Privacy Policy

1. Introduction

AOVANCY ("we," "our," or "us") operates the AOVANCY platform, a creator monetization infrastructure that enables creators to build and sell digital products. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our services. By accessing or using the platform, you agree to the terms described in this policy.

AOVANCY acts as the Data Controller for personal data processed through this platform. As a company operating under Romanian law and subject to the General Data Protection Regulation (GDPR), we are committed to protecting your privacy and processing your data lawfully, fairly, and transparently.

2. Information We Collect

We collect the following categories of personal data:

• Account data: your name, email address, and profile information provided during registration.
• Usage data: pages visited, features used, device information, IP addresses, and browser type, collected automatically as you interact with the platform.
• Payment data: billing details and transaction history processed through Stripe. We do not store full card numbers on our servers.
• Referral data: referral codes used at signup, referral relationships (which creator referred which), and referral earnings records associated with transactions.
• Marketing and campaign data: UTM parameters (source, medium, campaign name) appended to product links when using the Marketing Hub. These are stored as part of order metadata to help creators understand which channels drive their sales.
• Consent records: timestamps and details of consent actions you take on the platform (e.g., accepting terms and conditions, cookie preferences, digital content waiver at checkout), retained for compliance and audit purposes.
• Content reports and complaints: information you submit when reporting content or filing a complaint, including your description of the issue and any supporting details.

3. How We Use Your Information

We use your information to deliver and maintain the AOVANCY platform, including account management, product hosting, payment processing, and payout calculation. We may communicate with you regarding service updates, security alerts, and promotional content relevant to your account. We also use aggregated and anonymized analytics data to improve our services, optimize platform performance, and understand how users interact with our features.

4. Sub-Processors and Third-Party Services

In accordance with Article 28 of the GDPR, we have entered into Data Processing Agreements (DPAs) with each sub-processor that handles personal data on our behalf. The following sub-processors are currently engaged:

For detailed information about our data processing arrangements, including the specific obligations and safeguards in place, please see our Data Processing Agreements page.

5. International Data Transfers

Some of our sub-processors are based in the United States. When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through one or more of the following mechanisms:

• EU-US Data Privacy Framework (DPF): where the sub-processor is certified under the EU-US Data Privacy Framework, as recognized by the European Commission's adequacy decision of July 10, 2023.
• Standard Contractual Clauses (SCCs): where applicable, we use the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as an additional or alternative safeguard.

You may request a copy of the relevant transfer safeguards by contacting us at hello@aovancy.com.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention and financial record-keeping. Specific retention periods include:

• Financial records: retained for 10 years as required by Romanian fiscal legislation.
• Consent records: retained for 5 years after the consent action for audit and compliance purposes.
• Content reports: retained for 3 years in accordance with DSA record-keeping obligations.

Anonymized and aggregated data may be retained indefinitely for analytics purposes.

7. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access (Art. 15): you may request a copy of the personal data we hold about you and information about how it is processed.
• Right to rectification (Art. 16): you may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): you may request deletion of your personal data where there is no legitimate reason for us to continue processing it.
• Right to restriction of processing (Art. 18): you may request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): you may request your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): you may object to processing based on legitimate interests, including direct marketing.
• Rights related to automated decision-making (Art. 22): you have the right not to be subject to decisions made solely through automated processing that produce significant effects concerning you.

To exercise any of these rights, please contact us at hello@aovancy.com. We will respond within 30 days of receiving your request. We may ask you to verify your identity before processing your request.

8. GDPR — Lawful Basis for Processing

We process your personal data on the following lawful bases under Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)): processing necessary to provide you with the services you have signed up for, including account management, product delivery, and payment processing.
• Legal obligation (Art. 6(1)(c)): processing required to comply with legal obligations, including financial record-keeping under Romanian fiscal law and content moderation obligations.
• Legitimate interests (Art. 6(1)(f)): processing for platform security, fraud prevention, referral program operation, and aggregated analytics to improve the service.
• Consent (Art. 6(1)(a)): processing for marketing communications and non-essential cookies (analytics), where you have opted in. You may withdraw consent at any time by contacting us, using the unsubscribe link in any marketing email, or adjusting your cookie preferences via the cookie settings accessible from the bottom of every page.

You have the right to lodge a complaint with the Romanian data protection supervisory authority, ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal), at www.dataprotection.ro, if you believe your data protection rights have been violated.

9. Cookies and Tracking

AOVANCY uses cookies and similar technologies on this platform. In compliance with the ePrivacy Directive (2002/58/EC) and Romanian transposing legislation, we obtain your consent before setting any non-essential cookies. You can manage your preferences at any time through the cookie consent banner or by clicking "Cookie Settings" in the footer of any page.

Categories of Cookies

Disabling analytics or marketing cookies does not affect platform functionality. Essential cookies cannot be disabled as they are required for the platform to operate correctly.

10. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS 1.2+) and at rest, secure authentication protocols, role-based access controls, rate limiting on sensitive operations, and regular security audits. While we take reasonable precautions to safeguard your data, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

The AOVANCY platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of any material changes by posting the updated policy on this page, updating the "Last updated" date, and sending a notification to registered users at least 15 days before changes take effect. Your continued use of the platform after any changes constitutes your acceptance of the revised policy.

13. Contact Us

For general platform support or account-related questions, please contact our support team at support@aovancy.com. For questions, concerns, or requests specifically regarding this Privacy Policy or our data practices — including exercising your rights under GDPR — please contact us at hello@aovancy.com. We will respond within 30 days. We do not currently designate a separate Data Protection Officer; hello@aovancy.com is the appropriate contact for all data protection matters.

Related Legal Documents

• Terms & Conditions
• GDPR Compliance
• Data Processing Agreements
• Withdrawal Policy
• Accessibility Statement