§Privacy Policy

Privacy Policy.
Optimator AI.

Last updated  ·  June 2026

Plain language. No fine print.

This Policy describes how OPTIMATOR SRL, a company incorporated under the laws of Romania, with registered office at Str. Nerva Traian 27-33, Sc. B, Et. 1, Ap. BIR. 6, Sector 3, Bucharest, Romania, Trade register No. J2025062435003, CUI 52353277 ("Optimator") handles personal data when you use our website and Services. It is written for business users in the European Union and beyond, with GDPR as the primary framework.

01Scope & who we are

Scope & who we are

This Privacy Policy ("Policy") explains how OPTIMATOR SRL, a company incorporated under the laws of Romania, with registered office at Str. Nerva Traian 27-33, Sc. B, Et. 1, Ap. BIR. 6, Sector 3, Bucharest, Romania, Trade register No. J2025062435003, CUI 52353277 ("Optimator," "we," "us," or "our") collects, uses, discloses, and protects personal data when you visit optimator.ai, use our applications, sign up for a trial, or engage our services (collectively, the "Services").

Beyond this Policy, your use of the Services is subject to our Terms of Service and, where applicable, your Engagement Agreement. Capitalized terms not defined here have the meanings given in the Terms.

The Services are offered to businesses and professionals acting in a business capacity (business-to-business). We do not sell personal data. We do not use your data to train third-party AI models for their own purposes unless you explicitly agree in writing.

For most site and account data, Optimator is the data controller. Where you send us personal data about your customers, guests, or staff so we can deliver the Services, you are the controller and Optimator acts as a processor — see Section 14.

02Information we collect

Information we collect

We collect information you provide, information generated when you use the Services, and limited information from third parties.

  • Registration and contact information — name, business name, email address, phone number, billing address, and other details you provide at signup, on forms, or during onboarding.
  • Business and operational information — information about your business, workflows, integrations, booking systems, guest communications, files, and tasks you ask us or Service Partners to perform.
  • Operational and credential information — if you choose to share access credentials or delegated access to your systems (email, CRM, OTAs, admin panels, messaging tools, or similar), we receive and use that information only to perform the Services. Sharing credentials is optional; you may use delegated-access mechanisms (sub-accounts, OAuth, or platform invitations) where available.
  • Payment information — card or payment details are handled by our payment processors. We do not store full card numbers on our servers.
  • Usage and device information — IP address, browser type, device identifiers, pages viewed, actions within the site or app, referral source, and similar analytics data.
  • Communications — content of emails, messages, calls, or support tickets you send us, and operational records we create when delivering the Services.
  • Third-party information — where you connect a third-party account or we receive information from integration partners, we may receive the categories above as permitted by that service.

03How we use information

How we use information

We use personal data to:

  • Provide, operate, and improve the Services, including AI agents, automations, and Service Partner work.
  • Match you with Service Partners and coordinate delivery, training, and quality support.
  • Process payments, send invoices, and manage your account.
  • Communicate with you about onboarding, support, billing, security, and service updates.
  • Send service-related messages; you may opt out of non-essential marketing emails at any time.
  • Analyse usage to improve performance, reliability, and security.
  • Detect, investigate, and prevent fraud, abuse, and violations of our Terms.
  • Comply with law, respond to lawful requests, and establish or defend legal claims.

04How we share information

How we share information

We do not sell or rent personal data. We share it only as described below.

Service Partners and Operators — we may share information with Service Partners and Operators who perform work on your behalf. Each is required to use it only to deliver the Services and to treat it as confidential.

Subprocessors and vendors — we use providers such as cloud hosts, email delivery, calendar booking, payment processors, analytics, and AI model providers to run the Services. They receive information only as needed to perform work for us. Their practices are governed by their own policies; a current subprocessor list is available on request.

Integrations you enable — if you connect third-party tools, we may share information with those services as you direct through the integration.

Corporate transactions — we may share information in connection with a merger, acquisition, financing, or sale of assets.

Legal and safety — we may disclose information if required by law, court order, or regulatory process, or if we reasonably believe disclosure is necessary to protect rights, safety, and security of Optimator, clients, Service Partners, or others.

05Credentials & operational data

Credentials & operational data

Our Services include a managed model in which Optimator personnel and Service Partners may access systems and information you authorize so work can be completed on your behalf. By sharing operational information or credentials, you acknowledge the following:

Authorized credential handling — where you share credentials, we require storage in approved secure systems with access on a need-to-know basis. Personnel must not store credentials in plain text in chat, documents, or other unauthorized places. We cannot guarantee perfect adherence in every instance; you should prefer delegated access where feasible.

Operational information — business data, guest information, files, and communications you share are handled on our systems with access limited to authorized personnel. Such information may not be subject to the same standards as payment-card data unless expressly agreed in a DPA or Engagement Agreement.

Quality oversight — for quality assurance and training, authorized personnel may review work product, logs, or activity related to tasks you assign. This visibility is part of the managed service. If you require restrictions, discuss them before onboarding.

