Legal & privacy
Privacy, explainedin practical terms.
This policy explains how WebTruffle handles personal data when you visit this website, send an enquiry, or work with us.
Last updated 12 July 2026
Who is responsible for your data?
WebTruffle is the controller for the personal data described in this policy. Contact us at hello@webtruffle.com for privacy questions or to exercise your rights.
What information do we collect?
- Contact and project enquiries: your name, company, email address, optional phone number, enquiry topic, and anything you choose to include in a message.
- Customer relationships: business contact details, project communications, support requests, contractual records, and billing information.
- Website operations: server requests may contain an IP address, user agent, requested page, timestamp, referrer, and security events.
Please do not place confidential credentials, special-category personal data, or unnecessary personal information in a website form.
Why do we use it?
- To answer business enquiries and manage relationships with you or your organisation, based on our legitimate interests under GDPR Article 6(1)(f).
- To take steps you request before a possible contract, where GDPR Article 6(1)(b) applies.
- To provide contracted services and customer support, based on contract or legitimate interests as appropriate.
- To issue invoices and keep records required by law, under GDPR Article 6(1)(c).
- To secure the website, prevent abuse, diagnose faults, and measure aggregate site usage, based on legitimate interests.
We do not add form submitters to a marketing list and do not use submitted details for unrelated advertising.
Cookies and server-side measurement
WebTruffle does not use non-essential analytics or marketing cookies. A cookie banner is therefore not shown. We may use privacy-conscious server-side measurement and ordinary server logs to understand aggregate traffic and protect the service. Server data can still be personal data and is handled under this policy.
Who receives the information?
Access is limited to WebTruffle and service providers needed to run the website and our business, such as hosting and infrastructure providers, transactional-email providers, cloud delivery providers, and legal, accounting, or other professional advisers. Public authorities may receive information where the law requires it.
Providers processing personal data for us are expected to act under appropriate confidentiality, security, and data-processing terms.
International transfers
Some service providers may process data outside the European Economic Area. Where that happens, we use an applicable adequacy decision, the European Commission’s Standard Contractual Clauses, or another lawful safeguard. You can ask us for more information about the safeguard relevant to your data.
How long do we keep it?
- General and unsuccessful project enquiries: up to 12 months after the last exchange.
- Customer relationship records: for the engagement and the accounting, tax, limitation, or legal period that applies afterward.
- Ordinary website server logs: normally up to 30 days.
- Security-incident records: only as long as needed to investigate, remediate, and document the incident.
- Backups: overwritten on the applicable backup cycle, normally within 90 days.
We may keep information longer where a legal claim, regulatory request, or statutory duty requires it.
Your rights
Depending on the circumstances, you may request access, correction, erasure, restriction, or portability of your personal data, and you may object to processing based on legitimate interests. Where consent is used, you may withdraw it without affecting earlier lawful processing.
Email hello@webtruffle.com. We respond without undue delay and normally within one month. You may also complain to Romania’s ANSPDCP or the supervisory authority where you live or work.
Security and automated decisions
We apply technical and organisational measures appropriate to the data and risk. Our approach is described on the Responsible Data & Security page.
We do not use contact or onboarding information for solely automated decisions that create legal or similarly significant effects.
Changes and questions
We may update this policy when our services, providers, or legal obligations change. Material changes will be reflected by the date above. Questions can be sent to hello@webtruffle.com.