Back to home

Privacy Policy — Tosvi

Version 1.0 · Effective date: 2026-06-20 · Last updated: 2026-06-20

This privacy policy explains what personal data Tosvi processes, why, and how. Tosvi is a software service for car-detailing studios ("studios") to manage clients, vehicles, quotes, scheduling, and pre-work vehicle inspections.

Where applicable under the EU General Data Protection Regulation (GDPR, if you are an EU/EEA resident), Moldovan Law 133/2011 on the protection of personal data, or comparable laws in your jurisdiction, Tosvi complies with the data-protection obligations outlined below.

Scope and applicable law

Tosvi is built to GDPR standards. It is operated from the Republic of Moldova and may be used by studios in Moldova, the EU/EEA, and other markets. Where the GDPR, Moldovan Law 133/2011, or comparable law applies to a processing activity, we comply with the obligations set out in this policy for that activity, and the GDPR-specific terms of our Data Processing Agreement apply between the studio and us. Where the GDPR requires it for processing of EU/EEA residents' data, we put in place the additional measures it mandates, including the designation of an EU representative under Article 27 GDPR where applicable.

Who we are

Tosvi is operated by: Petru Virtos, Antreprenor Independent Cod fiscal: 1026023032469 Chișinău, Republic of Moldova Contact: [email protected]

Our role: processor, not controller, for studio client data

This is the most important thing to understand about how Tosvi handles data.

  • For the personal data a studio enters about its own customers (client

names, phone numbers, emails, vehicle details, inspection photos, signatures), the studio is the data controller — it decides why and how that data is used. Tosvi is the data processor, acting only on the studio's instructions. The terms of that processing are set out in our Data Processing Agreement (DPA), which forms part of each studio's contract with us.

  • For the studio account itself — the staff login data we need to run the

service (account email, name, role) and the security and operational data described below — Tosvi is the controller.

If you are a _customer of a studio_ and want to access or delete the data the studio holds about you, please contact the studio directly; they control that data, and we will assist them in responding to your request.

What data we process

Studio account and staff (Tosvi is controller):

  • Account email address, name, and role of each staff user, used to

authenticate sign-in and operate the service.

  • The user-interface language preference, stored to send account emails (e.g.

password reset) in your language.

Studio client data (Tosvi is processor; the studio is controller):

  • Clients: name, phone, email, and free-text notes.
  • Vehicles: registration plate, VIN, year, colour, and class.
  • Work history: quotes, services, work orders, and generated PDF documents.
  • Pre-work vehicle inspections: photographs of the vehicle (which may show

plates and, occasionally, a person), a customer signature image, damage markers and notes, and the approver's name and approval timestamp. Inspection media is stored in a private, EU-based storage bucket and is served only through short-lived signed links — never on a public URL.

Embeddable price-calculator widget (optional, if a studio uses it):

  • Lead submissions: if a website visitor submits the studio's contact form, the

name and phone number they provide, plus a snapshot of the services/estimate they selected. This becomes the studio's data (Tosvi is processor).

  • Visitor IP address: processed only as an abuse/rate-limit signal. It is

never stored in raw form — it is truncated and irreversibly hashed with a daily-rotating secret before becoming a short-lived counter. No raw or hashed visitor IP is written to our audit log.

  • Aggregate analytics: daily counters (views, estimates, completions) with no

per-visitor records — this is statistical data, not personal data. The widget sets no cookies and runs no per-visitor tracking.

Security and operational data (Tosvi is controller):

  • An append-only audit log of actions taken inside an account (who did what,

when) for security and accountability. It does not record customer PII.

  • Standard server logs (request paths, status codes, timing) for debugging and

abuse prevention. We do not log personal data.

What we do not process

  • We do not sell personal data.
  • We do not use client data for advertising or build marketing profiles.
  • We do not use client personal data to train AI models.
  • The widget does not fingerprint or track individual website visitors.

Why we process this data, and our legal basis

Where GDPR or Moldovan Law 133/2011 applies, we rely on:

  • Contract performance — to provide the service the studio has subscribed

to (authentication, storing and displaying the studio's records, generating quote and inspection documents).

