# Privacy Policy — Stellar Synergy Labs

**URL:** https://stellarsynergylabs.com/legal/privacy
**Markdown mirror:** https://stellarsynergylabs.com/legal/privacy.md
**Last Updated:** May 24, 2026

---

## 1. Introduction

This Privacy Policy explains how **Stellar Synergy Labs S.R.L.**
("Company", "we", "us", "our") collects, uses, and protects personal
data when you access or use the Services.

We process personal data in accordance with:

- **Regulation (EU) 2016/679** (the General Data Protection
  Regulation, or "GDPR");
- **Romanian Law no. 190/2018** on measures implementing the GDPR;
- **Romanian Law no. 506/2004** on the processing of personal data
  and the protection of privacy in the electronic communications
  sector (transposing the ePrivacy Directive 2002/58/EC); and
- other applicable Romanian and EU law.

By using the Services, you acknowledge that you have read and
understood this Privacy Policy.

## 2. Data Controller

The data controller for processing carried out via the Services is:

- **Stellar Synergy Labs S.R.L.**
- **CUI:** 54710198 · **Trade Register:** J2026032309001 · **EUID:**
  ROONRC.J2026032309001
- **Registered office:** Str. Victoriei nr. 187, Bl. 8, Sc. 1,
  Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania
- **Privacy contact:** [support@stellarsynergylabs.com](mailto:support@stellarsynergylabs.com)
  (please include subject prefix `[Privacy]`)

We have not appointed a formal Data Protection Officer (DPO) because
our core activities do not require us to do so under Article 37
GDPR. The contact above handles all privacy requests.

## 3. Nature of the Services

The Company provides software applications and technical
infrastructure. The Services act as a neutral tool that allows you
to connect to independent third-party providers.

**The Company does not:**

- provide, host, or distribute media content;
- monitor or analyse media content transmitted through user
  deployments;
- access or control third-party providers used by you;
- read the contents of user playlists or stream URLs except where
  strictly necessary for support requested by you.

## 4. Categories of Personal Data

### 4.1 Data you provide

- email address (if provided);
- account or device identifiers;
- billing data submitted via our payment processor (we do not store
  full card details — see Section 9);
- content of support communications.

### 4.2 Data collected automatically

- IP address;
- device identifiers (including UUID where applicable);
- device model and basic technical information;
- application usage data (errors, performance, security events);
- authentication and security events;
- limited configuration data strictly required for functionality.

This data is used only for operational, security, and
abuse-prevention purposes.

### 4.3 Data we do **not** collect

- media content (channels, video, audio);
- video or audio streams transmitted by you;
- third-party provider credentials supplied by you to those
  providers;
- the substance of data transmitted between you and any third-party
  service you connect to.

## 5. Purposes of Processing

We process personal data only where necessary for:

- providing and maintaining the Services;
- account and device identification;
- preventing fraud, abuse, and licence misuse;
- enforcing licensing and usage limits;
- system security, integrity, and availability;
- diagnostics and reliability improvements;
- responding to support requests;
- compliance with legal obligations.

We do **not** use personal data for advertising, behavioural
profiling, or cross-service tracking.

## 6. Legal Bases for Processing (GDPR Art. 6)

| Purpose                                    | Legal basis                                              |
| ------------------------------------------ | -------------------------------------------------------- |
| Providing the Service you requested        | Performance of a contract — Art. 6(1)(b) GDPR            |
| Account / device identification            | Performance of a contract — Art. 6(1)(b) GDPR            |
| Fraud, abuse, and licence-misuse prevention| Legitimate interests — Art. 6(1)(f) GDPR                 |
| Security, integrity, diagnostics           | Legitimate interests — Art. 6(1)(f) GDPR                 |
| Responding to support requests             | Performance / legitimate interest — Art. 6(1)(b)/(f)     |
| Legal and regulatory compliance            | Legal obligation — Art. 6(1)(c) GDPR                     |
| Optional analytics or marketing (if any)   | Consent — Art. 6(1)(a) GDPR                              |

Where processing is based on legitimate interests, we have carried
out a balancing test and concluded that our interests are not
overridden by your fundamental rights and freedoms. You may request
details of that assessment using the contact in Section 2.

## 7. Data Retention

We retain personal data only as long as necessary for the purposes
described in Section 5. Indicative retention periods:

- **Account data:** for the duration of the account plus up to 24
  months after closure, unless a longer period is required by law;
- **Billing and tax records:** **10 years** as required by Romanian
  accounting law (Law no. 82/1991 and the Romanian Fiscal Code);
- **Security and abuse-prevention logs:** typically up to 12 months;
- **Support communications:** typically up to 36 months.

