Home/GDPR Compliance

GDPR Compliance

Our commitment to protecting your personal data and ensuring full compliance with EU data protection regulations.

Last updated: December 2025

Our Commitment

Tech Insider SRL, operating as Aviz to Excel, is committed to protecting your personal data and ensuring full compliance with the General Data Protection Regulation (GDPR). As a Romanian company serving EU customers, we adhere to the highest standards of data protection and implement privacy by design principles in all aspects of our document processing service.

We process your documents solely for data extraction purposes. We never use your data to train AI models, and uploaded files are automatically deleted within 24 hours.

Data Controller vs. Data Processor

Under GDPR, Aviz to Excel operates in two capacities:

As Data Controller

We are the data controller for personal data we collect directly from you, including:

  • Account information (email address, company name)
  • Billing and payment data
  • Usage data and analytics

As Data Processor

When you upload documents for processing, you remain the data controller for any personal data contained within those documents. We act as your data processor under GDPR Article 28, processing data only according to your instructions for the purpose of data extraction.

Your Data Rights

Under GDPR, you have comprehensive rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you. We provide this information in a structured, commonly-used format within 30 days.

Right to Rectification

Request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data. We will comply unless we have a legal obligation to retain the data (such as tax records). Account deletion requests are processed within 30 days.

Right to Data Portability

Export your data at any time in machine-readable formats:

  • Excel (.xlsx)
  • CSV
  • JSON

Right to Restriction

Request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Object

Object to processing of your personal data where we rely on legitimate interest as the legal basis. We will stop processing unless we have compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

How to Exercise Your Rights

Contact us at support@digital-docs.ro. We will verify your identity and respond within 30 days. Complex requests may be extended by an additional 60 days with notice.

Data Processing Agreement

When you use Aviz to Excel to process documents, the following terms govern our relationship as your data processor under GDPR Article 28:

Our Obligations

  • Process data only according to your documented instructions
  • Ensure confidentiality of all personnel handling your data
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to data subject requests
  • Delete or return all data upon termination of service
  • Make available information necessary to demonstrate compliance
  • Allow for and contribute to audits conducted by you or your auditor

Sub-processors

We use the following sub-processors to deliver our service. All are bound by Data Processing Agreements:

Microsoft Azure — OCR processing via Azure AI Document Intelligence. Privacy Policy

Amazon Web Services — Document analysis via Amazon Textract. Data Protection

OpenRouter — AI data extraction via Claude 3.5 Sonnet. Privacy Policy

Supabase — Authentication, database, and file storage (EU servers). Privacy Policy

Firebase — Application hosting on European data centers. Privacy Policy

Stripe — Payment processing (PCI-DSS Level 1). Privacy Policy

Security Measures

We implement comprehensive technical and organizational measures to protect your data:

Technical Measures

  • Encryption in transit using TLS 1.3
  • Encryption at rest using AES-256
  • Role-based access control with least-privilege principles
  • Automatic deletion of uploaded documents within 24 hours
  • Secure infrastructure hosted in EU data centers
  • Regular security assessments and penetration testing
  • Encrypted backups with tested recovery procedures

Organizational Measures

  • Data protection training for all personnel
  • Documented security policies and procedures
  • Incident response and breach notification procedures
  • Regular compliance reviews and updates

Data Retention

Data TypeRetention PeriodLegal Basis
Uploaded documents24 hours (auto-deleted)Contractual necessity
Extracted dataSubscription + 30 daysContractual necessity
Account informationActive + 12 monthsLegitimate interest
Billing records10 yearsLegal obligation (Romanian tax law)
Usage logs12 monthsLegitimate interest

Cookie Policy

We use only strictly necessary cookies required for the operation of our service:

Essential Cookies (No Consent Required)

  • Authentication cookies to keep you logged in securely
  • Security cookies to protect against CSRF attacks
  • Session cookies to maintain your session state

What We Do Not Use

  • No analytics or tracking cookies
  • No advertising cookies
  • No third-party marketing cookies

Because we only use strictly necessary cookies, we do not require a cookie consent banner under GDPR and ePrivacy Directive.

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When data transfer outside the EEA is necessary for service delivery, we ensure compliance through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Transfer Impact Assessments documenting appropriate safeguards

Data Breach Response

In the event of a personal data breach, we will:

  • Notify the Romanian Data Protection Authority (ANSPDCP) within 72 hours if the breach poses a risk to individuals
  • Inform affected users without undue delay if the breach poses a high risk to their rights and freedoms
  • Document all breaches and remediation actions taken
  • Conduct post-incident analysis to prevent future occurrences

EU Data Act Compliance

In accordance with the EU Data Act (effective September 2025), we ensure:

  • Switching Rights — Cancel your subscription with reasonable notice
  • Data Portability — Export your data in standard formats (Excel, CSV, JSON) at any time
  • No Vendor Lock-in — We support transferring your data to alternative providers
  • Fair Contractual Terms — No unfair terms limiting your data rights

Supervisory Authority

Our supervisory authority is the Romanian Data Protection Authority:

ANSPDCP

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, România

Phone: +40.318.059.211

dataprotection.ro

You have the right to lodge a complaint with ANSPDCP if you believe your data protection rights have been violated.

Contact

For questions about our GDPR compliance or to exercise your data rights, contact us:

Tech Insider SRL — Aviz to Excel

Our team is here to help with any privacy concerns

support@digital-docs.ro
Privacy PolicyTerms of ServiceGDPR Compliance