Skip to content

Privacy Policy

Last updated: 22 March 2026

This policy explains how IntReBit collects, uses, and protects your personal data when you use our website and CRM service. We believe in transparency: no tracking, no selling data, no surprises.

1. Who we are

IntReBit is a CRM platform for freelancers and small businesses, operated from Romania (EU). For any privacy-related questions, contact us at:

privacy@intrebit.com

2. What data we collect

We collect only what we need to provide the service. Here is what we process and why:

Account data

  • Name, email address, password (hashed)
  • Purpose: create and manage your account
  • Legal basis: performance of a contract (you sign up to use the service)

Company and business data

  • Company name, address, tax ID, industry
  • Purpose: configure your workspace and generate invoices
  • Legal basis: performance of a contract

Billing data

  • Payment method details, billing address, invoice history
  • Purpose: process payments and maintain financial records
  • Legal basis: performance of a contract and legal obligation (tax/accounting requirements)

CRM data you enter

  • Contacts, deals, notes, tasks, files, and any other data you store in the application
  • Purpose: provide the CRM service you signed up for
  • Legal basis: performance of a contract

Technical data

  • IP address, browser type, device info, pages visited
  • Purpose: security, abuse prevention, and basic service improvement
  • Legal basis: legitimate interests (keeping the service secure and functional)

Communication data

  • Emails and messages you send us via contact forms or support
  • Purpose: respond to your requests
  • Legal basis: legitimate interests (providing support) or performance of a contract

3. What we do not collect

  • No third-party tracking (no Google Analytics, no Facebook pixel, no ad networks)
  • No cross-site tracking or fingerprinting
  • No selling or renting of personal data, ever
  • No building of advertising profiles

4. Cookies

We use only strictly necessary cookies. These are essential for the application to function and do not require consent under GDPR:

  • Authentication cookie (JWT): keeps you logged in during your session
  • CSRF token: protects against cross-site request forgery attacks
  • Language preference: remembers your chosen interface language

We do not use advertising cookies, marketing cookies, or any form of tracking cookies. Because we only use essential cookies, no cookie consent banner is needed.

5. How we use your data

We use your data to:

  • Provide and maintain the CRM service
  • Process payments and send invoices
  • Send transactional emails (password resets, billing receipts, service notices)
  • Respond to support requests
  • Protect the service against abuse, fraud, and security threats
  • Comply with legal obligations (tax records, law enforcement requests)

We do not use your data for marketing unless you explicitly opt in. We never share your CRM data with other customers or third parties for their benefit.

6. Data retention

  • Account data: retained while your account is active and for 30 days after deletion (to allow recovery if you change your mind)
  • CRM data: retained while your account is active; deleted within 30 days of account deletion
  • Billing and invoice data: retained for 10 years after the transaction as required by Romanian and EU tax law
  • Technical/security logs: retained for up to 90 days
  • Support correspondence: retained for up to 2 years after resolution

7. Sub-processors

We use a small number of trusted service providers to operate IntReBit. Each processes data on our behalf under appropriate agreements:

  • Hetzner Online GmbH (Germany, EU) — server hosting and infrastructure
  • Stripe, Inc. (USA, with EU data processing) — payment processing
  • SMTP provider (EU) — transactional email delivery

We do not share your data with any other third parties unless required by law.

8. International data transfers

Your data is stored on servers located in Germany (EU), operated by Hetzner. All primary data processing happens within the European Union.

Stripe may process payment data in the United States under the EU-US Data Privacy Framework and Standard Contractual Clauses. No other data leaves the EU.

9. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Data portability — receive your data in a structured, machine-readable format
  • Restriction — ask us to limit processing in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

10. How to exercise your rights

You can exercise your rights in two ways:

  • In the application: use the account settings to export your data, update your information, or delete your account
  • By email: send a request to privacy@intrebit.com

We will respond to your request within 30 days. We may ask you to verify your identity before processing the request.

11. Data security

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest
  • Password hashing with modern algorithms
  • Regular security updates and monitoring
  • Access controls and audit logging
  • Automated backups with encryption

12. Data protection contact

For any questions about how we handle your data, or to exercise your rights, contact:

privacy@intrebit.com

13. Right to complain

If you believe we are not handling your data correctly, you have the right to lodge a complaint with a supervisory authority. In Romania, this is:

ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
Website: dataprotection.ro

You may also contact the supervisory authority in your country of residence.

14. Changes to this policy

We may update this policy from time to time. When we make significant changes, we will notify you by email or through the application. The "Last updated" date at the top reflects the most recent revision.