DoroLabs
RO Start a project

Privacy

Privacy policy,plainly worded.

How DoroLabs handles the personal data of visitors and clients. Written for humans, not for lawyers. GDPR-compliant, with no dark patterns. Last updated April 2026.

1. Who we are

DoroLabs is an independent digital studio operated by Adrian Dorobantu from Romania. For the purposes of the General Data Protection Regulation (GDPR), DoroLabs is the "data controller" for the personal data collected through this website and through our commercial relationships.

2. What data we collect

We collect only what we need to do the work. Specifically:

  • When you write to us — the name, email address, company (if you share it), and message you provide through the contact form or by emailing us directly.
  • When you visit the site — if you have accepted our analytics cookies, we collect anonymized usage data (pages visited, device category, country-level location, referrer). If you have not accepted, we collect nothing beyond what your browser sends to any HTTPS server (IP address in our access logs, retained briefly for security).
  • When we work with you — the contact details, billing information, and project content necessary to deliver the service and meet our legal obligations (invoicing, tax records).

3. Why we collect it

Every piece of data has a specific job. We do not collect data "in case we need it later." The jobs are:

  • To reply to your message and, if it leads somewhere, to do the work.
  • To issue invoices and meet our tax reporting obligations under Romanian and EU law.
  • To understand how the site is used, so we can make it better — and only when you have actively consented to that tracking.
  • To keep the site secure against abuse, spam, and attack.

4. Who we share it with

We do not sell, rent, or trade your data. We do share it with a small set of service providers that we need to operate:

  • Resend — handles transactional email delivery for the contact form. Your message is forwarded to our inbox via Resend. They see only what you sent us.
  • Hetzner — our hosting provider. Based in Germany, operating under EU data protection law. Server access logs are retained for up to 14 days for security.
  • Google Analytics 4 — only if you have accepted analytics cookies. Data is anonymized (IP truncation, no personalized advertising features enabled).
  • Microsoft Clarity — only if you have accepted analytics cookies. Session recordings with automatic PII redaction.

If a court, tax authority, or other legal authority compels us to share data, we will — but we will tell you if we are legally allowed to.

5. Your rights under GDPR

As an EU data subject you have the right to:

  • Access — ask for a copy of the data we hold about you.
  • Rectify — correct any data that is wrong or outdated.
  • Erase — ask us to delete your data, subject to legal retention obligations.
  • Restrict — ask us to stop processing your data while a dispute is resolved.
  • Port — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, revoke it at any time.

To exercise any of these rights, write to hello@dorolabs.eu. We will respond within 30 days. If you are not satisfied with our response you have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP).

6. Cookies & tracking

We operate a strict opt-in consent model. No analytics, tracking, or session recording cookies run until you actively click "Accept" on the consent banner. If you decline or ignore the banner, we collect nothing beyond what is technically necessary to serve the site.

You can change your mind at any time by clearing our cookies in your browser, or by using the reset link in the footer.

7. How long we keep it

  • Contact form submissions — 24 months, then deleted unless you become a client.
  • Client records — kept for the duration of the engagement plus 10 years, as required by Romanian tax law for invoices.
  • Server access logs — 14 days, then rotated out automatically.
  • Analytics data — 14 months retention in GA4, then automatically deleted.

8. Contact us about this policy

If anything here is unclear, if you want to exercise your rights, or if you think we are handling your data wrong, write to hello@dorolabs.eu. A human will read the message and reply. We take this seriously.