Privacy Policy

Last updated: March 11, 2026

1. Introduction and Data Controller

Telemedia Romania SRL (hereinafter referred to as the "Data Controller" or "we") operates the website sexyline.ro and is committed to protecting the privacy and security of its users' personal data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable Romanian legislation.

This privacy policy describes what data we collect, how we use it, who we share it with and what rights you have in relation to your personal data.

2. Personal Data Collected

We collect the following categories of personal data:

  • Identification data: phone number, email address, name (optional), age (optional);
  • Authentication data: password (stored encrypted via bcrypt, not in plain text);
  • Payment data: transaction information processed through PayPal (order ID, amount, date). We do not store bank card data — this is processed exclusively by PayPal;
  • Technical data: IP address, browser type (user agent), session data;
  • Usage data: call history (date, duration, operator), login history (IP, date), SMS messages sent, last activity on the platform;
  • Verification data: SMS verification codes, email verification tokens, account verification status.

3. Purpose of Data Processing

Personal data is processed for the following purposes:

  • Service delivery: account creation and management, initiating and monitoring phone calls, crediting minutes;
  • Payment processing: managing transactions through PayPal, issuing and verifying invoices;
  • Security: identity verification via SMS and email, protection against unauthorized access, fraud prevention, rate limiting, blacklist management;
  • Communication: sending verification codes, password reset links, service notifications;
  • Service improvement: statistical analysis of platform usage, resolving technical issues;
  • Legal obligations: compliance with applicable legal and regulatory requirements.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Performance of contract (Art. 6(1)(b) GDPR): processing is necessary for delivering the requested service — account creation, payment processing, call initiation;
  • Consent (Art. 6(1)(a) GDPR): for sending commercial communications and using non-essential cookies;
  • Legitimate interest (Art. 6(1)(f) GDPR): for ensuring platform security, fraud prevention and service improvement;
  • Legal obligation (Art. 6(1)(c) GDPR): for compliance with legal requirements regarding financial data retention and anti-money laundering.

5. Data Retention Period

Personal data is retained according to the following principles:

  • Account data: for the duration of the account and a maximum of 3 years after the last activity;
  • Payment/transaction data: 10 years, in accordance with Romanian tax legislation;
  • Call history: 2 years from the date of the call;
  • Login history: 1 year from the date of login;
  • Verification codes and reset tokens: automatically deleted after expiration (10 minutes and 24 hours respectively);
  • Failed authentication attempt data: periodically deleted (generally within 24 hours).

6. Data Sharing

Personal data may be shared with the following third parties, exclusively for the stated purposes:

  • PayPal (PayPal Holdings, Inc.): for payment processing — transaction-related data is transmitted;
  • Asterisk VoIP system: for initiating and monitoring phone calls — phone number and agent data are transmitted;
  • SMS providers (SMS Hub, Telemedia SMS Inject): for sending verification codes and SMS messages — phone number is transmitted;
  • Google (Google Analytics via GTM): for website traffic analysis — anonymised data is transmitted;
  • Amazon Web Services (AWS): hosting and cloud infrastructure provider — data is stored on AWS servers.

We do not sell, rent or share personal data with third parties for direct marketing purposes, unless we have your explicit consent.

7. User Rights (GDPR)

Under the GDPR Regulation, you have the following rights:

  • Right of access (Art. 15): to request a copy of the personal data we hold about you;
  • Right to rectification (Art. 16): to request correction of inaccurate or incomplete data;
  • Right to erasure (Art. 17, "right to be forgotten"): to request deletion of your personal data, except for data we are legally required to retain;
  • Right to restriction of processing (Art. 18): to request limitation of data processing under certain conditions;
  • Right to data portability (Art. 20): to receive your personal data in a structured, commonly used and machine-readable format;
  • Right to object (Art. 21): to object to data processing under certain circumstances;
  • Right to lodge a complaint: you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — anspdcp.ro.

You can modify directly from your account: your name, age, phone number, email address and password. To exercise other rights, you can contact us at the email address below.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Password encryption using the bcrypt algorithm (we do not store passwords in plain text);
  • Secure communication via HTTPS/SSL across the entire website;
  • SQL injection protection through prepared statements;
  • CSRF protection on all forms;
  • Session regeneration on authentication to prevent session fixation;
  • reCAPTCHA v3 protection against bots;
  • Rate limiting against brute force attacks;
  • API authentication via key and IP whitelist;
  • Secured cloud infrastructure (AWS ECS, RDS with SSL).

9. International Data Transfer

Personal data may be transferred and processed outside the European Economic Area (EEA), particularly through PayPal (USA) and AWS (data centres in the EU and USA) services. These transfers are carried out with appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and provider compliance certifications.

10. Cookies

Our website uses cookies for functionality, preferences and analytics. For detailed information, please refer to our Cookie Policy.

11. Policy Changes

We reserve the right to update this privacy policy periodically. Any changes will be published on this page with the updated date. We recommend checking this page periodically to stay informed about our data protection practices.

12. Contact — Data Protection Officer (DPO)

For any questions, requests or to exercise your rights regarding personal data, you can contact us at:

  • Data Controller: Telemedia Romania SRL
  • DPO Email: contact@sexyline.ro
  • Website: sexyline.ro

We will respond to your requests within a maximum of 30 calendar days of receipt.