One of the core values of Dreamtter is security and efficiency – so we totally protect your data and we worship the ownership of our clients' personal data.
With this privacy policy we want to be fully transparent about data is processed while using our app Dreamtter. We want to create easy mechanisms to be informed about our processes in which your data is involved, to understand how to exercise your privacy rights and, where is possible, to manage your privacy choices.
We may update and amend this Policy periodically to reflect any changes in the way we process your personal data or any changes in legal requirements, so please check the contents of this document periodically.
Dreamtter does not and will not sell personal information. We only use the information that you give us and the public information received from social media platform when you sign in with your social media account.
We have analyzed, classified, and defined our processes and the necessary security level for each process. Thus, we will use personal information for defined purposes.
We want that our platform to be used worldwide. So, we consider and want to comply every privacy and security law.
Security is one of the most important values of our platform, so we invest in cybersecurity to protect the information, to prevent attacks on our platform and to assess the risks and vulnerabilities that may occur.
When our process is based on your consent, we will take all necessary measures to handle the legal mechanism to exercise it according to your will.
Dreamtter is the trade name of DREAMTTER S.R.L. (hereinafter "the Company"), a Romanian legal entity, with registered office in Cluj-Napoca, Aleea Valeriu Bologa, No. 3, Floor 2, Apartment 28, Cluj County, registered with ORCT Cluj under no. J12/2888/2023, with CUI 48440421, hereinafter referred to as Dreamtter or us.
From a personal data protection law perspective, we are a data controller as we determine the purposes and means of data processing and collect data directly from you.
We collect your personal data directly from you, unless you opt-in with your social media accounts, so you have control over the type of information provided to us. By way of example, we receive personal data in the following processes:
This personal information we collect when you:
We collect public information from social media platforms through API. You can access the links below to check which personal data is transferred by these platforms:
As a rule, we will store you for as long as you have an account in our app. You may request the deletion of information or the closure of your account at any time and we will comply with such requests subject to the retention of certain information even after account closure where required by applicable law or our legitimate interests.
To exercise your rights, you can contact us using the contact details above. Please note the following if you wish to exercise these rights:
Please send us your requests regarding such communications using the email address assigned to your Dreamtter account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
We will not charge you a fee to exercise any right in relation to your personal data, unless your request for access to information is unfounded, i.e. repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees charged before we process your request.
We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than one month.
Where appropriate, we may transmit or provide access to certain data to the following categories of recipients:
All your data will be stored on our servers, in European Union. By exception, data will be able to be transferred to IT providers outside the EEA, in the US, but we will endeavor to ensure that this type of transfer is to a limited number of such providers.
We will always take steps to ensure that any international transfer of data is carefully managed to manage your rights and interests.
Transfers to service providers and other third parties will always be protected by contractual agreements and, where appropriate, other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as the EU-U.S. Data Privacy Framework
We will take all reasonable steps to make sure that your personal data is handled securely and in line with this privacy policy and data protection laws.
If you would like more information, please contact us by sending an email to (….).
As we said before, we price security, integrity, availability of personal data. We use a variety of physical and technical measures to keep personal data safe and prevent data breaches. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.
We conducted risk assessments and security analyses prior to the start of development to identify potential threats and security needs.
Throughout the development of the application, we will conduct security reviews and tests to detect and remediate security issues prior to release.
We will use TLS (Transport Layer Security) to encrypt data transmitted between the application and the server. This ensures that data is protected against interception during transfer.
We will encrypt the data stored in our database. Encryption keys will be managed through a centralized key management system ensuring that they are only accessible to authorized personnel.
We will use checksums and hashes to verify data integrity. This allows us to detect unauthorized changes or data corruption.
We will limit access to databases and data storage systems by ensuring that only authorized personnel can modify data.
We will ensure that all API entries are properly validated to prevent injection attacks. We will use TLS to encrypt data transmitted through APIs. We will implement a system to monitor API activity to detect and respond quickly to suspicious or potentially malicious activity. When you use our services, which includes our social network accounts, we advise not to share any personal data that you don't want to be seen, collected or used because this information will become publicly available.
Despite the measures taken to protect your data, please note that the transmission of information over the Internet is not completely secure and there is a risk that data may be seen by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems that are not in our control.
This policy is effective from (…).