Privacy Policy
Last updated: March 2026
Terminal43 SRL ("we", "us", "the Platform") operates code.terminal43.ro. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Romanian data protection law. This policy describes what personal data we collect, how we process it, and your rights.
1. Data Controller
| Legal entity | Terminal43 SRL |
| Registered office | Bucharest, Romania |
| Contact | contact@terminal43.ro |
| Support | support@terminal43.ro |
Terminal43 SRL is the data controller for personal data processed through this platform, within the meaning of Article 4(7) of the General Data Protection Regulation (EU) 2016/679 ("GDPR").
2. Data We Collect
Account Data
When you register, we collect your username, email address, and password (stored as a bcrypt hash — we never store plaintext passwords).
Usage Data
We record your coding submissions, progress, points, streaks, badges, course enrollments, bookmarks, comments, reviews, and contest participation to provide the learning platform's core features.
Technical Data
We collect your IP address, browser type, and session information for security, rate limiting, and abuse prevention. Server logs are retained for up to 12 months.
3. Legal Basis for Processing (GDPR Art. 6)
| Processing Activity | Legal Basis |
|---|---|
| Account creation & authentication | Contract (Art. 6(1)(b)) |
| Progress tracking, badges, leaderboards | Contract (Art. 6(1)(b)) |
| Email streak reminders | Consent (Art. 6(1)(a)) — opt-in at registration |
| Analytics cookies | Consent (Art. 6(1)(a)) |
| Security logging & rate limiting | Legitimate Interest (Art. 6(1)(f)) |
| Admin audit trail | Legitimate Interest (Art. 6(1)(f)) |
4. Data Retention
- Account data: Retained until you delete your account.
- Server logs: Retained for up to 12 months, then automatically purged.
- Code submissions & progress: Retained while your account is active.
- Cookie consent records: Retained for the duration of consent validity (up to 12 months).
5. Your Rights (GDPR Art. 15–21)
You have the following rights regarding your personal data:
- Right of Access (Art. 15): Export a copy of all your data via Account Settings → Export My Data.
- Right to Rectification (Art. 16): Update your profile information via Edit Profile. You can change your email and password from your account settings.
- Right to Erasure (Art. 17): Delete your account and all associated data via Account Settings → Delete Account.
- Right to Data Portability (Art. 20): Download your data as a machine-readable JSON file via the Export feature.
- Right to Restriction (Art. 18): Contact us to restrict processing of your data while a dispute is resolved.
- Right to Object (Art. 21): You may opt out of email reminders at any time from your account settings. You may withdraw cookie consent at any time.
6. Data Sharing & Third-Party Processors
- We do not sell your personal data.
- Hostinger: Email delivery (SMTP) — processes your email address to send account confirmations and reminders.
- CDN providers: Static asset delivery (no personal data shared).
- We may disclose data to law enforcement or regulators when required by applicable law.
7. International Data Transfers
Your data is stored on EU-based servers. If any third-party processor transfers data outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions per GDPR Art. 46).
8. Data Security
We implement appropriate technical and organizational measures including: bcrypt password hashing, CSRF protection, rate limiting, session regeneration, input validation, and access controls limiting data access to authorized personnel only.
9. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR Art. 33. If the breach poses a high risk to your rights, we will also notify you directly (Art. 34).
10. Children's Privacy
This platform is intended for users aged 16 and over. If you are under 16, you may only use the platform with verifiable parental or guardian consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete the account promptly.
11. Cookies
We use essential, preference, and analytics cookies. For full details, see our Cookie Policy. You can manage your cookie preferences at any time via the cookie consent banner.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via a notice on the platform. The "Last updated" date at the top indicates the most recent revision.
13. Contact & Complaints
If you have questions about this policy or wish to exercise your rights, contact us at:
Contact: contact@terminal43.ro
Support: support@terminal43.ro
14. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. The Romanian supervisory authority is:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, România
Website: www.dataprotection.ro