SpeedBid24

Privacy Policy

Ultima actualizare: May 2, 2026

SpeedBid24 ("we", "the platform") respects users' privacy and processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Romanian law.

1. Data Controller

The data controller is SpeedBid24. For any requests regarding your personal data, contact us via the Support page.

2. Categories of Data Collected

  • Account data: name, email, phone, country, seller type (private/dealer).
  • Payment data: handled exclusively by Stripe (PCI DSS Level 1). We only retain the brand and last 4 digits of the card.
  • Vehicle data: make, model, photos, service history and copies of registration documents (where applicable). Users are asked to redact personal data on uploaded documents that does not belong to their own account.
  • Technical data: IP, user-agent, access logs (kept for security).
  • Communication data: support messages, dispute content.

3. Purposes of Processing

  • Providing the Platform's services (account, auctions, payments).
  • Dealer identity verification (KYC).
  • Fraud prevention and enforcement of the Terms (including the EUR 100 abandonment penalty).
  • Transactional communications (auction, dispute, private offer notifications).
  • Legal compliance (invoicing, tax reporting).

4. Legal Basis

  • Performance of contract (art. 6(1)(b) GDPR) — for use of the Platform.
  • Legal obligation (art. 6(1)(c)) — invoicing, anti-fraud.
  • Legitimate interest (art. 6(1)(f)) — security, fraud prevention.
  • Consent (art. 6(1)(a)) — marketing communications (opt-in).

5. Recipients

  • Stripe (payment processing, card verification) — EU/US, under Standard Contractual Clauses. Stripe may also process data as an independent controller for fraud detection and risk monitoring, under its own privacy policy.
  • Supabase / Lovable Cloud (database hosting) — EU (Frankfurt).
  • The other party to the transaction: once an auction is completed and the commission is paid, your contact details (Name, Phone, Email) are disclosed to the other party (Seller or Buyer, as applicable) solely to complete the vehicle transaction.
  • Competent authorities — upon formal legal requests.

6. International Transfers

Data is stored in the EU. Any transfers to the US (e.g. Stripe) are protected by the European Commission's Standard Contractual Clauses. Stripe may process data for fraud detection and risk monitoring, under its own privacy policy.

7. Retention Period

  • Account data: for the duration of the account + 3 years after deletion (litigation).
  • Transactions and invoices: 10 years (legal tax obligation).
  • Technical logs: 12 months.

8. Your Rights (GDPR)

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure ("right to be forgotten") — subject to legal obligations.
  • Restriction of processing.
  • Portability — receive your data in a structured format.
  • Objection — to processing based on legitimate interest.
  • Complaint to a supervisory authority: users in Romania may complain to ANSPDCP (www.dataprotection.ro). Users in other EU/EEA countries may lodge a complaint with their national data protection authority (official list: edpb.europa.eu/about-edpb/about-edpb/members_en).

To exercise these rights, contact us via the Support page. We respond within 30 days.

9. Security

We use TLS encryption for all communications, Row-Level Security at the database level, and a PCI DSS Level 1 partner (Stripe) for payment data. Account access is protected by secure authentication mechanisms (email verification and, optionally, magic links / OTP), eliminating risks associated with weak passwords.

10. Cookies

For details about cookies and similar technologies, see the Cookie Policy.

11. Changes

We may update this policy. Significant changes will be notified by email at least 30 days in advance.