Privacy Policy for YUBA

Effective Date: April 7, 2025

Introduction and Purpose

COMPLETE COMMUNICATION PROVIDER S.R.L. ("we," "our," "us," or "Yuba"), with headquarters at Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152, Oradea, Bihor County, Romania, VAT Registration Number RO45954142, registered at the Trade Registry under no. J05/962/2022, legally represented by administrator Cristian Maier, is committed to protecting the privacy and security of your personal information.

This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our drag-and-drop ERP platform ("Yuba" or the "Service"). Our platform is designed to make sophisticated business management accessible and effective for SMEs, without the typical complexity and high costs associated with traditional ERP systems.

We respect your privacy rights and are committed to transparency in how we handle your personal information. This policy applies to all personal data processed by us, regardless of how it is collected.

Types of Personal Information Collected

We collect the following types of personal information in the course of providing our Service:

Standard Personal Information

  • Contact Information: First and last name, title, position, employer, company email address, phone number, physical business address
  • Account Information: User ID, password (encrypted), account settings and preferences
  • Professional Information: Job title, department, role within the organization
  • Usage Data: Information about how you use our Service, including login times, actions taken, pages visited, and features used

Optional Personal Information

  • Professional life data: Education, professional experience, work history
  • Personal life data: If provided for customer support or profile information

Sensitive Personal Information

We generally do not collect or process special categories of personal data (sensitive personal information) unless you specifically provide it or the processing is necessary for compliance with legal obligations. If your organization chooses to use the Yuba platform to process sensitive personal information, the responsibility for compliance with applicable data protection laws regarding such information rests with your organization as the data controller.

How Personal Information is Collected

We collect personal information through various channels:

Direct Collection

  • When you register for an account
  • When you fill out forms on our platform
  • When you contact our customer support
  • When you subscribe to our newsletter
  • When you participate in surveys or provide feedback
  • When you use our Service to create ERP solutions or workflows

Automated Collection

  • Through cookies and similar technologies on our website
  • Through analytics tools to track Service usage
  • Through our mobile applications (if applicable)
  • Through server logs and other automated system recording

Third-Party Sources

  • From your employer or organization when they implement our Service
  • From business partners with whom you have agreed to share your information
  • From publicly available sources for business contact information

Use of Personal Information

We use your personal information for the following purposes:

Providing and Managing the Service

  • Setting up and maintaining your account
  • Authenticating your identity when you log in
  • Providing customer support and responding to your inquiries
  • Processing and fulfilling your requests
  • Customizing your experience on our platform
  • Allowing you to create and customize ERP solutions

Business Operations

  • Billing and payment processing
  • Sending administrative notifications about the Service
  • Communicating about updates, security alerts, and support
  • Analyzing usage patterns to improve our Service
  • Developing new features and functionalities

Marketing and Communication

  • Sending marketing communications if you have opted in
  • Conducting surveys and collecting feedback
  • Providing information about related products and services
  • Inviting you to events or webinars

Legal and Compliance

  • Complying with legal obligations
  • Enforcing our Terms of Service
  • Protecting our rights, privacy, safety, or property
  • Responding to lawful requests from public authorities

Legal Basis for Processing (for EU/Romanian Users)

Under the GDPR, we process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary for the performance of our contract with you or your organization
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing necessary to comply with our legal obligations
  • Consent: Where you have provided specific consent for processing

Sharing of Personal Information

We may share your personal information with the following categories of recipients:

Service Providers

  • Cloud hosting providers that store our databases
  • Payment processors for billing purposes
  • Customer support tools and services
  • Analytics providers to help us understand Service usage
  • Marketing and communication service providers (for those who opt in)

Corporate Affiliates

  • Subsidiaries, parent companies, or affiliates for purposes consistent with this Privacy Policy

Business Transfers

  • In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy

Legal Requirements

  • To comply with applicable laws or regulations
  • In response to a subpoena, court order, or legal process
  • To protect our rights, privacy, safety, or property
  • To detect, prevent, or address fraud and security issues

With Your Consent

  • When you explicitly consent to the sharing of your information
  • When you direct us to share your information with third parties

International Data Transfers

We may transfer your personal information to countries outside the European Economic Area (EEA) or Switzerland, including to the United States. When we transfer personal data outside these regions, we implement appropriate safeguards in accordance with applicable data protection law, including:

  • EU-US Data Privacy Framework certification (which we are planning to obtain)
  • Standard Contractual Clauses approved by the European Commission
  • Implementation of appropriate technical and organizational measures

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal information:

Technical Measures

  • Encryption of personal data both in transit and at rest
  • Secure authentication mechanisms with multi-factor authentication options
  • Regular security testing and vulnerability assessments
  • Firewall protection and intrusion detection systems
  • Regular backups and disaster recovery procedures
  • Access controls and permission management

Organizational Measures

  • Employee training on data protection and security
  • Confidentiality obligations for employees and contractors
  • Access to personal data limited to authorized personnel
  • Data protection impact assessments for high-risk processing
  • Incident response procedures for potential data breaches
  • Regular review and update of security policies and practices

