Privacy Policy

Last Updated: May 24, 2026

1. Introduction

This Privacy Policy explains how Stellar Synergy Labs S.R.L. ("Company", "we", "us", "our") collects, uses, and protects personal data when you access or use the Services.

We process personal data in accordance with:

Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR");
Romanian Law no. 190/2018 on measures implementing the GDPR;
Romanian Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (transposing the ePrivacy Directive 2002/58/EC); and
other applicable Romanian and EU law.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller for processing carried out via the Services is:

Stellar Synergy Labs S.R.L.
CUI: 54710198 · Trade Register: J2026032309001 · EUID: ROONRC.J2026032309001
Registered office: Str. Victoriei nr. 187, Bl. 8, Sc. 1, Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania
Privacy contact: [email protected] (please include subject prefix [Privacy])

We have not appointed a formal Data Protection Officer (DPO) because our core activities do not require us to do so under Article 37 GDPR. The contact above handles all privacy requests.

3. Nature of the Services

The Company provides software applications and technical infrastructure. The Services act as a neutral tool that allows you to connect to independent third-party providers.

The Company does not:

provide, host, or distribute media content;
monitor or analyse media content transmitted through user deployments;
access or control third-party providers used by you;
read the contents of user playlists or stream URLs except where strictly necessary for support requested by you.

4. Categories of Personal Data

4.1 Data you provide

email address (if provided);
account or device identifiers;
billing data submitted via our payment processor (we do not store full card details — see Section 9);
content of support communications.

4.2 Data collected automatically

IP address;
device identifiers (including UUID where applicable);
device model and basic technical information;
application usage data (errors, performance, security events);
authentication and security events;
limited configuration data strictly required for functionality.

This data is used only for operational, security, and abuse-prevention purposes.

4.3 Data we do not collect

media content (channels, video, audio);
video or audio streams transmitted by you;
third-party provider credentials supplied by you to those providers;
the substance of data transmitted between you and any third-party service you connect to.

5. Purposes of Processing

We process personal data only where necessary for:

providing and maintaining the Services;
account and device identification;
preventing fraud, abuse, and licence misuse;
enforcing licensing and usage limits;
system security, integrity, and availability;
diagnostics and reliability improvements;
responding to support requests;
compliance with legal obligations.

We do not use personal data for advertising, behavioural profiling, or cross-service tracking.

Purpose	Legal basis
Providing the Service you requested	Performance of a contract — Art. 6(1)(b) GDPR
Account / device identification	Performance of a contract — Art. 6(1)(b) GDPR
Fraud, abuse, and licence-misuse prevention	Legitimate interests — Art. 6(1)(f) GDPR
Security, integrity, diagnostics	Legitimate interests — Art. 6(1)(f) GDPR
Responding to support requests	Performance / legitimate interest — Art. 6(1)(b)/(f)
Legal and regulatory compliance	Legal obligation — Art. 6(1)(c) GDPR
Optional analytics or marketing (if any)	Consent — Art. 6(1)(a) GDPR

Where processing is based on legitimate interests, we have carried out a balancing test and concluded that our interests are not overridden by your fundamental rights and freedoms. You may request details of that assessment using the contact in Section 2.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in Section 5. Indicative retention periods:

Account data: for the duration of the account plus up to 24 months after closure, unless a longer period is required by law;
Billing and tax records: 10 years as required by Romanian accounting law (Law no. 82/1991 and the Romanian Fiscal Code);
Security and abuse-prevention logs: typically up to 12 months;
Support communications: typically up to 36 months.

Where full deletion is not possible (for example because we are legally required to retain certain records) we will restrict the data instead.

Subject to applicable law, you have the right to:

access the personal data we hold about you (Art. 15 GDPR);
rectify inaccurate or incomplete data (Art. 16 GDPR);
erase personal data ("right to be forgotten") (Art. 17 GDPR);
restrict processing (Art. 18 GDPR);
object to processing based on legitimate interests (Art. 21 GDPR);
data portability (Art. 20 GDPR);
withdraw consent at any time where processing is based on consent (Art. 7(3) GDPR);
not be subject to solely automated decisions with legal or similarly significant effects (Art. 22 GDPR) — we do not currently perform such automated decision-making.

To exercise these rights, contact us at [email protected] (subject prefix [Privacy]). We will respond without undue delay and in any event within one (1) month of receipt, in accordance with Article 12 GDPR. Requests may require identity verification.

You also have the right to lodge a complaint with the Romanian supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București Web: https://www.dataprotection.ro Email: [email protected]

If you reside in another EU/EEA Member State, you may instead lodge a complaint with your local supervisory authority.

We do not sell personal data. We share personal data only with service providers who act as processors on our behalf, under written data-processing agreements that meet the requirements of Article 28 GDPR, for example:

hosting and infrastructure providers;
payment processors (which collect and store payment-instrument data directly under their own controller status);
security, monitoring, and anti-abuse providers;
email-delivery providers used for transactional messages.

We may disclose personal data to authorities where required by law, court order, or to defend the Company's legal rights.

10. International Data Transfers

Where personal data is transferred outside the European Economic Area, we rely on one or more of the following safeguards in accordance with Chapter V GDPR:

adequacy decisions of the European Commission;
Standard Contractual Clauses adopted by the European Commission (Decision (EU) 2021/914);
supplementary technical and organisational measures (such as encryption in transit and at rest).

A copy of the relevant safeguards can be requested at [email protected].

11. Security

We implement appropriate technical and organisational measures required by Article 32 GDPR, including:

encryption in transit (HTTPS / TLS) and at rest where feasible;
access controls and least-privilege provisioning;
monitoring and logging;
regular review of our security posture.

No system is completely secure, but we take reasonable steps to protect personal data.

12. Personal Data Breach Notification

In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify ANSPDCP without undue delay and, where feasible, within 72 hours, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay, in accordance with Article 34 GDPR.

13. Children's Privacy

The Services are not directed at children under the age of 16 (the age limit under Romanian Law no. 190/2018, Art. 8, for information-society services offered directly to a child). We do not knowingly collect personal data from minors. If we become aware that we have collected such data, we will delete it without undue delay.

14. Changes to This Policy

This Privacy Policy may be updated from time to time. We will update the "Last updated" date and, where the change is material, take reasonable steps to bring it to your attention. Continued use of the Services after a change takes effect constitutes acceptance of the updated Policy.

15. Contact

For privacy-related questions or to exercise your rights:

Email: [email protected] (subject prefix [Privacy])
Post: Stellar Synergy Labs S.R.L., Str. Victoriei nr. 187, Bl. 8, Sc. 1, Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania