Privacy Policy

CarpTimer · Last updated: May 15, 2026

This policy explains what personal data we collect through the CarpTimer app ("the App") and how we use it. The data controller is SC SOFTHARDEXPERT SRL, registration number 33764586, with registered office in com. Perieni, Vaslui county, Romania. Contact: softhardexpert@yahoo.com.

1. What data we collect

• Account: email address (on manual sign-up or via Google Sign-In), optional name, optional profile photo (stored locally on device). Passwords are stored hashed; we never see your password in clear text.
• Fishing activity: sessions you create (lake, swim, duration), casts (time, distance, rod, bait), marked bites, captures (species, weight, text note).
• User-generated content: lakes and swims you propose for the shared database (after moderator approval).
• Payment data (if you purchase credits or subscription): amount, currency, transaction status, Netopia transaction ID, payment date. See section 4 for details.
• Minimal technical data: IP address at time of authentication (for security), timestamps of sync operations.

We do not collect: exact GPS location, contacts, photos from your gallery (except those you explicitly select as profile photo or capture — stored locally), microphone, advertising identifiers, usage data outside the App, bank card number, CVV, or other card data (see section 4).

2. How we use the data

• To display your own sessions and statistics on any device you sign in to.
• To sync data between your phones.
• To process payments for credits and subscriptions (in cooperation with Netopia).
• To issue fiscal invoices in accordance with Romanian law (CUI 33764586).
• To improve the App (aggregated, anonymous error analysis — no user identification).
• To respond to questions when you contact us by email.

3. Third-party sharing

We do not sell or transfer your data to third parties for marketing. The only entities that process data to make the App work are:

• Hetzner Online GmbH (Nuremberg, Germany, EU) — server where data is stored. Their policy.
• NETOPIA Payments (Bucharest, Romania) — payment processor for credits and subscription. They receive: your name, email, amount, and card details (directly from you via their secure page — not through our server). Their policy.
• Google LLC — only if you sign in via Google Sign-In (we only process the identity token, we do not access your Google account).
• Better-Auth — open-source library running on our server; does not transmit data to third parties.
• Invoicing provider (SmartBill/Oblio/FGO) — for automatic fiscal invoice generation. They receive: name, email, amount, payment date, fiscal ID if you pay as a legal entity.

4. Payment data — what we store and what we don't

When you purchase credits or a subscription, payment is processed directly on the NETOPIA Payments platform. The App redirects you to a secure Netopia page where you enter your card details.

CarpTimer DOES NOT store:

• Bank card number.
• CVV/CVC code.
• Card expiration date.
• Name on the card.

CarpTimer DOES store (for transaction records and invoicing):

• Netopia transaction identifier (opaque string, does not allow card identification).
• Amount paid and currency.
• Transaction status (success / failure / refunded).
• Payment date and time.
• Purchased product (credits package N or subscription).

The refund policy (14 days pre-use) is detailed in Terms of Service, section 6.

5. Storage location and duration

Data is stored exclusively on a server in Nuremberg, Germany (European Union), in compliance with GDPR. We do not transfer data outside the EU.

Data remains stored as long as your account is active. If you delete a session, its content (location, casts) is anonymized immediately — your name is detached from those rows. These may be kept in aggregate, anonymously, to improve the App.

Accounting records (invoices, transaction history) are retained in accordance with Romanian tax law — minimum 10 years — even after account deletion.

6. Your rights (GDPR)

You have the right to:

• Access the data we hold about you.
• Correct or update any incorrect information (can be done directly in Account Settings).
• Delete your account and all associated data (anonymized for already aggregated data; retained for accounting data as required by law).
• Export data in a readable format.
• Object to processing or withdraw consent.

For any of these requests, write to softhardexpert@yahoo.com. We respond within 30 days.

7. Security

• Connections between the App and server are encrypted via HTTPS (TLS 1.3).
• Passwords are hashed with industry-standard algorithms (bcrypt/argon2).
• Single-device policy: one active session per account at any time. Signing in on another phone automatically signs out the previous one.
• Payments are made exclusively via NETOPIA Payments — no card data passes through or is stored by our server.

8. Cookies and tracking

The mobile App does not use cookies and does not integrate any analytics or advertising services (Google Analytics, Facebook Pixel, etc.). Data stays between you and our server.

On the website carptimer.ro we use only technical cookies necessary for the buy page (authentication and temporary payment session). No tracking or marketing cookies.

9. Children under 16

The App is not intended for children under 16. We do not knowingly collect data from minors. If you are a parent and believe we have processed data about your child, please contact us.

10. Changes to this policy

We may update this policy occasionally. Major changes will be announced in the App or by email. The date of the last update appears at the top of this page.

11. Contact and complaints

SC SOFTHARDEXPERT SRL
Trade Register: J37/357/2014
VAT ID: 33764586
Address: com. Perieni, Vaslui county, Romania
Phone: +40 749 800 847
Email: softhardexpert@yahoo.com

For formal GDPR complaints, you can also address the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), str. Magheru 28-30, sector 1, Bucharest.