Privacy Policy

Last updated: Tuesday, 04 October 2022

Thank you for your interest in this Privacy Policy! At Iteration1, we take the protection of your Personal Data very seriously.This Privacy Policy applies to and in accordance with Romania's Law No. 190/2018 ("the GDPR Implementation Law") and the General Data Protection Regulation ("GDPR"), we inform you about the scope of the processing of your personal data when you visit our website and use our services.

Responsible for data processing

Responsible for data processing in accordance with the GDPR is:

Stejarului 38, Floresti, 407280, Cluj,


General information on data processing

In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the European Union ("EU") and the European Economic Area ("EEA"). We have described where we transfer data outside the EU or the EEA below.

Further, regarding the transfer of data into the USA, the EU Commission has no adequate decision for transfers to the USA. However, where we use third-party providers in the USA, we have ensured that an adequate level of data protection is guaranteed and that the relevant agreements are entered into.

Automatic data processing when visiting our website

When you access our website, some data is collected and processed by our selected third-party providers on our behalf or us.

a) Log files
We log your website visit. In doing so, we process the following:

- Name(s) of our website(s) accessed,
- date and time of access,
- the amount of data transferred,
- the browser type and version,
- the operating system used by you
- the referrer URL (the previously visited website),
- your IP address,
-the requesting provider.

The legal basis for data processing is our overriding legitimate interest in our web site's ongoing provision and security in accordance with Art. 6 para. 1 f) GDPR. The log file is deleted after seven days unless necessary to prove or clarify specific legal violations that have become known within the retention period.

b) Hosting
To provide our website, we use the services of Webflow, which process the data mentioned above and all data to be processed in connection with our website on our behalf. The legal basis for data processing is our legitimate interest in providing our website in accordance with Art. 6 (1) f) GDPR.

c) Use of cookies
We use so-called cookies on our website. Cookies are small text files stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information, please refer to our Cookie Policy. The legal basis for the use of cookies is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR).

Data processing when you submit it to our website and when you use our services

When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.

a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, email address, and, if applicable, other information if you have provided it and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or our pre-contractual obligations, according to Art. 6 para. 1 b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 para. 1 f) GDPR.

b) Customer account
If you create a user account, you consent to store your account and log-in data (Email, username, password). This allows us to identify you as a user and will enable you to manage your account, use our services and manage your subscription. Your data will be processed based on your consent in accordance with Art. 6 (1) a) GDPR.

c) Data management and customer support
For optimal customer support, we use first name, last name, email address, and the data related to your contract with us. Your data may be stored on our website and/or our customer relationship management system ("CRM system"). This data processing is based on our legitimate interest in providing customer service in accordance with Art. 6 (1) f) GDPR.

d) Contract processing
We process your first name, last name, email address, and the data related to your contract with us to handle the contractual relationship between you and us. The legal basis for the data processing is the fulfillment of our contractual obligations pursuant to Art. 6 (1) b) GDPR and, in individual cases, the fulfillment of our legal obligations pursuant to Art. 6 (1) c) GDPR.

e) Software and platform services
We process the data of our clients and registered users, and any test users to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop them further. The required information is identified as such in the context of the order, purchase order, or comparable contract conclusion. It includes the information required for the provision of services and billing and contact information. Unless otherwise specified, the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration and response to requests, visit action evaluation, interest-based and behavioral marketing, and profiling. Further, if you test projects created by our users, we may collect both personal data and non-personal data based on your consent: User Session Details (IP, Device, OS, Screen size, Browser, and Other session data) and Video recordings of the prototype interaction through screen recording and we only record what you see inside the tab where they test the prototype.The legal basis for the data processing is the fulfillment of our contractual obligations according to Art. 6 (1) b) GDPR and, in individual cases, the fulfillment of our legal obligations according to Art. 6 (1) c) GDPR as well as your Consent Art. 6 (1) a) GDPR.

f) Processing of data for payments
If you make a purchase, your payment will be processed via the payment service provider Stripe, and payment will be processed through the payment system of Stripe. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service in accordance with Art. 6 (1) b) GDPR.

g) Processing of data for system notifications and messaging
By using our services, you are giving your consent to receiving system notifications and messages per Email. Those typically include administrative information about your account, activity, and marketing. We use Crisp IM SAS and MailChimp, a US Intuit Inc dispatch platform provider. The system notifications are designed to serve as reminders or helpful tips to enhance your experience on our website and to entice new and existing users. The legal bases are Art. 6 (1) b) GDPR to provide you with our services and Art. 6 (1) a) GDPR your consent.