Data Retention Period

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Retention Criteria

  • Active Accounts: We retain personal information for as long as you maintain an active account with us
  • Inactive Accounts: After a period of inactivity (typically 12 months), we may anonymize or delete account information
  • Legal Requirements: We may retain specific information to comply with legal obligations
  • Business Operations: Information needed for business records or tax purposes

Deletion Process

When personal information is no longer necessary, we will securely delete or anonymize it. If your organization terminates its contract with us, we will:

  • Return all customer data to your organization upon request
  • Delete or anonymize personal data after a defined period following contract termination (typically 90 days, unless a different period is specified in our agreement)

User Rights

For EU/Romanian Users (GDPR)

As a data subject in the European Union or Romania, you have the following rights:

  • Right to Access: You can request information about what personal data we process about you and receive a copy of that data
  • Right to Rectification: You can request correction of inaccurate personal data or completion of incomplete data
  • Right to Erasure ("right to be forgotten"): You can request deletion of your personal data in certain circumstances
  • Right to Restriction of Processing: You can request limitation of processing in certain cases
  • Right to Data Portability: You can request a machine-readable copy of your data to transfer to another service
  • Right to Object: You can object to processing based on legitimate interests, including profiling, and for direct marketing
  • Rights related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing that produces legal effects

For US Users (CCPA)

If you are a California resident, you have the following rights:

  • Right to Know: You can request information about what personal information we collect, use, disclose, and sell
  • Right to Delete: You can request deletion of your personal information that we maintain
  • Right to Opt-Out: You can opt-out of the sale of your personal information (though we currently do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA

How to Exercise Your Rights

To exercise any of these rights, please contact us at legal@yuba.app or by phone at +40743009125. We will respond to your request within one month (or within the timeframe required by applicable law).

For verification purposes, we may request additional information to confirm your identity before fulfilling your request.

Cookies Policy

Our Service uses cookies and similar technologies to enhance your experience and collect information about your usage patterns:

Types of Cookies We Use

  • Essential Cookies: Required for the basic functionality of our website and services. These cookies are necessary for you to browse the website and use its features, such as accessing secure areas of the site.
  • Functional Cookies: Enable enhanced functionality and personalization. These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced features.
  • Analytics Cookies: Help us understand how visitors interact with our Service by collecting and reporting information anonymously. We use this information to improve how our website works.
  • Marketing Cookies: Used to track visitors across websites and display relevant ads (only if you opt in). These cookies track your browsing habits to deliver advertising relevant to your interests.

Managing Cookie Preferences

You can control and manage cookies in various ways:

  • Browser Settings: Most browsers allow you to manage cookie settings. These settings are usually found in the "options" or "preferences" menu of your browser.
  • Opt-Out Tools: You can opt out of some third-party cookies through the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) opt-out page.
  • Preference Center: You can manage your cookie preferences through our cookie consent banner when you first visit our site.

Please note that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Data Privacy Framework Compliance

EU-US Data Privacy Framework

COMPLETE COMMUNICATION PROVIDER S.R.L. is planning to comply with the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States.

We are working toward certification to the Department of Commerce that we adhere to the Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

For more information about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you as required by applicable law, which may include:

  • Posting the updated Privacy Policy on our website
  • Sending an email notification to the address associated with your account
  • Displaying a notice when you log in to our Service

We encourage you to review our Privacy Policy periodically to stay informed about our data practices. The "Effective Date" at the top of this policy indicates when it was last updated.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

COMPLETE COMMUNICATION PROVIDER S.R.L. Address: Gen. Gheorghe Magheru Street, No. 21, Building 21, Apartment 152, Oradea, Bihor County, Romania Email: legal@yuba.app Phone: +40743009125

Children's Privacy

Our Service is designed for businesses and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

Additional Considerations for Romania (GDPR)

Data Controller Information

COMPLETE COMMUNICATION PROVIDER S.R.L. acts as the data controller for personal information processed in connection with our Service. Our contact details are provided in the "Contact Information" section above.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information infringes applicable data protection laws. The competent supervisory authority in Romania is:

The National Supervisory Authority For Personal Data Processing Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, BucureČ™ti, 010336, Romania Phone: +40.318.059.211 Email: anspdcp@dataprotection.ro Website: www.dataprotection.ro

Representation in the EU

As we are established in Romania, which is part of the European Union, we have our main establishment in the EU and no additional representative is required.

Additional Considerations for the US (CCPA)

"Do Not Sell My Personal Information"

We do not sell personal information as defined under the CCPA. However, if this changes in the future, we will update this Privacy Policy and provide a "Do Not Sell My Personal Information" option.

Verification Process

To protect your privacy and maintain security, we may need to verify your identity before processing your requests under the CCPA. The verification process may differ depending on the nature of your request and your relationship with us.

Notice at Collection

When we collect personal information directly from you, we will inform you at or before the point of collection about the categories of personal information to be collected and the purposes for which the personal information will be used.

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

Terms and ConditionsPrivacy PolicyContact