Privacy Policy

Draft — pending legal review.

[NEEDS LEGAL REVIEW] Transfero ("we", "us") is the data controller for personal data processed through this platform. This page explains what we collect, why, and how to exercise your rights under the GDPR.

What we collect

[NEEDS LEGAL REVIEW] Account data (name, email, role); profile data (DOB, nationality, position, photos, videos, biographical text); verification documents (identity papers, role-specific credentials); messages and attachments you send to other users; technical data (IP address — hashed for rate-limiting only — device type, language preference).

Legal basis

[NEEDS LEGAL REVIEW] Performance of contract for account/profile data; consent for telemetry and non-essential cookies; legal obligation for verification records; legitimate interest for abuse prevention.

Processors and third countries

[NEEDS LEGAL REVIEW] We use Supabase (database, auth, storage), Vercel (hosting), Sentry (error monitoring, EU region), Resend (transactional email, US — Standard Contractual Clauses in place), and Google (OAuth sign-in, US — SCCs).

Retention

[NEEDS LEGAL REVIEW] Identity verification documents are deleted 30 days after the verification decision. Account data is retained while your account is active. After deletion, signed contracts are retained for up to 7 years to satisfy legal record-keeping obligations.

Your rights

[NEEDS LEGAL REVIEW] You may access, rectify, export, or delete your personal data, restrict processing, or object to processing. Use the controls in your account settings or contact us. You may lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).

Contact

[NEEDS LEGAL REVIEW] Email privacy@[domain].