Privacy Policy

How FollowDeveloper collects, uses and protects your personal data — a GDPR-compliant document, last updated 2 May 2026.

1. Introduction

This Privacy Policy describes how Followone Romania SRL (hereinafter “FollowDeveloper”) processes your personal data when you visit followdeveloper.com or contact us through the form on this site. The document applies to all language versions of the site (English, Romanian, Italian, French, German).

The purpose of this policy is to inform you, in plain language, what data we collect, why we collect it, who we share it with, how long we keep it and what rights you have under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Romanian Law no. 190/2018. We do not run analytics, marketing or advertising cookies on this site, we do not sell data and we do not perform automated profiling — full details below.

2. Data controller

The data controller is Followone Romania SRL, a Romanian legal entity headquartered at Strada Soldat Gheorghe Buciumat nr. 27, Sector 1, 014384, Bucharest, registered with the Trade Register under J40/7727/2018, sole registration code 39432527.

FollowDeveloper is the trade name under which Followone Romania SRL operates the followdeveloper.com website and provides web, mobile, e-commerce, cloud and AI development services for clients in Romania, the European Union and the United States. For any request regarding your personal data, contact us at contact@followdeveloper.com.

3. Definitions

“GDPR” — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data.

“Controller” — Followone Romania SRL, the legal entity that decides on the purposes and means of processing personal data.

“Data subject” — any natural person whose data we process, in particular site visitors and people who fill in the contact form.

“Personal data” — any information that allows the direct or indirect identification of a natural person (for example name, email, address, phone number, IP address).

“Processing” — any operation performed on personal data: collection, storage, consultation, use, transmission, deletion, etc.

“Consent” — a freely given, specific, informed and unambiguous agreement by which the data subject expresses their consent to the processing of their data (for example by ticking the “I agree to the Privacy Policy” box in the contact form).

“Site” — followdeveloper.com and all its subdomains and language versions.

“Processor” — a third party that processes personal data on the controller's behalf, under a contract and strict safeguards (for example the hosting provider or the database provider).

“Services” — the software development, consulting and maintenance services described on the site.

“ANSPDCP” — the Romanian National Supervisory Authority for Personal Data Processing.

“SCC” — Standard Contractual Clauses, the clauses approved by the European Commission for transferring personal data outside the European Economic Area.

Other terms have the meaning given by GDPR and the applicable Romanian legislation.

4. Scope of this policy

This policy applies only to the followdeveloper.com website. The site contains links to external resources — technical articles, social media profiles (LinkedIn, GitHub), our suppliers' documentation (Microsoft, OpenAI, MongoDB, etc.). When you follow such a link, you are subject to the privacy policy of that destination, over which we have no control. We encourage you to read it before sharing data.

5. Our principles

Protecting your data is a permanent commitment. All our processing activities follow the principles of Article 5 GDPR:

✓ Lawfulness, fairness and transparency

We process your data only when there is a clear legal basis (performance of a contract, consent, legitimate interest or legal obligation) and we tell you at the moment of collection what we do with it.

✓ Purpose limitation and data minimization

We only ask for the data strictly required to respond to your request (for example, to prepare a quote) and we do not use it for other incompatible purposes.

✓ Accuracy and storage limitation

We keep the data for as long as we have a legal basis, and then we delete or anonymize it. You always have the right to ask us to correct or delete it.

✓ Integrity, confidentiality and security

We apply reasonable technical and organizational measures: encryption in transit via HTTPS/TLS 1.3, access control, security HTTP headers (Helmet), input sanitization, rate limiting, encrypted backups at the database provider. No system is 100% secure, but we reduce risk through industry-standard practices.

6. Changes to this policy

We may update this policy when legislation changes or when we add a new processor or feature that involves data processing. The current version is the one permanently displayed at /privacy-policy, with the date of the last revision. For significant changes we will notify you visibly on the site or, where applicable, by email (if you wrote to us and we have your active contact details).

7. How we collect data

We collect personal data in two ways:

a) Data you provide directly through the contact form

When you fill in the form at /contact to request a quote or discuss a project, you voluntarily provide: first name, last name, email address, phone number (optional), country, city, address, project type, budget range and your message. Ticking the “I agree to the Privacy Policy” box is required to submit the form. We do not ask for and do not use “social login” integrations (Facebook, Google, LinkedIn, Apple). The site does not request and does not access your device location, microphone, camera or contact list.

b) Technical data generated automatically

When you open a page on the site, our server and hosting infrastructure (Microsoft Azure) automatically log minimal technical information — IP address, browser type and version, operating system, request time, requested URL. This data is required for the site to function and for security (attack prevention, rate limiting). Details about cookies are in our Cookie Policy at /cookie-policy.

