Privacy Policy
Last updated: January 10, 2025
Your privacy is important to us. This policy explains what personal data we collect, how we use it, and what your rights are.
1. Who are we?
Operator: newzz.eu
Description: News aggregation platform with AI summaries, voting, and comments
Contact: contact@newzz.eu
Under GDPR (EU Regulation 2016/679), we are the data controller for the information we process through this website.
2. What data do we collect?
A. Authentication data
When you create an account, we collect:
- Email: For authentication and communication
- Password: Stored encrypted (hashed) via Firebase Auth
- Username: Auto-generated or chosen by you
- OAuth provider: If you sign in with Google/Facebook
- Avatar: Profile photo (if using OAuth)
B. User-generated content
- Comments: Text, timestamp, article ID
- Votes: Upvote/downvote on articles
- UI Preferences: Theme (dark/light), language
C. Analytics data (Google Analytics)
We automatically collect anonymous information about:
- IP address: Anonymized (last octets replaced with 0)
- Browser type: Chrome, Firefox, Safari, etc.
- Operating system: Windows, macOS, Android, iOS
- Pages visited: URLs and visit duration
- Traffic source: Google, direct, social media
- Interactions: Clicks, scrolls, time on page
D. Technical data
- Cookies: See Cookie Policy
- localStorage: UI preferences (theme, notifications)
- sessionStorage: Temporary state (scroll position)
- Server logs: HTTP requests, errors, performance
3. Why do we process your data?
| Purpose | Legal basis (GDPR) |
|---|---|
| Authentication and user account | Performance of contract (Article 6(1)(b)) |
| Comments and votes | Performance of contract (Article 6(1)(b)) |
| Traffic analytics (Google Analytics) | Legitimate interest (Article 6(1)(f)) |
| Security and abuse prevention | Legitimate interest (Article 6(1)(f)) |
| Analytics cookies | Consent (Article 6(1)(a)) |
| Communication (newsletter, notifications) | Consent (Article 6(1)(a)) |
4. Who do we share data with?
Service providers (GDPR processors)
- Google Firebase: Authentication, database (Firestore), hosting
Data transfer: EU/US (Standard Contractual Clauses) - Google Analytics: Website traffic analytics
Data transfer: EU/US (IP anonymization enabled) - Vercel: Web application hosting, CDN
Data transfer: EU/US
ℹ️ All data processors comply with GDPR and have implemented adequate security measures. Data transfers to the US are made in accordance with Standard Contractual Clauses approved by the European Commission.
We do not sell or rent your data to third parties for marketing purposes.
5. How long do we keep data?
- User account: Until account deletion (you can delete your account from the profile page)
- Comments: Until manual deletion or account deletion
- Votes: Until account deletion
- Analytics data (GA): 26 months (Google Analytics setting)
- Server logs: Maximum 90 days
- Cookies: See duration in Cookie Policy
6. Your rights (GDPR)
🔍 Right of access (Article 15)
You can request a copy of the personal data we process about you.
✏️ Right to rectification (Article 16)
You can correct inaccurate data from the profile page or by requesting assistance.
🗑️ Right to erasure / "Right to be forgotten" (Article 17)
You can delete your account and all associated data from the profile page. This will permanently delete your account, comments, and votes.
⛔ Right to restriction of processing (Article 18)
You can request restriction of data processing in certain circumstances.
📦 Right to data portability (Article 20)
You can receive your data in JSON format for transfer to another service.
🚫 Right to object (Article 21)
You can refuse data processing for marketing or statistical analysis.
⚖️ Right to lodge a complaint
You can lodge a complaint with ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) if you believe your rights have been violated.
📧 How to exercise your rights?
To exercise any GDPR right, send an email to contact@newzz.eu with:
- Subject: "GDPR Request - [Type of right]"
- A clear description of your request
- Proof of identity (to protect your data)
Response time: Maximum 30 calendar days (in accordance with Article 12(3) GDPR)
7. Data security
We implement security measures to protect your data:
- Encryption: HTTPS for all communications, passwords are hashed
- Firebase Security Rules: Controlled data access (only the owner can modify)
- AI Moderation: Comments are automatically checked for offensive content
- Authentication: Support for OAuth (Google, Facebook) and 2FA (optional)
- Rate limiting: Protection against spam and brute-force attacks
- Backups: Regular database backups
8. Minors (under 16)
⚠️ Age restriction: Our service is not intended for children under 16 years of age.
We do not intentionally collect data from minors. If you discover that a child under 16 has provided us with personal data, please contact us immediately so we can delete this information.
9. International data transfers
Some service providers (Google, Vercel, OpenAI) are located in the US. Data transfers are made in accordance with:
- Standard Contractual Clauses (SCC): Approved by the European Commission
- Supplementary measures: Encryption, anonymization, data minimization
- Data Privacy Framework (DPF): Google and other certified companies
10. Policy updates
This policy may be updated to reflect changes in practices or legislation. Significant changes will be notified through:
- Banner on the website (for unauthenticated users)
- Email (for authenticated users)
- The last updated date will be modified at the top
11. Contact and supervisory authority
National Supervisory Authority (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București
Phone: +40 318 059 211
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro
Legal basis: This policy complies with GDPR (EU Regulation 2016/679), the ePrivacy Directive (2002/58/EC), Law 506/2004 on personal data protection (updated by Law 190/2018), and other applicable regulations in Romania.