Privacy Policy

M373 SRL (IDNO: 1014600018610), registered at mun. Chișinău, sec. Botanica, str. Sarmizegetusa, 94/5, ap.(of.) 45, Republic of Moldova (hereinafter referred to as the "Operator", "we" or "our"), is a software development company that creates and operates software applications, web services and digital solutions (collectively referred to as the "Applications" or "Services").

This Privacy Policy describes how we collect, use, store, protect and share the personal data of users of our Applications and Services, in accordance with:

• Law No. 133 of 08.07.2011 on the protection of personal data (Republic of Moldova)
• General Data Protection Regulation (GDPR) — to the extent applicable
• Apple App Store Review Guidelines (Section 5.1 — Privacy)
• Google Play Developer Policy (Data Safety and User Data Policy)
• Other applicable regulations in the field of personal data protection

This Policy applies to all applications and services developed and operated by M373 SRL, regardless of the distribution platform (Google Play Store, Apple App Store, web, desktop).

By installing, accessing or using any Application or Service of M373 SRL, you confirm that you have read and understood this Privacy Policy.

• "Application" — any software application (mobile, desktop or web) developed and/or operated by M373 SRL.
• "Service" — any digital service provided by M373 SRL, including cloud services, APIs, web platforms and technical support.
• "User" — any natural or legal person who installs, accesses or uses an Application or Service of M373 SRL.
• "Personal data" — any information relating to an identified or identifiable natural person.
• "Sub-processor" — any third party that processes personal data on behalf of M373 SRL.

The categories of data collected may vary depending on the Application or Service used. In general, we may collect the following:

3.1. Account and identification data

• First and last name
• Name and identification data of the legal entity (if applicable)
• Email address
• Phone number
• Authentication credentials (password is stored exclusively in encrypted form)

3.2. Commercial and transactional data

• Transaction data made through the Applications
• History of commercial operations
• Data of generated documents (invoices, reports, etc.)
• Information entered by the User within the Application (CRM, inventory, nomenclatures, etc.)

3.3. Technical and device data

• Device type and model
• Operating system and version
• Unique device identifier (for licensing and activation)
• IP address
• Error logs (crash logs) and diagnostic data
• Application version used

3.4. Usage data

• Features used and frequency of use
• Application preferences and settings
• Application performance data

3.5. Data we do NOT collect

• We do not collect biometric data
• We do not collect precise geolocation data (GPS) without explicit consent
• We do not collect data from third-party applications on your device
• We do not collect personal financial data (bank cards, accounts) — payments are processed through authorized intermediaries
• We do not track your activity on other applications or websites (no cross-app tracking)

Personal data is processed exclusively for the following purposes:

4.1. Service provision

• Creating and managing the user account
• Proper functioning of the Applications
• Data synchronization between devices (where applicable)
• Generating documents and reports requested by the User

4.2. Legal compliance

• Compliance with applicable legal and tax obligations
• Transmitting data to state authorities when legislation requires it
• Preserving documents according to legal terms

4.3. Service improvement

• Diagnosing and fixing technical errors
• Usage analysis to improve features
• Ensuring security and fraud prevention

4.4. Communication

• Notifications regarding Application updates
• Technical support and assistance
• Communications regarding changes to terms or policies
• Marketing communications (only with explicit consent, revocable at any time)

We process your data based on the following legal grounds:

• Contract performance — processing is necessary for providing Services according to the accepted Terms and Conditions
• Legal obligation — compliance with tax and commercial legislation of the Republic of Moldova
• Legitimate interest — improving Services, data security, fraud prevention
• Consent — for marketing communications and optional data collection

We do not sell, rent or trade your personal data. We share data exclusively in the following situations:

6.1. State authorities

Transmitting data to competent authorities (including the State Tax Service) when legislation requires it.

6.2. Service providers (sub-processors)

• Hosting and cloud services — for data storage and processing
• Payment processors — for processing financial transactions
• Analytics services — exclusively aggregate data, without identifiable personal data
• Notification services — for sending push and email notifications

All sub-processors are contractually obligated to ensure the same level of data protection as M373 SRL.

