1. IMFS Status and Legal Basis

We strictly comply with the Regulation (EU) 2016/679 (GDPR). In our relationship with you, we operate based on two distinct roles:

Data Controller
(Data Controller)For your account information (name, billing email, payment history, access logs to the IMFS instance). Processing is done on the basis of executing the SaaS contract.
Data Processor
(Data Processor)For absolutely all data you enter into CRM, ERP, or HR (e.g., employee IDs, your clients' contacts, invoices with PII). This data belongs entirely to you. The legal basis for our processing is strictly your written instruction, materialized through the use of the software interface.

2. Automated Data We Collect (Telemetry & Security)

To guarantee a 99.9% SLA and to prevent cyber attacks on your Enterprise instance, we automatically collect the following information at every interaction with the platform (via web app or API):

Security (Audit Logs)

Login IP addresses
Failed authentication attempts
API instance Activations / Deactivations

Technical Performance

Server response times
Non-identifiable UI error data (Crash dumps)
Browser/OS metadata for optimization

3. Artificial Intelligence (IMFS AI Hub) and Privacy

Data protection in AI modules: Unlike public (generative) AI models that learn from user inputs, the IMFS ecosystem has a strict "Zero-Data-Leak" policy regarding the AI Hub. No sensitive data, CRM message, or invoice processed via OCR *will ever be used* to train language models (LLM) or for third-party use.

AI documentary analysis operations (e.g., reading supplier invoices) have an ephemeral lifecycle on processing servers (hardware located in the EU), with cache data destroyed immediately post-resolution.
The "AI Meeting Assistant" feature takes meeting transcripts strictly temporarily to generate the summary, without archiving the original audio format unless there is an explicit action (opt-in) from the administrator.

4. Data Encryption and Hosting

We use military/banking technological standards to protect your digital business ecosystem:

Exclusive EU Hosting: All our primary databases and backup nodes are geographically located only in the European Union (Romania and Germany - Tier-3 data centers). No data transfer is made to "non-adequate" areas regarding GDPR.
Transit (In-Transit): Absolutely all communication is secured using TLS 1.2 and TLS 1.3 (HTTPS).
Storage (At-Rest): Sensitive financial information and API settings are natively encrypted at the storage volume level using the integrated AES-256 algorithm.

5. Data Retention and Deletion

We maintain data only for the strictly necessary period:

B2B Financial Data (Contractual): Retained for 10 years for compliance with Romanian financial legislation.
Backups (Disaster Recovery): Retained for a maximum rotating period of 30 days. These backups cannot be accessed directly for individual queries.
Upon account closure: When the Enterprise subscription ends, we offer a 30-day window to fully export the current database, after which we trigger the total deletion procedure (Hard-Delete).

6. Your Constitutional Rights

According to Chapter III of the GDPR, you benefit from the right of access, rectification, objection to profiling, restriction of processing, data portability (structured and machine-readable) as well as the famous "right to be forgotten". Any of these rights can be exercised free of charge by the user through a notice sent to our Data Protection Officer (DPO).

Data Protection Officer (DPO) Contact

For requests to exercise GDPR rights or compliance audits, our DPO will respond within the legal deadline of maximum 30 days.

Email Official DPO

1. IMFS Status and Legal Basis

We strictly comply with the Regulation (EU) 2016/679 (GDPR). In our relationship with you, we operate based on two distinct roles:

Data Controller
(Data Controller)For your account information (name, billing email, payment history, access logs to the IMFS instance). Processing is done on the basis of executing the SaaS contract.

Data Processor
(Data Processor)For absolutely all data you enter into CRM, ERP, or HR (e.g., employee IDs, your clients' contacts, invoices with PII). This data belongs entirely to you. The legal basis for our processing is strictly your written instruction, materialized through the use of the software interface.

2. Automated Data We Collect (Telemetry & Security)

To guarantee a 99.9% SLA and to prevent cyber attacks on your Enterprise instance, we automatically collect the following information at every interaction with the platform (via web app or API):

Security (Audit Logs)

Login IP addresses
Failed authentication attempts
API instance Activations / Deactivations

Technical Performance

Server response times
Non-identifiable UI error data (Crash dumps)
Browser/OS metadata for optimization

3. Artificial Intelligence (IMFS AI Hub) and Privacy

AI documentary analysis operations (e.g., reading supplier invoices) have an ephemeral lifecycle on processing servers (hardware located in the EU), with cache data destroyed immediately post-resolution.

The "AI Meeting Assistant" feature takes meeting transcripts strictly temporarily to generate the summary, without archiving the original audio format unless there is an explicit action (opt-in) from the administrator.

4. Data Encryption and Hosting

We use military/banking technological standards to protect your digital business ecosystem:

Exclusive EU Hosting: All our primary databases and backup nodes are geographically located only in the European Union (Romania and Germany - Tier-3 data centers). No data transfer is made to "non-adequate" areas regarding GDPR.

Transit (In-Transit): Absolutely all communication is secured using TLS 1.2 and TLS 1.3 (HTTPS).

Storage (At-Rest): Sensitive financial information and API settings are natively encrypted at the storage volume level using the integrated AES-256 algorithm.

5. Data Retention and Deletion

We maintain data only for the strictly necessary period:

B2B Financial Data (Contractual): Retained for 10 years for compliance with Romanian financial legislation.

Backups (Disaster Recovery): Retained for a maximum rotating period of 30 days. These backups cannot be accessed directly for individual queries.

Upon account closure: When the Enterprise subscription ends, we offer a 30-day window to fully export the current database, after which we trigger the total deletion procedure (Hard-Delete).

6. Your Constitutional Rights

Privacy Policy (GDPR)

1. IMFS Status and Legal Basis

2. Automated Data We Collect (Telemetry & Security)

Security (Audit Logs)

Technical Performance

3. Artificial Intelligence (IMFS AI Hub) and Privacy

4. Data Encryption and Hosting

5. Data Retention and Deletion

6. Your Constitutional Rights

Data Protection Officer (DPO) Contact

Privacy Policy (GDPR)

1. IMFS Status and Legal Basis

2. Automated Data We Collect (Telemetry & Security)

Security (Audit Logs)

Technical Performance

3. Artificial Intelligence (IMFS AI Hub) and Privacy

4. Data Encryption and Hosting

5. Data Retention and Deletion

6. Your Constitutional Rights

Data Protection Officer (DPO) Contact