Controller details
Recompensated acts as the controller for the personal data described in this policy when it decides why and how your data is processed. This section should be completed with the full legal identity of the site operator before you rely on it as a final production notice.
Replace the current placeholders with your legal entity name, registered office, registration number, privacy email address, and DPO contact if one exists. Until that is done, the support ticket system remains only the operational contact route, not a final legal notice identity block.
Applicable framework
This policy is intended to reflect the General Data Protection Regulation (GDPR), the ePrivacy rules as implemented in Romania, including Law no. 506/2004 for cookies and similar technologies, and the Romanian enforcement framework supervised by the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).
Data we process
Depending on how you use the platform, we may process account data such as name, email address, password hash or social-login identifiers, avatar URL, country and address details, wallet or payout information, points balance, referral records, promo redemptions, withdrawal and reward history, survey profile data, cashback transaction data, case and wheel activity, raffle and leaderboard participation, support tickets, cookies, device and anti-fraud signals, IP addresses, browser data, and language preferences.
Why we process personal data and legal bases
We process personal data to create and secure accounts, authenticate users, operate rewards and promotional systems, process withdrawals and support requests, run anti-fraud controls, maintain logs and accounting records, and comply with applicable law.
The main legal bases are contract performance for running the service you request, legal obligation for accounting, tax, fraud, and compliance records, legitimate interests for security, abuse prevention, platform integrity, and internal service analytics, and consent where optional cookies, analytics, advertising, or affiliate tracking are involved.
Cookies, local storage, and tracking technologies
Strictly necessary cookies and similar storage are used for sign-in, secure sessions, CSRF protection, fraud controls, checkout, and other essential platform functions. Optional analytics, functional preferences, advertising, affiliate tracking, and third-party embeds are intended to remain disabled until the relevant consent is given.
Romanian ePrivacy rules require clear information and prior agreement for non-essential storage or access on a user device. You can review or withdraw optional consent through the cookie settings entry point and the Cookie Policy.
Offerwalls, survey providers, cashback merchants, and other third parties
When you use offerwalls, survey providers, cashback merchants, reward videos, affiliate links, payment services, social login, or similar partner tools, those providers may process your data under their own terms and policies. This can include click or conversion identifiers, survey response routing data, browser and device signals, IP addresses, purchase validation data, or reward confirmation records.
Fraud prevention and account security
To protect the platform, users, advertisers, and payout systems, we process anti-fraud data such as IP history, login activity, device fingerprints or browser signals, referral relationships, payout-destination overlap, suspicious earning patterns, provider feedback, and abuse-risk indicators. This processing is based mainly on legitimate interests and, where relevant, legal obligations.
International transfers and processors
Some hosting providers, offerwalls, survey networks, cashback networks, analytics services, communications tools, and support tools may process data outside Romania or the EEA. Where personal data is transferred internationally, appropriate safeguards should be used where required, such as adequacy decisions, contractual safeguards, or comparable protections according to the setup in use.
How long data is kept
We keep personal data only for as long as necessary for the purposes for which it was collected, including account operation, security, fraud review, payouts, dispute handling, and compliance obligations. Different records can be kept for different periods depending on the feature and legal need.
Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (TLS/HTTPS) for all data in transit, hashed and salted password storage, role-based access controls, server-level firewalls, regular software and dependency updates, and automated fraud-detection systems.
Third-party processors we engage are required to maintain comparable security standards. While no system can guarantee absolute security, we continually review and improve our safeguards in line with industry best practices and GDPR Article 32 requirements.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible and, where required, inform affected users without undue delay.
Your rights
Subject to GDPR and applicable Romanian law, you may have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent where consent is the legal basis. We aim to respond within the legal time limits, usually one month unless an extension lawfully applies.
Complaints and supervisory authority
If you believe your personal data has been processed unlawfully, you may contact us first through the platform support route. You also have the right to lodge a complaint with ANSPDCP. Public contact details published by ANSPDCP include B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania, email anspdcp@dataprotection.ro, and website www.dataprotection.ro.
Children and age limits
The service is not intended for children below the minimum age allowed by our Terms and applicable law. If you believe a child has provided personal data unlawfully through the platform, contact us so the case can be reviewed and handled appropriately.