Where full deletion is not possible (for example because we are
legally required to retain certain records) we will restrict the
data instead.

## 8. Your Rights under the GDPR

Subject to applicable law, you have the right to:

- **access** the personal data we hold about you (Art. 15 GDPR);
- **rectify** inaccurate or incomplete data (Art. 16 GDPR);
- **erase** personal data ("right to be forgotten") (Art. 17 GDPR);
- **restrict** processing (Art. 18 GDPR);
- **object** to processing based on legitimate interests (Art. 21
  GDPR);
- **data portability** (Art. 20 GDPR);
- **withdraw consent** at any time where processing is based on
  consent (Art. 7(3) GDPR);
- **not be subject to solely automated decisions** with legal or
  similarly significant effects (Art. 22 GDPR) — we do not currently
  perform such automated decision-making.

To exercise these rights, contact us at
[support@stellarsynergylabs.com](mailto:support@stellarsynergylabs.com)
(subject prefix `[Privacy]`). We will respond without undue delay
and in any event within one (1) month of receipt, in accordance with
Article 12 GDPR. Requests may require identity verification.

You also have the right to lodge a complaint with the Romanian
supervisory authority:

> **Autoritatea Națională de Supraveghere a Prelucrării Datelor cu
> Caracter Personal (ANSPDCP)**
> B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București
> Web: [https://www.dataprotection.ro](https://www.dataprotection.ro)
> Email: anspdcp@dataprotection.ro

If you reside in another EU/EEA Member State, you may instead lodge
a complaint with your local supervisory authority.

## 9. Data Sharing and Processors

We do not sell personal data. We share personal data only with
service providers who act as **processors** on our behalf, under
written data-processing agreements that meet the requirements of
Article 28 GDPR, for example:

- hosting and infrastructure providers;
- payment processors (which collect and store payment-instrument
  data directly under their own controller status);
- security, monitoring, and anti-abuse providers;
- email-delivery providers used for transactional messages.

We may disclose personal data to authorities where required by law,
court order, or to defend the Company's legal rights.

## 10. International Data Transfers

Where personal data is transferred outside the European Economic
Area, we rely on one or more of the following safeguards in
accordance with Chapter V GDPR:

- **adequacy decisions** of the European Commission;
- **Standard Contractual Clauses** adopted by the European
  Commission (Decision (EU) 2021/914);
- supplementary technical and organisational measures (such as
  encryption in transit and at rest).

A copy of the relevant safeguards can be requested at
[support@stellarsynergylabs.com](mailto:support@stellarsynergylabs.com).

## 11. Security

We implement appropriate technical and organisational measures
required by Article 32 GDPR, including:

- encryption in transit (HTTPS / TLS) and at rest where feasible;
- access controls and least-privilege provisioning;
- monitoring and logging;
- regular review of our security posture.

No system is completely secure, but we take reasonable steps to
protect personal data.

## 12. Personal Data Breach Notification

In the event of a personal data breach likely to result in a risk to
the rights and freedoms of natural persons, we will notify ANSPDCP
without undue delay and, where feasible, within 72 hours, in
accordance with Article 33 GDPR. Where the breach is likely to
result in a high risk, we will also notify affected individuals
without undue delay, in accordance with Article 34 GDPR.

## 13. Children's Privacy

The Services are not directed at children under the age of **16**
(the age limit under Romanian Law no. 190/2018, Art. 8, for
information-society services offered directly to a child). We do
not knowingly collect personal data from minors. If we become aware
that we have collected such data, we will delete it without undue
delay.

## 14. Changes to This Policy

This Privacy Policy may be updated from time to time. We will update
the "Last updated" date and, where the change is material, take
reasonable steps to bring it to your attention. Continued use of the
Services after a change takes effect constitutes acceptance of the
updated Policy.

## 15. Contact

For privacy-related questions or to exercise your rights:

- **Email:** [support@stellarsynergylabs.com](mailto:support@stellarsynergylabs.com)
  (subject prefix `[Privacy]`)
- **Post:** Stellar Synergy Labs S.R.L., Str. Victoriei nr. 187,
  Bl. 8, Sc. 1, Et. P, Ap. 5, Băilești, Dolj County, 205100, Romania