Skip to content

    BreeStudio Privacy Policy

    Last Updated: March 26, 2026

    EHELPER TECHNOLOGIES SRL(“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our web application (collectively, the “Service”).

    BreeStudio is a Business-to-Business (B2B) platform. We operate as the Data Controller for our direct users' account information (studio owners and employees), and strictly as a Data Processor for the project and client data our users upload to the Service.

    1. Data Controller & Privacy Contact Information

    EHELPER TECHNOLOGIES SRL
    Reg. No. (ONRC): [Insert J number]
    CIF: [Insert Tax ID]
    Address: Bd Alexandru Obregia Nr.35, Bucharest, 041731, Romania
    Privacy Contact / DPO Inquiries: privacy@breestudio.com or contact@breestudio.com

    2. Categories of Data We Collect

    We collect several types of information, including:

    • Identity Data: Name, username, or similar identifier.
    • Contact Data: Billing address, email address, and telephone numbers.
    • Financial Data: Payment card details and billing information (processed via secure third-party processors like Stripe; we do not store full card numbers).
    • Technical Data: IP address, login data, browser type, time zone setting, and device identifiers.
    • Usage Data: Information about how you use our website, products, and services, including button clicks, page views, and navigation paths.
    • Third-Party Project Data (B2B Client Data): Information regarding your clients, team members, and project specifics (e.g., floor plans, mood boards, client contact info). You (the Studio) are the Controller for this data.

    3. How We Collect Your Data

    • Direct Interaction: Forms, registration, and correspondence.
    • Automated Technologies: Cookies, server logs, and tracking scripts (PostHog, Google Analytics, Clarity).
    • Third Parties: Analytics providers and payment processors.

    4. Legal Basis for Processing (GDPR Compliance)

    • Performance of a Contract: Necessary for the execution of our Terms of Service.
    • Legitimate Interests: To improve the Service, ensure security, and understand user behavior.
    • Legal Obligation: Compliance with Romanian tax and accounting laws.
    • Consent: For non-essential cookies and marketing communications.

    5. Specific Analytics and Tracking Tools

    We use the following third-party tools to improve the user experience and analyze performance:

    • PostHog: Used for product analytics, feature flags, and event tracking. This helps us understand which features are most useful to you.
    • Google Analytics 4 (GA4): Used to track website traffic and user demographics in an aggregated manner.
    • Microsoft Clarity: Used to capture how you interact with our website through heatmaps and session recordings. This allows us to identify and fix usability issues.

    6. Session Replay and Heatmapping

    Our Service uses session replay technology (via Microsoft Clarity and PostHog). This allows us to record and visually play back user sessions to understand UI/UX friction.

    • Privacy Guardrails: We configure these tools to mask sensitive input fields (like passwords or credit card numbers) so that they are never recorded.
    • Purpose: This data is used strictly for troubleshooting and improving platform navigation.

    7. Disclosures of Your Personal Data

    We share data with our authorized sub-processors:

    • Hosting: AWS / Google Cloud.
    • Payments: Stripe.
    • Analytics: PostHog Inc., Google LLC, Microsoft Corp.

    8. International Transfers

    We use Standard Contractual Clauses (SCCs) for data transferred to providers outside the European Economic Area (EEA) to ensure a high level of data protection when using international sub-processors.

    9. Data Security

    We implement SSL encryption, firewalls, and strict access controls. Access to your personal data is limited to employees with a “need to know” basis under strict confidentiality.

    10. Data Retention

    • Account Data: Retained for the duration of your subscription.
    • Project Data: Deleted 30 days after account termination.
    • Analytics Data: Retained according to the specific retention policies of GA4, PostHog, and Clarity (typically 14–26 months).

    11. B2B Processor Obligations & End-User Requests

    Because BreeStudio is a B2B platform, you (the design studio) are solely responsible for obtaining necessary consents from your own clients before uploading their personal data to our Service.

    If one of your clients (an “End-User”) contacts BreeStudio directly to exercise their GDPR rights (such as a request to delete their data), we will not respond directly to the End-User. Instead, we will promptly forward the request to you, the Data Controller, and will reasonably assist you in fulfilling the request through the tools provided in the Service.

    12. Your Legal Rights (GDPR)

    Under the GDPR, as a direct user of our Service, you have the following rights regarding your personal data:

    • Right to Access: Request a copy of the personal data we hold about you.
    • Right to Rectification: Request correction of incomplete or inaccurate data.
    • Right to Erasure: Request deletion of your personal data (the “right to be forgotten”).
    • Right to Restrict Processing: Ask us to suspend the processing of your personal data under certain scenarios.
    • Right to Data Portability: Request the transfer of your personal data in a structured, commonly used, machine-readable format.
    • Right to Object: Object to processing where we are relying on a legitimate interest.
    • Right to Withdraw Consent: Withdraw your consent at any time for data processed based on consent. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.

    To exercise these rights, please contact us at privacy@breestudio.com.

    13. Automated Decision-Making

    We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

    14. Children's Privacy

    The Service is strictly for professional B2B use and is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take immediate steps to delete such information.

    15. Data Breach Notification

    We will notify you and the Romanian Authority (ANSPDCP) within 72 hours of discovering any high-risk data breach affecting your personal data.

    16. Contact and Complaints

    Questions: privacy@breestudio.com

    Supervisory Authority: You have the right to make a complaint at any time to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.