Sharing, Storage and Retention and Security

a) Sharing with others
We will not sell your personal data to third parties, and we will only share this data with third parties if it is necessary for the performance of our contract with you, for analysis and marketing purposes, or to comply with legal obligations. Your personal data will only be passed on to third parties:if you have given your express consent to this in accordance with Art. 6 (1) a) GDPR;
if the disclosure is necessary for the fulfillment of contractual obligations pursuant to Art. 6 (1) b) GDPR;
if we are legally obligated to disclose the data in accordance with Art. 6 (1) c) GDPR; and/or
if the disclosure of the data is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests in the safety of your data override these interests in accordance with Art. 6 (1) f) GDPR.As mentioned above, once we engage third-party companies to process your personal data on our behalf, we will enter into a data processing agreement to ensure the same level of protection and confidentiality of your personal data. Besides those mentioned above in connection with the website, the following third-party service providers are used for our Software and platform services: AWS, Sentry, MongoDB Atlas (Infrastructure), Google Firebase (Authentication and Analytics), and Backblaze (Storage).

b) Storage and Retention
We will not retain your personal data for longer than is strictly necessary for the purposes for which your personal data is collected. We will only keep your personal data longer if we are required to do so by law. We retain personal data that we use for reporting, analysis, abuse prevention purposes, and statutory archiving obligations for up to 10 years after placing your order. We cannot remove your personal data from backups. However, if we make a recovery from a backup, we will promptly delete your personal data.

c) Security
We protect your data using state of the Art technical and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards, and procedures to ensure the highest level of administrative protection.In more detail to access our database, the user must be authorized, be challenged through a two-way authentication system, and use encryption. Also, removing Personal Data from our location is forbidden and difficult using a complex encryption system. We use advanced antivirus and anti-malware Software and up-to-date firewall protection. Moreover, authorized personnel must have a legitimate need to know interest, such as being your point of contact or service your user account.The data we collect from you may be stored, with appropriate technical and organizational security measures applied to it, on our servers. In all cases, we generally follow high data protection standards and advanced security measures to protect the personal data submitted to us during transmission and after receiving it.

Economic Analyses and Market Research

To run our business economically and identify market trends and customer and user wishes, we analyze the data available to us on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, and metadata, whereby the persons concerned include customers, interested parties, business partners, visitors, and users of the online offer. The analyses are conducted for business management evaluations, marketing, and market research.

In doing so, we may consider the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness to optimize our offer, and business efficiency and are not disclosed externally unless they are anonymous analyses with summarized values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user; otherwise, after two years from the conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Analysis / Marketing

Based on both your consent Art. 6 (1) a) GDPR when you first visit our website and our legitimate interest Art. 6 (1) f) GDPR, we use the following tools for analytics and marketing services. For further details, please also refer to our cookie policy.

a) Google Analytics
We use Google Analytics from Google Inc to evaluate your use of our website, to compile reports on the activities, and to provide other services related to the use of our website to improve the user experience. When Google Analytics is used, interactions of website visitors are primarily recorded and systematically evaluated with the help of cookies. The following data is processed through the use of Google Analytics:

- 3 bytes of the IP address of the called system of the website visitor (anonymized IP address),
- the website called up,
- the website from which the user reached the accessed page of our website (referrer),
- the subpages accessed from the website,
- the time spent on the website
- the frequency with which the website is accessed.

