Legal

Privacy Policy

Last updated: June 2026

What data we collect and why

Contact form submissions

When you use the contact form on this website, we collect your name, company name, email address, and optionally your phone number. We use this information solely to respond to your enquiry. We do not share this data with any third party.

Branding Brief submissions

When you use the branding brief form on this website, we collect your name, email address, company name, and the information you provide about your brand, audience, competitors, and visual preferences. We use this information solely to prepare and deliver branding services. We do not share this data with any third party.

If you upload files via the brief form, they are stored temporarily on our web server for up to 30 days and then permanently deleted. A secure single-use download link is generated and included in the notification email sent to us. This link expires after 30 days. The brief submission itself is transmitted by email and handled identically to contact form data — downloaded via POP3 to our local device and removed from the mail server.

The branding brief form is not publicly listed on this website. It is shared privately with selected prospective clients. GDPR applies regardless of how access is provided.

Technical data

When you submit the contact form, our server automatically logs your IP address, browser type, operating system, and the page you came from. This information is used only for security purposes (spam prevention and abuse detection) and is not used for profiling or tracking.

How we store your data

Data submitted via the contact form is transmitted by email to our inbox. We use POP3 to retrieve messages, which means emails are downloaded to our local device and automatically removed from the mail server. Data is retained only on our local systems. We do not use any database, CRM, or third-party storage service. Your data never persists on our web server.

Retention period: All data received via the contact form is deleted within 3 months of receipt.

Files uploaded via the branding brief form are stored temporarily on our web server in a protected directory not accessible via direct URL. They are permanently deleted after 30 days. No other data submitted via either form persists on the web server.

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. Access to submitted data is limited to the Optimacad team.

Cookies

No tracking, analytics or advertising cookies are used on this website.

This site uses a single session cookie (PHPSESSID) when you interact with the contact form. This cookie is strictly necessary for security: it prevents cross-site request forgery attacks and limits submission abuse. It contains no personal data and expires automatically when you close your browser.

Cloudflare Turnstile

This site uses Cloudflare Turnstile (provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) on the contact and branding brief forms to protect against spam and automated abuse. Turnstile verifies that form submissions are made by a human without displaying a CAPTCHA challenge. It does not use cookies and does not collect or store personally identifiable information. Cloudflare may process technical signals such as browser environment data and interaction patterns solely for bot detection purposes. This data is processed by Cloudflare and is not accessible to us. For more information see cloudflare.com/privacypolicy. The legal basis for using Cloudflare Turnstile is our legitimate interest in protecting this website from automated abuse (Art. 6(1)(f) GDPR).

Legal basis for processing

  • Contact form data: your consent (Art. 6(1)(a) GDPR), given by voluntarily submitting the form
  • Technical and security data: our legitimate interest in protecting the website from abuse (Art. 6(1)(f) GDPR)
  • Branding brief data: pre-contractual steps at the request of the data subject (Art. 6(1)(b) GDPR), given by voluntarily submitting the brief form
  • Cloudflare Turnstile: our legitimate interest in protecting this website from automated abuse (Art. 6(1)(f) GDPR)

Your rights

Under GDPR you have the following rights:

  • Access the personal data we hold about you (Art. 15 GDPR)
  • Request correction of inaccurate or incomplete data (Art. 16 GDPR)
  • Request deletion of your personal data (Art. 17 GDPR)
  • Request restriction of processing (Art. 18 GDPR)
  • Receive your data in a portable format (Art. 20 GDPR)
  • Object to processing based on our legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time without affecting the lawfulness of processing before withdrawal (Art. 7(3) GDPR)

To exercise any of these rights or to withdraw consent, contact us at . We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian data protection authority:

ANSPDCP
Bulevardul General Gheorghe Magheru 28-30, Sector 1, București 010336
anspdcp@dataprotection.ro
Tel: +40 318 059 211
dataprotection.ro

Changes to this policy

We may update this policy occasionally. The date at the top of this page reflects the most recent revision.

Who we are

Optimacad SRL, Calea Nationala 107, Botosani, Romania, 710061.
Optimacad SRL is the data controller for personal data collected through this website.