Privacy Policy

Last updated: 13 June 2026

This policy explains how SC FRANC AGENCY SRL (J26/1416/2019, fiscal code 41326552, Târgu Mureș, Romania — "Franc", "we") processes personal data in connection with the franc.business website and the Franc Business platform. We act as data controller for account and website data, and as data processor for the content our customers store in their workspaces (their clients, contacts, invoices, etc.).

1. What we collect

• Account data: name, work email, password (stored only as a cryptographic hash), agency name.
• Workspace content: the business data you add (clients, contracts, invoices, time entries, costs). You control this content.
• Security & usage logs: for abuse prevention we log events such as sign-ups and failed logins with hashed IP addresses, timestamps, and event type.
• Newsletter: email address, if you subscribe.

2. Why we process it (legal bases)

• To provide the Service under our contract with you (Art. 6(1)(b) GDPR).
• To secure the Service — rate limiting, fraud and abuse prevention (legitimate interest, Art. 6(1)(f)).
• To send the newsletter you asked for (consent, Art. 6(1)(a)); unsubscribe anytime.
• To comply with legal obligations, e.g. invoicing and tax rules (Art. 6(1)(c)).

3. Where your data lives

Platform data is stored in the European Union (database hosted in Frankfurt, Germany). Our infrastructure providers may process limited technical data to deliver the service globally.

4. Sub-processors

• Vercel Inc. — application hosting and content delivery.
• Neon Inc. — managed PostgreSQL database (EU region, Frankfurt).
• Stripe — payment processing (once billing is active); card data never touches our servers.
• Resend — transactional email delivery (once active).

5. Retention

• Account and workspace data: for as long as your account is active, then deleted within 90 days of account closure (export available on request).
• Security logs: up to 12 months.
• Invoicing records: as required by Romanian fiscal law.

6. Your rights

Under the GDPR you have the right of access, rectification, erasure, restriction, portability, and objection, plus the right to lodge a complaint with a supervisory authority (in Romania: ANSPDCP). To exercise any right, write to support@franc.business.

7. Customers' workspace content

Data that our customers store about their clients is controlled by the respective customer; we process it solely on their instructions to operate the platform. If you believe an agency stores your data in Franc Business, please contact that agency first; we will assist as processor.

8. Cookies

See our Cookie Policy — we currently use essential cookies only.

9. Changes

We will announce material changes to this policy in-app or by email.