Privacy Policy
This Privacy Policy explains how PAPRIKASOFT SRL (“we”, “us”) collects and uses personal data when you visit etox.io, use dashboard.etox.io, or interact with our JSON-RPC and related services (the “Services”).
Registered office: Str. Lotrioara nr. 17, Sector 3, București, Romania
CUI: RO35486044 · Reg. Com.: J40/901/25.01.2016
Contact (privacy):
We process personal data in line with Regulation (EU) 2016/679 (“GDPR”) and applicable Romanian law. For the purposes of the GDPR, we act as the controller of personal data described below, unless we state otherwise (e.g. where we act as a processor on behalf of your organisation).
1. Data we collect
Depending on how you use the Services, we may process:
- Account and identity data: name, email address, organisation identifiers, and authentication details when you register or sign in.
- Billing data: billing address, payment references, and transaction history (payment card processing is typically handled by payment processors; we do not store full card numbers on our servers).
- Technical and usage data: IP address, approximate location derived from IP, timestamps, API keys or key identifiers, request metadata, error logs, and aggregate usage metrics needed to meter compute units and enforce rate limits.
- Communications: content of support requests and correspondence you send to us.
- Cookie and similar data: as described in our Cookie Policy.
We do not seek to collect special categories of data (such as health data) through the Services. If you voluntarily include such information in a message to us, we will handle it only as needed to respond.
2. Purposes and legal bases
We use personal data for the following purposes:
- Providing the Services (contract, Art. 6(1)(b) GDPR): account creation, authentication, RPC access, metering, billing, and customer support.
- Security and abuse prevention (legitimate interests, Art. 6(1)(f) GDPR): detecting fraud, enforcing rate limits, and protecting infrastructure.
- Legal compliance (legal obligation, Art. 6(1)(c) GDPR): tax, accounting, and responding to lawful requests from authorities.
- Product improvement (legitimate interests): aggregated analytics that do not identify you individually.
- Marketing (consent or legitimate interest, where applicable): only if you opt in to newsletters or similar; you may withdraw consent at any time.
3. Retention
We retain personal data only as long as necessary for the purposes above: for the duration of your account, plus a reasonable period for backups, disputes, and legal obligations (e.g. accounting records). Technical logs may be kept for shorter rolling periods unless longer retention is required for security investigations.
4. Sharing and processors
We use trusted service providers (hosting, email, payment, analytics) who process data on our instructions under appropriate contracts. We may disclose data if required by law or to protect our rights and users’ security. We do not sell your personal data.
If data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions under the GDPR, as applicable.
5. Advertising and online measurement
When we run online advertising (for example Google Ads), we or our partners may use tags, pixels, or similar technologies to measure impressions, clicks, and conversions, and in some cases to build audience lists for remarketing. Depending on your region and settings, such processing may rely on your consent (GDPR Art. 6(1)(a)) or on our legitimate interest in measuring marketing effectiveness (Art. 6(1)(f)).
Google. Where we use Google advertising or analytics products, Google Ireland Limited (or Google LLC where applicable) may process certain data as described in Google’s Privacy Policy. You can manage ad personalisation in Google Ads Settings and learn about cookies in Google’s policies. We do not sell your personal data; use of these tools is to operate and measure our campaigns.
For details on cookies and choices on our sites, see our Cookie Policy.
6. Your rights
Under the GDPR you may have the right to:
- access your personal data and receive a copy;
- rectify inaccurate data;
- erase data in certain circumstances;
- restrict processing;
- data portability, where applicable;
- object to processing based on legitimate interests;
- withdraw consent where processing is consent-based;
- lodge a complaint with a supervisory authority.
In Romania, the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP). You may contact us first at if you wish to exercise your rights.
7. Security
We implement technical and organisational measures appropriate to the risk, including encryption in transit where standard for web services, access controls, and monitoring. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.
8. Children
The Services are not directed at individuals under 16. If you believe we have collected data from a child, please contact us and we will take steps to delete it.
9. Changes
We may update this Privacy Policy from time to time. The “Last updated” date will change accordingly. We encourage you to review this page periodically.
10. Contact
Privacy enquiries:
PAPRIKASOFT SRL · Str. Lotrioara nr. 17, Sector 3, București, Romania