Legal
GDPR Compliance
This page explains what personal data reqad.com processes, why, and the rights you have under the EU General Data Protection Regulation (GDPR).
Data controller
The data controller for reqad.com is Webdev SRL (Bucharest, Romania). For any privacy question or request, contact us at contact@reqad.com.
What personal data we process
We only collect data you give us directly, and only what's needed to run the site and your account:
- Signup / early access: name, email address, country and industry, plus the IP address and user-agent of the request (fraud/abuse prevention).
- Account: your name, email and a hashed password (never stored in plain text), plus an optional list of IPs you've labeled for your own account access.
- Security logs: login attempts (identifier and timestamp) are kept briefly to enforce rate-limiting against brute-force attacks.
- Contact form / email: whatever you include when you email contact@reqad.com directly.
We do not use analytics, advertising or tracking scripts, and we do not sell or share your data with third parties for marketing purposes.
Cookies
reqad.com uses a single cookie:
reqad
A first-party session cookie used only to keep you signed in and to protect forms against CSRF (cross-site request forgery). It's set to HttpOnly, Secure and SameSite=Strict, contains no tracking or advertising data, and expires automatically after 30 minutes of inactivity or when you log out.
Because this cookie is strictly necessary to provide the service you request (staying logged in), it's exempt from consent under Article 5(3) of the ePrivacy Directive - so we don't show a cookie consent banner. If we ever add analytics, advertising or non-essential cookies, we'll update this page and ask for your consent first.
Legal basis for processing
- Contract (Art. 6(1)(b) GDPR) - to create and operate your account and provide the service you signed up for.
- Legitimate interest (Art. 6(1)(f) GDPR) - to keep the site secure, prevent abuse and enforce login rate-limiting.
- Consent (Art. 6(1)(a) GDPR) - only if we ever ask you to opt in to something separately, e.g. marketing email.
How long we keep data
Account and signup data is kept for as long as your account is active. Login-attempt logs are kept only long enough to enforce the 15-minute rate-limit window. Activation and password-reset tokens are single-use and expire automatically. If you close your account, we delete or anonymize your personal data unless we're legally required to keep it longer.
Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Request erasure ("right to be forgotten");
- Restrict or object to processing;
- Receive your data in a portable format;
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, email contact@reqad.com - we'll respond within one month.
Data security
Passwords are stored as salted hashes, never in plain text. All traffic is served over HTTPS. Session cookies are HttpOnly/Secure/SameSite=Strict, and state-changing requests are protected with CSRF tokens.
Third-party processors
We use an SMTP provider solely to deliver transactional email (account activation, password resets, notifications). No personal data is shared with advertising, analytics or social-media platforms.