Privacy Policy.
GDPR-compliant. Last updated: 22 April 2026.
1. Data Controller
AiVenture S.R.L. — CUI RO51415878, headquartered at Drumul Pădurea Pustnicu, Nr. 141C, Corp A, Etaj 2, Ap. 5, Sector 1, București, Romania. Email: contact@5thelement.ai.
2. What We Collect
2.1 Audit tool submissions
When you run an audit, the URL you enter is sent to our server-side proxy to fetch public HTML. We store:
- The submitted URL
- Timestamp of the audit
- Aggregate signal pass/fail counts (anonymized)
2.2 Contact channels
When you email us, WhatsApp us, or submit a scoping request:
- Your name and contact details
- Message content
- Any attachments you send
2.3 Technical data
- IP address (truncated for analytics)
- Browser type and version
- Referring URL
- Pages viewed and time on site (anonymized)
3. Cookies
- Theme preference — stores light/dark mode choice in localStorage (essential)
- Analytics — if enabled in future, will use privacy-respecting analytics with opt-out banner
No third-party advertising trackers. No cross-site tracking.
4. Legal Basis (GDPR Art. 6)
- Legitimate interest (Art. 6(1)(f)) — operating the audit tool
- Consent (Art. 6(1)(a)) — for any optional analytics
- Contract performance (Art. 6(1)(b)) — when you engage us for paid services
- Legal obligation (Art. 6(1)(c)) — when required by law
5. Retention
- Audit URL submissions: 90 days, then aggregated
- Contact messages: 2 years, or until you request deletion
- Contractual records: 10 years (Romanian tax law)
- Web server logs: 30 days
6. Sharing
We do not sell your data. We share with: Cloudflare (hosting), email provider, authorities when legally required.
7. International Transfers
Data stays within the EU where possible. Transfers to sub-processors outside the EU use Standard Contractual Clauses.
8. Your Rights (GDPR Art. 15–22)
- Access
- Rectification
- Erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object
- Withdraw consent
Send requests to contact@5thelement.ai. We respond within 30 days.
9. Complaint
You have the right to lodge a complaint with ANSPDCP (Romanian data protection authority), B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, București, dataprotection.ro
10. Security
We use HTTPS, rate limiting, and server-side input sanitization.
11. Children
The Site is not directed at children under 16.
12. AI Use Notice (our own transparency)
In the spirit of Art. 50 we regulate: some blog articles are drafted with AI assistance and human-reviewed before publication. The audit tool itself runs rule-based code, not AI inference.
13. Changes
Material changes posted with updated date at top of this page.