Privacy Policy

1. Introduction

AERYA IT SOLUTIONS SRL ("we", "us", "our") operates the Axis ERP platform (axiserp.com). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection legislation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

2. Data Controller

3. Data We Collect

We collect the following categories of personal data:

Account Information

• Full name
• Email address
• Company name and business details
• Phone number (optional)
• Billing address and payment information (processed by Stripe)

Usage Data

• Features and modules accessed
• Timestamps of interactions
• User preferences and settings

Technical Data

• IP address
• Browser type and version
• Device type and operating system
• Referring URLs

4. How We Use Your Data

• To provide and maintain the Axis ERP service
• To process your subscription and payments
• To communicate with you about your account, including support requests
• To send service updates and important notices
• To improve our platform and develop new features
• To ensure the security and integrity of our services
• To comply with legal obligations

5. Legal Basis for Processing

• Contract performance: Processing necessary to provide you with our ERP services as per your subscription agreement
• Legitimate interest: Improving our services, ensuring security, and preventing fraud
• Legal obligation: Compliance with applicable tax, accounting, and regulatory requirements
• Consent: Where you have given explicit consent, such as for marketing communications

6. Data Storage & Security

Your data is stored on our secure servers located within the European Union. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security audits, and employee training on data protection.

7. Data Access

Your business data stored in Axis ERP belongs to you. Our staff does not access your data unless explicitly requested by you (e.g., for technical support, troubleshooting, or data migration assistance). Any access by our team is logged, limited in scope, and performed only for the purpose you have authorized.

8. Data Retention

We retain your personal data for as long as your account is active and as needed to provide you our services. After account termination, we retain your data for up to 30 days to allow for reactivation, after which it is permanently deleted. Technical and browser data (IP addresses, browser information) is retained for a maximum of 12 months. Certain data may be retained longer where required by law (e.g., invoicing records for tax compliance, which are retained for 10 years as required by Romanian fiscal legislation).

9. Third-Party Services

We share personal data with the following third-party processors, all of whom are GDPR-compliant:

• Stripe – Payment processing. Stripe processes your payment card information directly; we do not store your card details. See Stripe's privacy policy at stripe.com/privacy.
• Cloudflare – Website delivery, DDoS protection, and the Turnstile anti-spam widget. See Cloudflare's privacy policy at cloudflare.com/privacypolicy.
• Hetzner – Server infrastructure within the EU for hosting your ERP data.

10. International Data Transfers

Your data is primarily processed and stored within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., by third-party processors), we ensure adequate protection through EU Standard Contractual Clauses or adequacy decisions recognized by the European Commission.

11. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access – Request a copy of the personal data we hold about you
• Right to rectification – Request correction of inaccurate or incomplete data
• Right to erasure – Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing – Request limitation of how we process your data
• Right to data portability – Receive your data in a structured, machine-readable format
• Right to object – Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent – Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by GDPR.

12. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro, or with the supervisory authority in your EU member state of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and, where appropriate, by email. We encourage you to review this page periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us: