Privacy Policy

The website operator is SoulHubs SRL, a Romanian legal entity registered under VAT number RO 13617696, with a registered office at Calarasilor 21, 410197 Oradea, Romania. For any data-protection questions, contact us at office@soulhubs.com.

Data you provide directly: name, email address, billing/shipping address, phone number (if you provide it), messages sent through the contact form.

Payment data: processed exclusively by Stripe. We do not store or see your full card details — only the transaction identifier and payment status.

Automatically collected data: IP address, device and browser type, pages visited, time spent on the site, referrer pages. This data is anonymous and used in aggregate.

Cookies: see the dedicated section below.

Performance of a contract (Art. 6(1)(b) GDPR): processing orders, delivering products, responding to your questions, providing the services you have booked.

Legal obligation (Art. 6(1)(c) GDPR): invoicing, retention of accounting records (10 years), tax reporting.

Legitimate interest (Art. 6(1)(f) GDPR): website security, fraud prevention, improving the user experience.

Consent (Art. 6(1)(a) GDPR): for optional cookies (analytics, marketing) and newsletter, where applicable.

Order data and invoices: 10 years, in line with Romanian accounting law.

Contact-form data: maximum 3 years from your last interaction.

Cookies: see the duration for each category in the cookie section.

After these periods, data is deleted or anonymised.

Stripe Payments Europe Ltd. (Ireland) — online payment processing.

Supabase Inc. (USA, under Standard Contractual Clauses) — database storage and authentication.

Hosting provider (Cloudflare Workers / Lovable) — application hosting.

Email-service providers (for order confirmations).

Public authorities, where we have a legal obligation to disclose (ANAF, courts, etc.).

We do not sell your data and do not pass it to third parties for marketing purposes.

Some processors (Stripe, Supabase, Cloudflare) may process data outside the European Economic Area. These transfers happen only under Standard Contractual Clauses approved by the European Commission or other lawful safeguards.

Under GDPR, you have the following rights:

• Right of access — to know what data we hold about you.

• Right to rectification — to correct inaccurate data.

• Right to erasure ("right to be forgotten") within legal limits.

• Right to restriction of processing in certain cases.

• Right to data portability — to receive your data in a structured format.

• Right to object to processing based on legitimate interest.

• Right to withdraw consent at any time (with no retroactive effect).

To exercise these rights, write to office@soulhubs.com. We reply within 30 days at most.

You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP), www.dataprotection.ro.

We use essential cookies (authentication, cart, language preference) to run the site. These do not require consent.

Optional cookies (analytics and marketing) only load if you accept them via the consent banner. You can revisit your decision at any time from the "Manage preferences" link in the footer.

We apply appropriate technical and organisational measures (HTTPS, password hashing, access controls, backups) to protect your data. No system is 100% secure — any incident will be notified to you in line with GDPR.

We may update this policy. The current version is always shown on this page, with the date of the last update.