marketing or third-party tracking cookies.

9. Security Measures

We protect data through: - Encryption in transit (TLS 1.3) and at rest (AES-256) - Multi-factor authentication (TOTP and WebAuthn) - Role-based access control (RBAC) - Complete audit trail of all actions - Encrypted daily backups - Continuous monitoring and security alerts

10. Contact

For any data protection questions: Email: [email protected] Phone: +40 743 548 754 Address: Timișoara, Romania You may file a complaint with ANSPDCP: www.dataprotection.ro