Privacy Policy

Last updated: March 2026

1. Introduction

SANDA LAURENŢIU-BOGDAN PERSOANĂ FIZICĂ AUTORIZATĂ ("Company", "we", "us", or "our"), registered in Romania under CUI 42724874, Registry of Commerce No. F2020000181251, with its registered office at Aleea Narciselor Nr. 1, Bl. D2, Sc. 2, Ap. 25, Drobeta-Turnu Severin, Mehedinţi, Romania, is committed to protecting your personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Romanian data protection legislation.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the AgencyKey platform and its associated services (the "Service"). Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller

The data controller responsible for processing your personal data is:

  • Company: SANDA LAURENŢIU-BOGDAN PERSOANĂ FIZICĂ AUTORIZATĂ
  • Address: Aleea Narciselor Nr. 1, Bl. D2, Sc. 2, Ap. 25, Drobeta-Turnu Severin, Mehedinţi, Romania
  • CUI: 42724874
  • Email: legal@agencykey.com
  • Data Protection Officer: legal@agencykey.com

3. Types of Data We Collect

3.1 Account Data

When you register for an Account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Phone number (if provided)
  • Company or agency name (if applicable)
  • Billing information (processed by our payment provider)

3.2 Service Usage Data

When you use the Service, we may collect:

  • OnlyFans account data that you connect to the Service (subscriber information, messaging history, revenue data, media metadata)
  • Actions performed within the Service (logs, feature usage, settings changes)
  • Team management data (roles, permissions, shift schedules)
  • Messages and communications sent through the Service

3.3 Technical Data

We automatically collect certain technical information:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Access timestamps and session duration
  • Referring URL
  • Pages viewed within the Service

3.4 Cookie Data

We use cookies and similar technologies to collect data about your browsing activity. For detailed information, please refer to our Cookie Policy.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

4.1 Performance of a Contract (Art. 6(1)(b) GDPR)

Processing is necessary for the performance of the contract between you and us (the Terms of Service), including:

  • Creating and managing your Account
  • Providing the Service and its features
  • Processing payments and managing Subscriptions
  • Communicating with you about your Account and the Service

4.2 Legitimate Interests (Art. 6(1)(f) GDPR)

Processing is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms:

  • Improving and optimizing the Service
  • Ensuring the security and integrity of the Service
  • Analyzing usage patterns to enhance user experience
  • Preventing fraud and unauthorized access
  • Internal administration and record keeping

4.3 Consent (Art. 6(1)(a) GDPR)

Where we rely on your consent for processing, such as for analytics cookies or marketing communications, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.4 Legal Obligation (Art. 6(1)(c) GDPR)

We may process your data to comply with legal obligations, such as tax reporting requirements, responding to lawful requests from authorities, or fulfilling data retention obligations.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve the Service, including account management, feature access, and customer support.
  • Communication: To send you service-related notifications, updates, security alerts, and support messages.
  • Analytics: To analyze how the Service is used in order to improve functionality and user experience.
  • Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.
  • Billing: To process payments, manage Subscriptions, and send invoices.

6. Data Sharing

We do not sell your personal data. We may share your data with the following categories of recipients:

6.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf under data processing agreements compliant with Article 28 GDPR:

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Analytics services (Yandex Metrika)
  • Email delivery services
  • Customer support tools

6.2 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

7. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure that adequate safeguards are in place in accordance with Chapter V of the GDPR, including:

  • Transfers to countries with an adequacy decision by the European Commission.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Other appropriate safeguards as provided for in Article 46 GDPR.

You may request information about the specific safeguards applied to transfers of your data by contacting us at legal@agencykey.com.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements:

  • Account data: Retained for the duration of your Account and for up to 30 days after Account deletion, unless a longer retention period is required by law.
  • Billing and transaction data: Retained for up to 10 years in accordance with Romanian fiscal legislation.
  • Service usage data: Retained for up to 24 months from the date of collection.
  • Technical and log data: Retained for up to 12 months.
  • Cookie data: Retained in accordance with the retention periods specified in our Cookie Policy.

After the applicable retention period expires, your data will be securely deleted or anonymized.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

9.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access the data and receive information about the processing.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to the processing.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where processing is based on consent or a contract and is carried out by automated means.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

9.7 Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact our Data Protection Officer at legal@agencykey.com. We will respond to your request within one month, as required by the GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

10. Cookie Policy

We use cookies and similar technologies on our website and Service. For detailed information about the cookies we use, why we use them, and how you can manage your cookie preferences, please refer to our Cookie Policy.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data as soon as possible. If you believe we have collected personal data from a child, please contact us at legal@agencykey.com.

12. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and role-based permissions
  • Regular security assessments and monitoring
  • Secure data storage with regular backups
  • Employee training on data protection

While we take all reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes, we will update the "Last updated" date at the top of this page and, where required by the GDPR, notify you via email or through the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

  • Company: SANDA LAURENŢIU-BOGDAN PERSOANĂ FIZICĂ AUTORIZATĂ
  • Address: Aleea Narciselor Nr. 1, Bl. D2, Sc. 2, Ap. 25, Drobeta-Turnu Severin, Mehedinţi, Romania
  • General inquiries: legal@agencykey.com
  • Data Protection Officer: legal@agencykey.com
  • Phone: +40 799 275 776

15. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR or applicable Romanian data protection law, you have the right to lodge a complaint with the Romanian supervisory authority:

  • Authority: Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
  • Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336, Bucharest, Romania
  • Phone: +40.318.059.211
  • Email: anspdcp@dataprotection.ro
  • Website: www.dataprotection.ro

You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.