6.3. Distribution platforms

• Google LLC (Google Play Store) — for distributing Android applications
• Apple Inc. (App Store) — for distributing iOS applications

These platforms may collect additional data according to their own privacy policies.

7.1. Data location

• Data is stored on secure servers located in the Republic of Moldova and/or the European Union
• Local data (on device) remains exclusively on the User's equipment

7.2. Security measures

We implement the following technical and organizational measures:

• Data encryption in transit (TLS/SSL) and at rest
• Secure authentication with encrypted passwords (hashing)
• Role-based access control
• Monitoring and logging of data access
• Regular encrypted backups
• Periodic security updates

7.3. Storage period

• Data required by law: according to mandatory legal terms (e.g., tax documents — minimum 5 years)
• Account data: for the duration of the active account + 30 days after deletion
• Technical logs: maximum 12 months
• Analytics data: maximum 26 months in aggregate form

After the storage period expires, data is irreversibly deleted or anonymized.

According to applicable legislation, you have the following rights:

• Right of access — you can request a copy of the personal data we hold
• Right to rectification — you can request correction of inaccurate or incomplete data
• Right to erasure — you can request deletion of data, except for data retained under legal obligations
• Right to portability — you can request data transfer in a structured, machine-readable format
• Right to restriction of processing — you can request processing limitation under certain conditions
• Right to object — you can object to processing based on legitimate interest
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
• Right to lodge a complaint — with the National Centre for Personal Data Protection of the Republic of Moldova (CNPDCP)

To exercise these rights, contact us at: info@m-373.com. We will respond within a maximum of 30 calendar days.

8.1. Account and data deletion

You can request complete deletion of your account and associated data by:

• Sending an email to info@m-373.com with the subject "Account deletion"
• Using the deletion option in the Application settings (where available)

Important: Data retained under legal obligations (e.g., tax documents) cannot be deleted before the expiration of legal retention periods.

Our mobile applications do not use cookies. Our websites may use:

• Essential cookies — necessary for website operation (session, authentication)
• Analytics cookies — for understanding usage patterns (only with your consent)

You can manage cookie preferences in your browser settings.

M373 SRL Applications and Services are intended exclusively for persons aged 18 and over. We do not intentionally collect personal data from persons under 18.

If you discover that a minor has provided personal data through our Applications, contact us immediately at info@m-373.com, and we will delete this data as soon as possible.

Data is primarily processed and stored on the territory of the Republic of Moldova and/or the European Union. In case of transfer outside these jurisdictions, we will ensure adequate protection guarantees, including standard contractual clauses or other mechanisms recognized by applicable legislation.

12.1. Apple App Store (iOS)

According to Apple's requirements for privacy labels ("App Privacy Labels"):

• Tracking: We do not track users across other apps or websites. We do not use IDFA (Identifier for Advertisers).
• Data Linked to You: May include contact data, identifiers, usage and diagnostic data — depending on the Application.
• Data Not Linked to You: Aggregate performance and diagnostic data.

Each Application distributed through the App Store will declare the specific data categories in the App Privacy section of App Store Connect.

12.2. Google Play Store (Android)

According to the Data Safety section in Google Play:

• Sharing: Data is shared only with sub-processors mentioned in Section 6 and state authorities when required by law.
• Security: Data is encrypted in transit and at rest.
• Deletion: Users can request data deletion according to Section 8.1.
• Families Policy: M373 SRL Applications are not intended for children.

We reserve the right to update this Policy periodically. Significant changes will be communicated through:

• Notification in the affected Applications
• Email to the address associated with your account
• Publication on the m-373.com website

Continued use of the Services after notification of changes constitutes acceptance of the new version.

For any questions, requests or complaints regarding personal data protection:

• Operator: M373 SRL
• IDNO: 1014600018610
• Address: mun. Chișinău, sec. Botanica, str. Sarmizegetusa, 94/5, ap.(of.) 45, Republic of Moldova
• Email: info@m-373.com
• Phone: +373 60 100 698
• Website: m-373.com

Supervisory authority: National Centre for Personal Data Protection of the Republic of Moldova (CNPDCP), www.datepersonale.md.