8. What personal data we collect

Category 1 — Identity and contact data (from the contact form): first name, last name, email address. Legal basis: Article 6(1)(b) GDPR — pre-contractual measures at your request (preparing a quote). Retention period: 12 months from the last interaction related to your request, or immediately if you ask us to delete the data.

Category 2 — Commercial location data (from the contact form): country, city, address. This data helps us understand the legal and tax context of a possible engagement.

Legal basis: Article 6(1)(b) GDPR — pre-contractual measures.

Retention period: 12 months from the last interaction or immediately on a deletion request.

Category 3 — Project data (from the contact form): project type (presentation site, e-commerce, portfolio, blog, custom, other), budget range, your message and the language selected on the site.

Legal basis: Article 6(1)(b) GDPR — pre-contractual measures; for ticking the terms, Article 6(1)(a) GDPR — consent.

Retention period: 12 months from the last interaction or immediately on a deletion request. The phone number is optional and is kept only if you choose to provide it.

Server log data

We automatically collect: IP address, user agent (browser, operating system), date and time of the request, requested URL and HTTP response code. This data appears in the application logs and Azure infrastructure logs.

Legal basis: Article 6(1)(f) GDPR — legitimate interest, namely site security, attack prevention, rate limiting and diagnosis of technical incidents.

Retention period: at most 30 days for application logs, after which they are deleted automatically. For logs containing security-incident indicators, the period may be temporarily extended for investigation.

Cookie data

The site uses two strictly necessary cookies: cookieConsent (stores your choice from the GDPR banner, duration 180 days) and NEXT_LOCALE (stores the selected language, set by the next-intl framework). The full list, with purpose and duration, is in the Cookie Policy at /cookie-policy.

Legal basis for strictly necessary cookies: Article 6(1)(f) GDPR — legitimate interest (site functioning). We do not use analytics, marketing or advertising cookies.

Retention period: 180 days for cookieConsent; for NEXT_LOCALE — the duration set by next-intl. You can delete them at any time through your browser settings.

Device data

We do not collect unique device identifiers (IMEI, MAC address, biometric fingerprint), we do not read device sensors and we do not embed tracking SDKs. The only device information we receive is what the browser sends as standard in HTTP headers (User-Agent, Accept-Language) and is treated as part of the server logs described above.

Legal basis: Article 6(1)(f) GDPR — legitimate interest.

Retention period: identical to the server logs (at most 30 days).

Beyond the data described above, we may occasionally process the following categories if you provide them voluntarily:

• information sent by email directly to contact@followdeveloper.com (e.g. attachments, briefs, detailed project descriptions) — kept in our mailbox until the conversation is closed or until you ask for deletion.

9. What we use the data for

We process your personal data strictly for the following purposes:

• To respond to your message and prepare a tailored quote (performance of pre-contractual measures at your request).

• To communicate with you during a project, if the quote is accepted (performance of the contract).

• To improve the site content — based on aggregated, anonymous analysis of the project types most commonly requested (legitimate interest).

• To diagnose and fix technical issues on the site (legitimate interest — functionality).

• To protect the site against cyberattacks, abuse and form fraud (legitimate interest — security).

• To comply with legal and tax obligations (for example, keeping accounting records of an executed contract).

• To establish, exercise or defend a legal claim, if necessary (legitimate interest).

What we do NOT do with your data:

• We do not send newsletters, automated promotional offers or marketing campaigns by email. The site has no subscription form.

• We do not run Google Analytics, Google Tag Manager, Hotjar, Meta Pixel, LinkedIn Insight Tag or other tracking tools on this site.

• We do not sell or rent your data to third parties for any purpose.

• We do not perform automated profiling and we do not take decisions based solely on automated processing that produce legal effects on you.

• We do not use your data to train our own or third-party artificial intelligence models.

10. Who we share data with (processors and partners)

To run the site and respond to you, we work with a small number of carefully selected providers. They process the data exclusively on our behalf, under a contract that includes GDPR obligations and technical safeguards. The current processors are:

• Microsoft Azure (Microsoft Ireland Operations Limited) — application hosting, server logs, email delivery via Microsoft 365. Primary region: West Europe or North Europe (European Union). Data processed: all the categories listed above, in encrypted form.

