e-bon
e-bon.ro
Compliance

Privacy Policy

How Crisposoft SRL collects, uses, discloses and protects personal data when you use the E-BON platform — under GDPR and Romanian data protection law.
This page mirrors the legal text published at https://app.e-bon.ro/en/privacy for documentation discoverability. The portal version is the authoritative legal version; this docs copy is provided as a reference for operators and integrators. If the two diverge, the portal page wins.

Related legal pages: GDPR Compliance · Terms & Conditions. Fiscal-compliance siblings: ANAF reporting (JE / MF / P7B) · F4109 — ANAF inactivity declaration.

Last updated: April 2026.

If you have questions about this privacy policy, contact us at privacy@e-bon.ro.

About this policy

Crisposoft SRL ("we", "us", "our") operates the E-BON platform (e-bon.ro). This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use our services, in accordance with the General Data Protection Regulation (GDPR) and Romanian data protection law.

Data we collect

We collect the following categories of personal data:

  • Account information: company name, CUI/CIF, email address, password (hashed)
  • Usage data: API requests, device interactions, fiscal operations performed
  • Technical data: IP address, browser type, device information, access logs
  • Fiscal data: receipt data, fiscal reports, ANAF submission records (processed on behalf of your organisation)

Process data on these legal bases

We process your personal data under the following legal bases, as defined by GDPR Article 6:

  • Consent — when you create an account and agree to our terms, you consent to the processing of your personal data for service delivery
  • Contract — processing necessary to deliver the E-BON platform services you have subscribed to
  • Legitimate interest — processing for platform security, fraud prevention and anonymised analytics to improve our services
  • Legal obligation — processing required to comply with Romanian fiscal legislation, including mandatory reporting to ANAF

Identify the data controller

The data controller for personal data processed through the E-BON platform is Crisposoft SRL, a company registered in Romania (CUI: pending registration). For any questions regarding data processing or to exercise your data protection rights, contact our Data Protection Officer at privacy@e-bon.ro.

Manage cookies and tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising or tracking cookies. Analytics cookies, if used, are anonymised and do not track individual users across websites.

Share data with third-party services

We may share data with the following categories of third parties, solely to provide our services:

  • Cloud hosting providers (for platform infrastructure)
  • Payment processors (for subscription billing)
  • ANAF (for mandatory fiscal reporting, as required by Romanian law)
  • Analytics services (anonymised usage data only)

Transfer data internationally

The E-BON platform is hosted on Microsoft Azure data centres located within the European Economic Area (EEA). Your data is stored and processed within the EU. In the event that data needs to be transferred outside the EEA, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Retain your data

We retain your personal data for as long as your account is active or as needed to provide our services. Fiscal data is retained for the legally required period under Romanian fiscal legislation (typically 10 years). You may request deletion of your account data at any time, subject to legal retention obligations.

Protect your data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction:

  • TLS encryption for all data in transit between your browser/application and our servers
  • Encryption at rest for all data stored in Google Cloud Firestore
  • Bcrypt hashing for all user passwords — we never store plaintext passwords
  • Role-based access controls ensuring employees only access data necessary for their role
  • Regular security reviews and vulnerability assessments of our platform infrastructure

Exercise your rights

Under GDPR, you have the right to:

  • Access your personal data and receive a copy
  • Rectify inaccurate or incomplete data
  • Erasure — request erasure of your data (right to be forgotten)
  • Portability — receive your data in a portable format
  • Object to processing of your data
  • Restriction — request restriction of processing

The full mechanics of each right (including how the fiscal-retention exception applies to erasure) are documented on the GDPR Compliance page.

Protect children's privacy

The E-BON platform is a B2B service designed for businesses and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@e-bon.ro and we will promptly delete such information.

Track changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. For material changes, we will notify registered users via email at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact us

For any privacy-related questions or to exercise your rights, contact us at privacy@e-bon.ro.

GDPR Compliance

How e-bon (Crisposoft SRL) processes personal data under the GDPR — data controller, your rights, lawful processing purposes, and how to exercise them.

Terms & Conditions

Terms and conditions for using the E-BON platform operated by Crisposoft SRL — acceptance, service description, user obligations, billing, liability, termination and governing law.