Privacy Policy
Last updated: May 25, 2026
Data controller: AGROMAR PROD SRL — Strada Dunării 20, Sat Smârdan, Județul Tulcea, Romania
1. Who We Are (Data Controller)
AGROMAR PROD SRL, registered in Romania, with its address at Strada Dunării 20, Sat Smârdan, Județul Tulcea, Romania, is the data controller responsible for your personal data processed through the Retentionr service ("Service"). For all privacy-related inquiries, contact us at privacy@retentionr.com.
2. Information We Collect
We collect the following categories of personal data: a) Account data — name, email address, and profile picture provided during registration or through Google OAuth sign-in. b) Authentication & security data — hashed passwords, two-factor authentication (2FA) codes (stored as one-way hashes, discarded after use), and session tokens. c) YouTube & channel data — channel name, channel ID, video titles, descriptions, thumbnails, publish dates, view counts, engagement metrics, audience analytics, and other data accessed through the YouTube Data API and YouTube Analytics API when you connect your YouTube account. This includes historical video performance data. d) Content you submit — scripts, video files (uploaded for analysis), thumbnail images, and any other material you provide for analysis. Video files are stored temporarily and deleted after processing. e) Usage data — pages visited, features used, clicks, session duration, timestamps, and interaction patterns within the Service. This data is collected through our own analytics infrastructure. f) Payment data — subscription status and billing history. Full card details are processed and stored exclusively by Stripe and are never transmitted to or stored on our servers. g) Referral data — if you use or share a referral code, we store the referral relationship and any associated rewards. h) Communications — the content of any messages you send us via email or support channels.
3. Legal Bases for Processing (GDPR Art. 6)
We process your personal data on the following legal bases: a) Performance of a contract (Art. 6(1)(b)) — processing necessary to provide the Service you have registered for, including account management, YouTube data analysis, AI-powered insights, and payment processing. b) Legitimate interests (Art. 6(1)(f)) — processing necessary for our legitimate interests including service security and fraud prevention, debugging and service improvement, aggregated analytics to develop better AI models, and enforcing our Terms of Service. We balance these interests against your rights and freedoms. c) Compliance with a legal obligation (Art. 6(1)(c)) — processing required to comply with Romanian or EU law, including financial record-keeping and responding to lawful authority requests. d) Consent (Art. 6(1)(a)) — for any processing not covered above, such as optional marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
4. How We Use Your Information
We use the information we collect to: • Provide, operate, and maintain the Service and all its features • Process and manage your subscription and payments • Send you transactional emails (verification codes, password resets, billing receipts) • Send service-related notifications (trend alerts, weekly digests) — you may opt out at any time • Authenticate your identity and protect your account (including 2FA) • Analyse and improve our AI models using anonymized, aggregated data • Detect, investigate, and prevent fraud, abuse, or policy violations • Comply with legal and regulatory obligations • Respond to your support requests We do not sell, rent, or trade your personal data to third parties for marketing purposes.
5. Third-Party Service Providers (Data Processors)
We share limited personal data with trusted third-party processors who act on our instructions: • Google LLC / YouTube — channel and analytics data accessed via Google APIs. Subject to Google's Privacy Policy (https://policies.google.com/privacy) and Google API Services User Data Policy. • Stripe, Inc. — payment processing. Stripe is PCI-DSS certified. Subject to Stripe's Privacy Policy (https://stripe.com/privacy). • Anthropic, PBC — AI analysis of scripts and video content. Data is transmitted via API. Anthropic does not use API inputs to train its models. • OpenAI, LLC — AI analysis features. Data is transmitted via API. OpenAI does not use API inputs to train its models per their data processing agreement. • Turso (ChiselStrike, Inc.) — our primary database hosting provider. Your account data, usage data, and analysis results are stored in Turso's infrastructure. • Vercel, Inc. — cloud infrastructure and hosting for the Service. • Resend, Inc. — transactional email delivery (verification codes, password resets, notifications). All processors are contractually obligated to process your data only on our instructions and to implement appropriate security measures. Where processors are located outside the European Economic Area (EEA), transfers are made under Standard Contractual Clauses (SCCs) adopted by the European Commission or other appropriate safeguards.