  • Legitimate interest — for security, abuse prevention, rate limiting, and

operational logging. These logs are non-sensitive and access is restricted to the operator; we have determined this interest does not override your rights.

  • Legal obligation — to respond to lawful requests and meet our

data-protection duties.

For studio client data, the studio determines the purpose and legal basis (typically contract or legitimate interest for its own customer records); Tosvi processes that data only on the studio's documented instructions.

Where data is stored

Tosvi stores data in the European Union (Supabase, Frankfurt region — Germany). Some sub-processors are located outside the EU/EEA; where personal data is transferred outside the EU/EEA or Moldova, transfers rely on Standard Contractual Clauses or equivalent safeguards.

Sub-processors

Tosvi uses the following third-party services to operate. Each is a sub-processor; data shared is limited to what's necessary for that service.

  • Supabase (database, authentication, and file storage; EU/Frankfurt

region) — stores account and studio data. https://supabase.com/privacy

  • Cloudflare, Inc. (USA) — DNS, content delivery, site hosting, email

routing, and Turnstile bot-protection on sign-in and the public widget. https://www.cloudflare.com/privacypolicy/

  • MailerSend, Inc. (transactional email delivery; EU-based data centres,

ISO 27001, certified under the EU-U.S. Data Privacy Framework) — sends account emails such as sign-up confirmation, password reset, and security notifications. https://www.mailersend.com/legal/privacy-policy

Changes to the sub-processor list. If we add a new sub-processor, we will notify studios by email at least 30 days before the change takes effect. A studio may object by emailing [email protected] within that window; if a reasonable objection cannot be resolved, the studio may terminate the service without penalty.

Retention and deletion

  • While the account is active: we retain the studio's data to provide the

service.

  • Data-subject export/erasure: the app provides per-account and per-client

data export and erasure. Erasing a client removes that client's records, including inspections, and the associated inspection media files are deleted from storage (not merely de-referenced).

  • On account closure / request: we delete the studio's data on request.
  • Audit log: retained for security and accountability for as long as the

account is active; contains no customer PII.

  • Server logs: retained for a limited period for debugging and abuse

prevention, then deleted.

Your rights

If you are in the EU/EEA, Moldova, or another jurisdiction with comparable laws, you have the rights of access, rectification, erasure, portability, objection, and restriction.

  • Studio account holders: exercise these in-app (export your account data,

edit records) or by emailing [email protected].

  • Customers of a studio: contact the studio (the controller of your data);

we will assist the studio in responding.

  • Lodge a complaint: in Moldova, the National Center for Personal Data

Protection (CNPDCP), https://datepersonale.md. In the EU, your national supervisory authority.

Cookies and tracking

The Tosvi app uses only essential cookies/local storage needed to keep you signed in and remember interface preferences. We use no analytics, advertising, or tracking cookies. The embeddable widget is cookieless.

Security

  • All traffic is encrypted in transit (TLS); data at rest is encrypted by our

hosting provider.

  • Strict tenant isolation: database row-level security ensures one studio can

never access another studio's data.

  • Inspection media is stored in a private bucket and served only via

short-lived signed links.

  • Bot protection (Cloudflare Turnstile) and leaked-password screening on

authentication.

  • All inbound data is validated before being written; sub-processor secrets are

stored as environment secrets, never in source code; production access is restricted to the operator.

Breach notification. If we become aware of a personal-data breach, we will notify affected studios without undue delay and, where required by GDPR, no later than 72 hours after becoming aware. We will describe the nature of the breach, the data affected, the likely consequences, and the measures taken, and cooperate with the competent supervisory authority where required.

Children

Tosvi is a B2B tool for businesses and is not directed at children. We do not knowingly collect data from children. If notified that a minor has accessed the service, we will delete any associated records on receipt of a credible report.

Changes to this policy

If we materially change how we process data, we will update this policy and notify studios by email at least 30 days before the change takes effect. Minor clarifications will be reflected here with an updated "Last updated" date.

Contact

For privacy questions or to exercise your rights, email [email protected].