Millennium Vibe
Sign In

Privacy Policy

Last updated: February 28, 2026

Millennium Vibe ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform, in compliance with the General Data Protection Regulation (GDPR) and applicable Romanian data protection legislation.

1. Data Controller

The data controller responsible for your personal data is Millennium Vibe, a company registered in Romania. If you have any questions about how we handle your data, you can reach us at [email protected].

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, username, avatar, bio, location, and social media links you choose to provide when creating or updating your profile.
  • Payment data: billing address, transaction history, and subscription details. Payment card information is processed directly by Stripe and is never stored on our servers.
  • Usage data: pages visited, features used, interactions with content (likes, comments, course progress), and time spent on the platform.
  • Technical data: IP address, browser type and version, device type, operating system, referring URLs, and language preferences.
  • User-generated content: posts, comments, chat messages, course submissions, uploaded files, and other content you create on the platform.
  • Communication data: emails and messages you send to us, support requests, and feedback.

3. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide you with our services, including account management, community access, course delivery, and payment processing.
  • Consent (Art. 6(1)(a)): For analytics cookies, marketing communications, and optional data processing. You can withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): For platform security, fraud prevention, service improvement, and aggregated analytics that do not identify individuals.
  • Legal obligation (Art. 6(1)(c)): For tax record keeping, financial reporting, and compliance with applicable laws.

4. Data Retention

We retain your data for the following periods:

  • Account data: Retained for the duration of your account. Upon account deletion, personal data is erased within 30 days, except where retention is required by law.
  • Payment and invoice data: Retained for 10 years after the transaction to comply with Romanian fiscal and accounting regulations.
  • Analytics data: Aggregated and anonymized within 26 months of collection.
  • Server logs: Automatically deleted after 90 days.
  • Consent records: Retained for 5 years from the date of consent as evidence of compliance.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): You can request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to restriction of processing: You can ask us to limit how we process your data in certain circumstances.
  • Right to object: You can object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal), the Romanian data protection authority.

6. Data Sharing

We share your data with the following categories of third-party service providers, all of which are bound by data processing agreements:

  • Stripe: Payment processing, subscription management, and invoicing. Stripe acts as an independent data controller for payment data.
  • Postmark and Amazon SES: Transactional and marketing email delivery.
  • Cloudflare: Content delivery, DNS management, and DDoS protection. Cloudflare processes IP addresses and request metadata.
  • Cloudflare R2: File and media storage. Uploaded content is stored on Cloudflare's infrastructure.
  • Bunny.net and LiveKit: Video hosting, transcoding, and live video conferencing.

We do not sell your personal data to any third party. Data shared with processors is limited to what is strictly necessary for the service they provide.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognized certification mechanisms.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and secure infrastructure hosted within the European Union. However, no method of electronic transmission or storage is 100% secure.

9. Children's Privacy

Our platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information promptly.

10. Data Protection Authority

The supervisory authority for data protection in Romania is ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal). You can contact them at [email protected] or visit their website at www.dataprotection.ro if you wish to lodge a complaint.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].