6. International Data Transfers
AGROMAR PROD SRL is based in Romania (EU). However, several of our third-party processors — including Stripe, OpenAI, Anthropic, Turso, and Vercel — are based in the United States, which is outside the European Economic Area (EEA). When we transfer personal data to these providers, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914) to ensure your data receives equivalent protection. You may request a copy of the relevant safeguards by contacting us at privacy@retentionr.com.
7. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Specific retention periods: • Account data: retained for the lifetime of your account, plus 30 days after deletion to allow recovery requests • YouTube data: retained while your account is active; purged within 30 days of account deletion or YouTube disconnection • Video files submitted for analysis: deleted within 24 hours after processing • Thumbnail images submitted for analysis: deleted within 7 days • 2FA OTP codes: deleted immediately upon use or expiry (10-minute lifetime) • Payment records: retained for 5 years as required by Romanian accounting law (Law 82/1991) • Anonymized, aggregated analytics: retained indefinitely (cannot be linked to you) • Support communications: retained for 3 years After account deletion, all personal data is removed from active systems within 30 days and from backup systems within 90 days, except where retention is required by law.
8. YouTube API — Limited Use Disclosure
Retentionr's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: • We use YouTube API data only to provide Retentionr's analytics and content optimization features to you • We do not transfer YouTube data to third parties except as necessary to provide the Service (e.g., AI analysis providers), or as required by law • We do not use YouTube data for advertising purposes • We do not allow humans to read YouTube data unless you have explicitly given permission, it is necessary for security purposes, or required by law • You may revoke Retentionr's access to your Google account at any time at https://myaccount.google.com/permissions
9. Cookies & Local Storage
We use the following cookies and browser storage mechanisms: • Session cookies — essential for authentication and maintaining your logged-in state. These expire when your browser session ends or after 30 days of inactivity. • Security cookies — used to implement CSRF protection and secure 2FA sessions. • Referral cookie (ref_code) — stored for up to 30 days when you arrive via a referral link, used to attribute referral rewards. • Analytics — we use our own server-side analytics that do not require cookies and do not track you across other websites. We do not use third-party advertising cookies, social media tracking pixels, or cross-site behavioral advertising trackers. You can disable cookies in your browser settings, but doing so may prevent you from using certain features of the Service.
10. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights: • Right of access (Art. 15) — you may request a copy of the personal data we hold about you. • Right to rectification (Art. 16) — you may request correction of inaccurate or incomplete data. • Right to erasure (Art. 17) — you may request deletion of your personal data ("right to be forgotten"), subject to certain exceptions (e.g., legal retention obligations). • Right to restriction (Art. 18) — you may request that we limit how we process your data in certain circumstances. • Right to data portability (Art. 20) — you may request your data in a structured, machine-readable format. • Right to object (Art. 21) — you may object to processing based on legitimate interests or for direct marketing purposes. • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing. • Right not to be subject to automated decision-making — we do not make decisions that produce significant legal effects solely through automated means. To exercise any of these rights, contact us at privacy@retentionr.com or use the Account Settings page. We will respond within 30 days. We may ask you to verify your identity before processing sensitive requests.
11. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. For users in Romania: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, Romania Website: https://www.dataprotection.ro Email: anspdcp@dataprotection.ro For users in other EU member states, you may also contact the supervisory authority in your country of habitual residence. We nonetheless encourage you to contact us first so we can address your concern directly.
12. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@retentionr.com and we will delete such data promptly. If we discover that we have collected personal data from a user under 16 without appropriate consent, we will delete that information as quickly as possible.
13. Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include TLS encryption for all data in transit, bcrypt hashing for passwords and OTP codes, secure HTTP-only cookies for session management, two-factor authentication for all email/password accounts, access controls limiting employee access to personal data, and regular security reviews. While we take all reasonable precautions, no method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframes required by the GDPR.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the law, our practices, or the Service. When we make material changes, we will notify you by email to the address associated with your account or through a prominent notice in the Service at least 30 days before the changes take effect. We encourage you to review this policy periodically. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
15. Contact & Data Protection Inquiries
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data: AGROMAR PROD SRL Strada Dunării 20, Sat Smârdan, Județul Tulcea, Romania Privacy email: privacy@retentionr.com General support: support@retentionr.com We aim to respond to all privacy-related inquiries within 30 days.