Google states that it will not associate your IP address with any other data held by Google. You can prevent the storage of cookies by setting your browser accordingly. You can also control the collection of the data generated by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link:

b) Google Tag Manager
We use Google Tag Manager, a web analytics service provided by Google Inc. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal Data is collected. The Google Tag Manager triggers other tags that may collect data, and the Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it remains in place for all tracking tags so far as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: This service transmits data to the USA.

c) Meta/Facebook Custom Audiences (Pixel/Cookies).
We use a so-called tracking pixel of Meta Platform (formerly Facebook) Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platform (previously Facebook) Inc. 1601, Willow Road Menlo Park, CA 94025, USA, on our website. We use Meta/Facebook Pixel to track the success of our own Facebook advertising campaigns and to optimize the playout of Meta/Facebook advertising campaigns to interested target groups.

After clicking on a Facebook ad or visiting our website, a cookie is stored on your device using the pixel on our website. The cookie processes data about whether you arrived at our website via a Facebook ad and allows us to analyze the user's behavior. This will enable us to track the success rate of our Facebook advertising campaigns. In addition, the pixel processes data about the fact that you have visited our website and allows us to customize the ads played on Facebook to your interests.

Via the Meta/Facebook Pixel cookie, a direct connection to Facebook's servers is established when you visit our website. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Facebook in the USA.

The data collected is anonymous for us and does not allow us to draw conclusions about the user. If you are registered with Facebook, Facebook can assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, Facebook can process and store your IP address and other identification data.

d) FullStory
We use the analysis service FullStory, of FullStory Inc, 120 Ottley Dr. NE Ste 100, Atlanta, GA 30324, USA, to analyze user behavior further. FullStory records information about website visitors' behavior, enabling us to improve the user's experience. In doing so, FullStory processes, among other things, information on clicks, mouse movements, inputs (except sensitive information), scrolling movements, browser used, device type, IP address, pages visited, and session duration.

You can revoke your consent for data processing at any time with effect for the future by using the following opt-out link:

What are your rights?

You have several rights; these rights are standardized in the GDPR and include the following:

- the right to information (Art. 15 GDPR),
- the right to rectification (Article 16 GDPR),
- the right to erasure (Article 17 GDPR),
- the right to restriction of data processing (Article 18 GDPR),
- the right to data portability (Article 20 GDPR),
- the right to object to data processing (Article 21 GDPR),
- the right to revoke any consent you have given (Art. 7 (3) GDPR), and
- the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal Data about another person, if you ask us to delete information that we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your Personal Data.

Don't hesitate to contact us anytime with questions and suggestions regarding data protection and to enforce your rights as a data subject. We encourage you to get in touch if you have concerns about how we collect or use your personal data. You do, however, also have the right to lodge a complaint directly with the National Data Protection Commission; their contact details are as follows: The National Supervisory Authority For Personal Data Processing 28-30 G-ral Gheorghe Magheru Bld., District 1, postcode 010336, Bucharest, Romania; Telephone number: +40318059211, Fax: +40318059602, Email;, Web:

Exercise of your data subject rights

If you have any questions regarding processing your personal data, if you wish to provide us with information, correct, block, object to, or delete data, or if you want to have your data transferred to another company, please get in touch with us.

Advertising and Marketing

Insofar as you have also given us your separate consent to process your data for consulting, marketing, and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent.

You may give us your consent in several ways, including selecting a box on a form where we seek your permission to send you marketing information. Sometimes, your consent is implied from your interactions or contractual relationship with us. Where your consent is indicated, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of Email but may also include other less traditional or emerging channels. These forms of contact will be managed by our contracted service providers or by us. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt-out).

Links to other providers

Our website also contains - clearly recognizable - links to other companies websites. Insofar as there are links to the websites of other providers, we do not influence their content. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the link time, and illegal contents were not identifiable at the link time. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Personal data and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Data Breaches/Notification

Databases or data sets that include Personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal data may have been compromised. The notice will be accompanied by a description of the action taken to reconcile any damage resulting from the data breach. Notifications will be provided as expeditiously as possible, after which the breach was discovered.


We reserve the right to adapt the privacy policy with effect for the future, particularly in the event of further development of the website, the use of new technologies or changes to the legal basis, or the relevant case law.

Questions or Comments

If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please get in touch with us using the following contact details:

Stejarului 38, Floresti, 407280, Cluj,