Politica de confidențialitate

12345678910
Ultima actualizare: April 7, 2026

At Totul.io, your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We've written it in plain language to make it easy to understand.

1. Information We Collect

We collect information to provide and improve our vehicle marketplace. Here's what we gather and why:

Account Information

When you register, we collect your name, email address, and password (stored securely using bcrypt hashing). If you choose to add a profile photo, we store that as well.

Listing Data

When you create a vehicle listing, we collect the details you provide — make, model, year, mileage, price, description, photos, and location. This information is displayed publicly on the marketplace.

Automatically Collected Data

When you use Totul.io, we automatically collect basic technical information such as your IP address, browser type, device type, and pages visited. This helps us maintain platform security and improve the user experience.

2. How We Use Your Information

We use the information we collect for specific, legitimate purposes:

  • Operating the marketplace — displaying listings, enabling search, connecting buyers and sellers.
  • Account management — authentication, email verification, and password resets via Resend (our email provider).
  • Fraud prevention — detecting and preventing suspicious activity, fake listings, and unauthorized access.
  • Platform improvement — understanding how users interact with Totul.io so we can make it better.
  • Communications — sending transactional emails (verification codes, listing updates) and, with your consent, occasional product updates.
We never sell your personal information to third parties. Your data is used solely to operate and improve Totul.io.

3. How We Share Your Information

We share your information only in limited circumstances:

Public Listings

When you publish a listing, the vehicle details, photos, general location, and your seller profile name are visible to all visitors. Your email address and phone number are never displayed publicly.

Service Providers

We work with trusted service providers to operate Totul.io: Supabase (database hosting and file storage), Resend (transactional email delivery), and Vercel (application hosting). These providers only access data necessary to perform their services and are bound by contractual obligations to protect it.

Legal Requirements

We may disclose information when required by law, in response to valid legal process, or to protect the rights, property, or safety of Totul.io, our users, or others.

4. Cookies & Tracking

We use cookies sparingly and only for essential functionality:

  • Session cookie — A secure, HTTP-only cookie managed by NextAuth to maintain your login session (JWT-based). This cookie is essential for authentication and cannot be disabled while using an account.
  • Theme preference — A small cookie to remember your light/dark mode choice.
We do not use third-party advertising cookies or tracking pixels. We do not share browsing data with ad networks.

5. Data Storage & Security

We take the security of your data seriously and implement appropriate measures to protect it:

  • Your data is stored in a PostgreSQL database hosted by Supabase with encryption at rest.
  • All connections use TLS encryption in transit.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Listing images are stored in Supabase Storage with signed URL access controls.
  • We use JWT-based sessions with 30-day expiry, eliminating server-side session storage vulnerabilities.

Security Limitations

While we implement industry-standard security measures, no system is completely immune to threats. We encourage you to use a strong, unique password and to report any security concerns to us immediately.

6. Your Rights

You have control over your personal data. Here are your rights:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Update or correct inaccurate information in your account settings.
  • Deletion — Request deletion of your account and associated data.
  • Portability — Request your data in a structured, machine-readable format.
  • Withdraw consent — Opt out of non-essential communications at any time.
  • Objection — Object to processing of your data for specific purposes.
To exercise any of these rights, email us at privacy@totul.io. We will respond within 30 days.

7. Data Retention

We retain your data only as long as necessary:

Active Accounts

We retain your account data for as long as your account is active. You can delete your account at any time through your account settings.

Deleted Accounts

When you delete your account, we remove your personal data within 30 days. Some anonymized data may be retained for analytics purposes. Backup copies may persist for up to 90 days before being automatically purged.

Listings

Published listings remain visible while your account is active. Expired listings are automatically removed after 90 days. Sold or manually removed listings are deleted from public view immediately, with data retained for 30 days in case you want to relist.

8. Children's Privacy

Totul.io is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

If we become aware that we have collected data from a user under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@totul.io.

You must be at least 18 years old to create an account or use Totul.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make changes, we'll update the "Last updated" date at the top of this page. For material changes that significantly affect how we handle your data, we'll notify you by email before they take effect.

We encourage you to review this page periodically. Your continued use of Totul.io after changes are posted means you accept the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, we're here to help:

  • Email: privacy@totul.io
  • Response time: Within 30 days of receiving your request.
  • For urgent security concerns, please include "URGENT" in your subject line.