International access — Service Partners and subprocessors may work from Romania, the EEA, or other countries. By using the Services and sharing information, you acknowledge such access where permitted by law and subject to the safeguards in Section 13.

Your responsibility — you decide what to share in light of your obligations to your own customers, employees, and partners. Optimator does not assess the regulatory status of data you provide.

06Security

Security

We use technical and organisational measures designed to protect personal data, including access controls, encryption in transit where appropriate, and limiting access to personnel who need it.

Payment data is transmitted via secure connections and processed by PCI-compliant payment processors; we do not store full card numbers on our systems.

No method of transmission or storage is completely secure. We cannot guarantee absolute security. You share credentials and guest data at your own discretion and risk.

If we confirm a personal-data breach posing risk to individuals, we will take steps to investigate, mitigate, and notify you and/or supervisory authorities as required by GDPR and applicable law.

07Retention

Retention

We keep personal data only as long as needed for the purposes in this Policy, unless a longer period is required by law.

Inquiry and trial records — for the active relationship and a reasonable period afterward for follow-up and disputes.

Client and billing records — for the engagement and as long as required for tax, accounting, and legal obligations in Romania (typically up to ten years where applicable).

Operational data and credentials — for the engagement and a short wind-down period after termination, then deleted or anonymised unless we must retain copies for legal compliance.

If you close your account or end an engagement, we may retain information as needed to collect outstanding fees, resolve disputes, enforce our Terms, prevent fraud, and comply with law.

08Your rights under GDPR

Your rights under GDPR

Where GDPR applies and Optimator is controller, you may have the following rights, subject to legal limits:

  • Access — request a copy of personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete data where there is no lawful reason to keep it.
  • Restriction — ask us to limit processing in certain cases.
  • Portability — receive data you provided in a structured, commonly used format where applicable.
  • Object — object to processing based on legitimate interests or direct marketing.
  • Withdraw consent — where we rely on consent, you may withdraw it at any time without affecting prior lawful processing.
  • Lodge a complaint — with your local supervisory authority. In Romania, the authority is ANSPDCP (https://www.dataprotection.ro).
  • Contact — to exercise these rights, email support@optimator.ai. We respond within one month unless the request is complex, in which case we may extend by two further months and will explain why.

09Cookies & similar technologies

Cookies & similar technologies

We use cookies and similar technologies for essential operation, preferences, and analytics. We do not use them for cross-site advertising or sell data from cookies to advertisers.

You can control cookies through your browser settings. Disabling cookies may affect site functionality.

Where required by law (including the ePrivacy rules), we will obtain consent before placing non-essential cookies.

10Children

Children

The Services are not directed to individuals under 18 and are not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe we have collected such data, contact support@optimator.ai and we will delete it promptly.

11Automated processing

Automated processing

We use automation and AI to deliver parts of the Services. We do not make solely automated decisions producing legal or similarly significant effects about you unless we describe such processing separately and provide a lawful basis.

If you are a business client sending guest or customer data, you are responsible for any transparency notices your end customers require about automated processing or AI-generated communications.

12Marketing & electronic communications

Marketing & electronic communications

We may send service and account messages by email or SMS where you provide contact details. You may opt out of marketing messages using the unsubscribe link or by writing to support@optimator.ai. Service and transactional messages may still be sent.

Where EU ePrivacy and direct-marketing rules apply, we rely on your business relationship, consent, or soft opt-in as permitted by law for B2B communications.

13International transfers

International transfers

Personal data may be processed in Romania, the European Economic Area, and other countries where we or our subprocessors operate (including countries outside the EEA where Service Partners or cloud providers are located).

Where GDPR requires safeguards for transfers outside the EEA, we use appropriate mechanisms such as European Commission adequacy decisions, Standard Contractual Clauses, or other lawful transfer tools.

By using the Services and, where applicable, instructing us to process data, you acknowledge such transfers subject to those safeguards. Details are available on request.

14Business clients & processor role

Business clients & processor role

If you provide personal data about your customers, guests, or staff, you represent that you have a lawful basis to do so and that our instructions are consistent with your obligations.

Optimator processes that data only on your documented instructions to deliver the Services. Our standard Data Processing Agreement (DPA), incorporating GDPR Article 28 terms (scope, confidentiality, security, subprocessors, deletion, breach assistance, and data-subject requests), applies automatically when such processing begins. A signed copy is available on request or in your Engagement Agreement.

You are responsible for responding to data-subject requests from your customers where Optimator acts as processor; we will assist as set out in the DPA.

15Changes & contact

Changes & contact

We may update this Policy from time to time. We will post the current version at this URL with the last-updated date. For material changes, we will notify active clients by email or in-product notice where appropriate.

If you do not agree with a material change, stop using the Services and contact us to close your account.

Questions, rights requests, or complaints: OPTIMATOR SRL, a company incorporated under the laws of Romania, with registered office at Str. Nerva Traian 27-33, Sc. B, Et. 1, Ap. BIR. 6, Sector 3, Bucharest, Romania, Trade register No. J2025062435003, CUI 52353277. Email: support@optimator.ai. Website: https://optimator.ai.