Privacy Policy

Last updated: 5 May 2026

This Privacy Policy explains how AngelsOnEarth SRL ("AngelsOnEarth", "we", "us") collects, uses, and protects your personal data when you visit aoeone.com or interact with our marketing website. It is written to comply with Regulation (EU) 2016/679 (GDPR) and applicable Romanian law.

1. Data controller

AngelsOnEarth SRL, a company registered in Romania, acts as the data controller for personal data processed via this website.

Privacy contact: privacy@aoeone.com.

2. What data we collect, and why

We only collect data that you actively provide via our forms, plus minimal technical data needed to operate the site.

2.1 Sign-up form (download request)

  • First name, last name
  • Work email address
  • Hospital or organization name
  • Detected operating system (Windows / macOS / Linux) — used solely to send the correct download link

Purpose: to send you the desktop application download link by email. Lawful basis: Article 6(1)(b) GDPR — performance of a pre-contractual step taken at your request.

2.2 Contact form

  • Full name
  • Work email address
  • Hospital or organization name
  • Role (optional)
  • Free-text message

Purpose: to receive your enquiry and reply to it. Lawful basis: Article 6(1)(b) GDPR — pre-contractual steps; or Article 6(1)(f) — our legitimate interest in responding to business enquiries.

2.3 Server logs

Our hosting provider (AWS Amplify) automatically records standard request logs containing your IP address, timestamp, and the URL requested. Lawful basis: Article 6(1)(f) — our legitimate interest in operating, securing, and debugging the service.

3. Cookies and tracking

We do not set non-essential cookies. We do not use analytics, advertising, or social media trackers on this site. See our Cookies Policy for details.

4. Sub-processors

We use the following providers to operate the website. Each is bound by a data processing agreement and processes data only on our instructions:

  • Resend, Inc. (United States) — sends our transactional emails (download links, contact replies, contact confirmations).
  • Amazon Web Services EMEA SARL (Luxembourg / EU regions) — hosts the website via AWS Amplify Hosting.
  • GitHub, Inc. (United States) — hosts our private desktop application releases. We retrieve installer files server-side using a credentialed token; GitHub does not receive your personal data when you click a download link.

5. International transfers

Resend and GitHub are based in the United States. Where personal data is transferred outside the European Economic Area, transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented as necessary by additional technical and organisational measures (encryption in transit and at rest).

6. Retention

  • Sign-up email addressesare kept by Resend for delivery analytics for a rolling 3-day window, after which they are dropped from Resend's logs. We do not maintain a separate contact database.
  • Contact-form submissions remain in our shared inbox for up to 24 months from the date of last correspondence, after which they are deleted unless an active customer relationship requires longer retention.
  • Server logs are kept for the operational period required by our hosting provider (typically less than 30 days).

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you (Article 15)
  • request rectification of inaccurate data (Article 16)
  • request erasure of your data (Article 17)
  • request restriction of processing (Article 18)
  • receive your data in a portable format (Article 20)
  • object to processing based on legitimate interests (Article 21)
  • withdraw consent at any time, where consent is the lawful basis

To exercise any of these rights, email privacy@aoeone.com. We will respond within one month, in line with Article 12(3) GDPR.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (dataprotection.ro). You may also contact the supervisory authority of your habitual residence in the EU.

9. Automated decision-making

We do not use your data for automated decision-making or profiling within the meaning of Article 22 GDPR.

10. Security

Personal data is transmitted over HTTPS and stored by our sub-processors using industry-standard encryption. Access to contact-form submissions is limited to AngelsOnEarth team members who need it to respond.

11. Children

This website is intended for hospital and milk-bank professionals and is not directed at children under the age of 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Where changes are material, we will take reasonable steps to notify you in advance.