• MongoDB Atlas (MongoDB Limited, Ireland) — database hosted in the European Union for storing contact form submissions. Data processed: the 11 form fields plus the time of receipt.

• Google Maps (Google Ireland Limited) — display of the interactive map on the /contact page. When you open the map, your browser communicates directly with Google servers, and Google may process your IP address and map usage data in line with its own privacy policy (policies.google.com).

• Local IT and legal providers — occasionally, our accountant, tax advisor or lawyer may access data if your project becomes an active engagement and they are required to issue invoices or to defend our rights. All such providers are bound by contractual confidentiality.

Beyond these processors, we may be required to disclose data to a public authority (for example Police, Prosecutor, ANAF, ANSPDCP) when an applicable law or a final court decision requires it. In the event of merger, acquisition or company reorganization, the data may be transferred to the legal successor — we will inform you at least 30 days in advance.

When one of our providers processes data outside the European Economic Area (for example, for global cloud services from Microsoft or Google), we use the safeguards provided by Article 46 GDPR.

We transfer data to third countries only when there is either an adequacy decision by the European Commission, or Standard Contractual Clauses (SCC) signed with the provider, or another legally recognized safeguard.

For each international transfer, we make sure the level of protection remains equivalent to that provided by GDPR, through one of the following mechanisms:

• adequacy decisions published by the European Commission — the official list of countries with an adequate level of protection is available on the Commission website;

• Standard Contractual Clauses (SCC) approved by the European Commission, accompanied, where required, by a Transfer Impact Assessment.

11. Direct marketing and profiling

We do not send newsletters, automated promotional offers or unsolicited marketing material. The communications you receive from us are strictly those required to respond to your message or to run an active project. We do not build advertising profiles, do not sell data and do not show you personalized ads. Should we ever decide to introduce an opt-in newsletter, this policy will be updated beforehand and we will ask for your explicit consent, separately from any other action.

12. Your rights

Under GDPR and Romanian Law no. 190/2018, you have the following rights regarding your personal data:

(a) The right to information — to be clearly informed about how we process your data (this document covers that obligation).

(b) The right of access — to obtain confirmation that we process data about you and to receive a copy of it.

(d) The right to erasure (“the right to be forgotten”) — to ask us to delete your data, under the conditions of Article 17 GDPR.

(e) The right to restrict processing — in the cases set out in Article 18 GDPR.

(f) The right to data portability — to receive your data in a structured, commonly used and machine-readable format (Article 20 GDPR).

(g) The right to object — to object to processing based on legitimate interest (Article 21 GDPR).

(h) The right not to be subject to an automated decision producing legal effects — in our case, we do not take such decisions anyway.

(i) The right to seek a judicial remedy — to defend your rights in court.

(j) The right to lodge a complaint with the Supervisory Authority — the National Supervisory Authority for Personal Data Processing (ANSPDCP):

Name: National Supervisory Authority for Personal Data Processing

Address: B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40 318 059 211 or +40 318 059 212

Email: anspdcp@dataprotection.ro · Website: www.dataprotection.ro

Note that:

(1) To exercise any right, you can write to contact@followdeveloper.com with a clear request. We respond within at most 30 days (a period that may be extended by up to 60 days for particularly complex requests, with prior notice).

(2) We may ask you for additional information to confirm we are dealing with the actual data subject — to prevent data being disclosed to someone else.

(3) These rights are not absolute. There are situations in which we may refuse them (for example, when the law requires us to keep data for a certain time). In such a case, we will explain the refusal and tell you that you can complain to ANSPDCP or seek a judicial remedy.

(4) If your record in our database is sparse (for example, only an old quote request) and we cannot confirm your identity with certainty, we may ask you for an additional identifier — for example, the email used at the moment of submitting the form.

(5) All these rights are free of charge, except for manifestly unfounded or excessive requests (in particular due to their repetitive nature) — for which we may charge a reasonable fee or refuse the request, in line with Article 12(5) GDPR.

13. Contact

For any question, request to exercise your rights or complaint regarding data processing, contact us at contact@followdeveloper.com or by post at our office: Followone Romania SRL, Strada Soldat Gheorghe Buciumat nr. 27, Sector 1, 014384, Bucharest, Romania. We respond as soon as possible and, in any case, within the legal 30-day period.