Privacy Policy Tukio App
Privacy Policy
Last updated: 16 August 2025
1. Data Controller
Synnexo Pax S.R.L. (Registration: J15/1309/2020)
Drumul Guliei no. 189i1, Samurcasi, Romania
Email: privacy.ro@tukio.eu
2. Data We Collect
2.1 Account Information- Email address (required for registration)
- Name and surname (optional)
- Phone number (optional)
- Profile preferences and settings
- Device type, operating system, and unique identifiers
- App usage patterns and feature interactions
- Error logs and performance metrics
- IP address and general location (country/region)
- Product Images: Photos taken for AI scanning (processed temporarily)
- QR Codes: Scanned for product identification
- Image Metadata: Technical information (timestamp, camera settings)
- Saved products and price alerts
- Shopping preferences and categories of interest
- Price comparison history
3. How We Use Your Data
3.1 Service Provision- AI Product Recognition: Images processed by Google Vertex AI/Gemini
- Price Comparison: Matching products across online retailers
- Personalized Recommendations: Based on your scanning and wishlist history
- Notifications: Price alerts and product availability updates
- Analyzing usage patterns to enhance AI accuracy
- Debugging and fixing technical issues
- Developing new features based on user behavior
- Fraud prevention and security monitoring
- Compliance with Romanian and EU regulations
- Responding to legal requests when required
4. Data Processing Legal Basis (GDPR)
- Contract Performance: Account management and core app functionality
- Legitimate Interest: Service improvement and security
- Consent: Marketing communications and optional features
- Legal Obligation: Compliance with Romanian and EU laws
5. Data Sharing and Third Parties
5.1 AI Processing Partners- Google Cloud AI: Image processing for product recognition
- Images processed temporarily, not stored permanently
- Subject to Google's privacy policies
- Data processed within EU/EEA when possible
- Product queries sent to partner retailers' APIs
- No personal data shared, only product information
- Aggregated usage statistics may be shared anonymously
- Supabase: Secure database hosting (EU-based)
- Analytics Providers: Anonymized usage statistics
- Email Service: For notifications and support communications
We may disclose data when required by:
- Romanian law enforcement
- EU regulatory authorities
- Court orders or legal processes
6. Data Security
6.1 Technical Measures- End-to-end encryption for data transmission
- Secure authentication and session management
- Regular security audits and penetration testing
- Access controls and monitoring systems
- Staff training on data protection
- Data minimization and retention policies
- Incident response procedures
- Regular privacy impact assessments
7. Data Retention
- Account Data: Retained while account is active + 2 years
- Product Images: Processed temporarily, deleted within 24 hours
- Usage Analytics: Anonymized after 12 months
- Legal Records: Retained as required by Romanian law
8. Your Rights Under GDPR
8.1 Access and Portability- Request copies of your personal data
- Export data in machine-readable format
- Access via app settings or email request
- Update inaccurate personal information
- Delete your account and associated data
- Right to be forgotten (with legal exceptions)
- Withdraw consent for marketing communications
- Object to automated decision-making
- Restrict processing in certain circumstances
- In-App: Profile settings and privacy controls
- Email: privacy.ro@tukio.eu
- Response Time: Within 30 days as required by GDPR
9. Cookies and Tracking
9.1 Essential Cookies- Authentication and session management
- Security and fraud prevention
- Core app functionality
- Usage patterns and feature adoption
- Performance monitoring and optimization
- Anonymized user behavior analysis
Manage cookie preferences through:
- App settings menu
- Browser settings for web components
- Opt-out links in email communications
10. International Data Transfers
- Primary data processing within EU/EEA
- Google AI services may process in US (adequacy decision)
- All transfers comply with GDPR Article 44-49
11. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from minors without parental consent.12. Changes to Privacy Policy
- Updates posted in-app with notification
- Material changes require new consent
- Previous versions available upon request
13. Data Protection Officer
For privacy-related questions:
- Email: privacy.ro@tukio.eu
- Address: Drumul Guliei no. 189i1, Samurcasi, Romania
14. Supervisory Authority
Romanian Data Protection Authority (ANSPDCP)
- Website: dataprotection.ro
- Email: anspdcp@dataprotection.ro
15. Contact Us
For questions about this Privacy Policy:
- Email: privacy.ro@tukio.eu
- Phone: +40 756 048 838
- Address: Drumul Guliei no. 189i1, Samurcasi, Romania