Privacy Policy
Effective date: 01 January 2025 | Last updated: 16 September 2025
This Privacy Policy explains how ELEC FLEET TECHNOLOGIES SRL (“3L3C”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use our websites, apps, and services (the “Services”). We are a company incorporated in Romania (Trade Registry no. J2020010598405; VAT RO42971823) with registered office at Sector 1, Str. CĂPRIORILOR, Nr. 5B, Et. 1, Ap. 12, București, Romania.
1) Who is the controller and how to contact us
Controller: ELEC FLEET TECHNOLOGIES SRL (3L3C)
Email: legal@3l3c.ai
Postal: Sector 1, Str. CĂPRIORILOR, Nr. 5B, Et. 1, Ap. 12, București, Romania
If you are a business customer using our platform for your end-clients, you are the controller for the personal data contained in your Customer Content (see §4). We act as your processor for that data. For our own account, billing, website and telemetry data, we act as controller.
2) Scope and relationship to other documents
This Policy applies to our public site, web app, APIs, and support channels. It is complemented by:
- our Terms of Service;
- our Data Processing Addendum (DPA) (when we process Customer Content on your behalf); and
- our Cookie Policy (detailed cookies list and consent choices).
3) What data we collect
We collect the following categories of personal data:
a) Account & identity data (controller)
Names, emails, phone numbers, company details, job titles, workspace settings, authentication identifiers, SSO IDs, role/permission assignments.
b) Billing & transaction data (controller)
Billing contact, billing address, partial payment instrument details (tokenized by our payments provider), invoices, VAT IDs, transaction history.
c) Customer Content (processor)
Any data you or your authorised users upload or connect to the Services: prompts, copy, images, videos, brand rules, calendars, budgets, targets, connected account tokens, comments, and assets. This may include personal data that you choose to include.
d) Service telemetry & usage (controller)
Log files, device/IP, timestamps, feature usage, performance metrics, error reports, clickstream, and aggregated analytics. We may collect this via first‑party telemetry and third‑party analytics (subject to consent where required).
e) Cookies & similar tech (controller)
Cookies, SDKs, pixels and local storage for core functionality, analytics, and—if you consent—advertising/retargeting. See our Cookie Policy for details and choices.
f) Communications & support (controller)
Support tickets, chat transcripts, email records, feedback, survey responses, and call recordings where permitted by law (we will notify you when recording).
g) Candidate data (controller)
If you apply for a role: CV/resumé, contact details, work history, references, interview notes.
We do not intentionally collect special category data (e.g., health, biometric) or children's data. Do not submit such data unless we have agreed in writing.
4) Our roles: controller vs. processor
Controller (our own data): We act as controller for account/billing/website/telemetry data.
Processor (your Customer Content): When you use the Services to create, schedule, publish, or optimise content, we process Customer Content as your processor and only according to your documented instructions (Terms, in‑product settings, and DPA).
Sub‑processors: We use vetted service providers (e.g., cloud hosting, analytics, email, support). We maintain a current list of sub‑processors and will provide notice of changes as set out in the DPA.
5) Purposes and legal bases (GDPR)
We rely on the following legal bases under Art. 6 GDPR:
| Purpose | Data categories | Legal basis |
|---|---|---|
| Provide and secure the Services; account management | a, c, d, e | Contract (Art. 6(1)(b)); Legitimate interests in operating a secure service (Art. 6(1)(f)) |
| Billing and payments; VAT compliance | b | Contract; Legal obligation (tax/accounting) (Art. 6(1)(c)) |
| Customer support and communications | a, f | Contract; Legitimate interests (service quality) |
| Product analytics and improvement | d, e | Legitimate interests (improving and protecting the Services); Consent where cookies/SDKs require it |
| Security, abuse prevention, fraud detection | a, c, d | Legitimate interests (preventing misuse; safety) |
| Marketing communications (B2B) | a, d, e | Consent where required; otherwise Legitimate interests with opt‑out |
| Legal claims, compliance, and audit | a–f | Legitimate interests; Legal obligation |
AI/Model training. We do not use Customer Content to train our foundation models unless you explicitly opt‑in via settings or contract. We may use aggregated/de‑identified telemetry to improve reliability and safety. We do not attempt to re‑identify data.
Automations and optimisation. The Services may recommend or automatically adjust campaign budgets or schedules based on performance signals. These features are intended for business users and do not produce legal or similarly significant effects on natural persons; you can adjust or disable them in settings.
6) Cookies and similar technologies
We use: (i) essential cookies (login, security, load balancing), (ii) analytics (e.g., product analytics, GA4 or similar), and (iii) advertising/retargeting pixels (e.g., LinkedIn, Meta) only if you consent. You can change preferences any time via our Cookie banner and settings. See the Cookie Policy for current vendors, retention, and purposes.
7) Sharing and disclosure
We share personal data with:
- Service providers / sub‑processors (cloud infrastructure, storage, email/SMS, analytics, payments, support tooling, SSO, monitoring). They act under contract, follow our instructions, and implement security measures.
- Third‑party platforms you connect (e.g., social networks, ad networks, analytics). We disclose data at your direction to publish content, manage ads, or read analytics.
- Affiliates (for support and product operations) under this Policy's safeguards.
- Professional advisors (lawyers, auditors) under confidentiality obligations.
- Authorities where required by law or to protect rights, security, and safety.
- Business transfers in connection with a merger, acquisition, or sale of assets (we will notify you where required by law).
We do not sell personal data. If our website uses cross‑context behavioural advertising, this occurs only with your consent to marketing cookies and you may withdraw consent at any time.
8) International transfers
We primarily store data in the EEA. When we transfer personal data outside the EEA/UK/Switzerland, we rely on adequacy decisions (Art. 45 GDPR) or Standard Contractual Clauses (Art. 46 GDPR) plus necessary supplementary measures. For UK transfers we use the UK IDTA/Addendum; for Swiss transfers the SCCs as adapted. We conduct transfer impact assessments where relevant.
9) Data retention
We retain data only as long as necessary for the purposes set out above:
- Account data: lifetime of the account + up to 3 years after closure for queries and record‑keeping.
- Billing/transactions: 10 years to satisfy Romanian accounting/tax retention rules.
- Customer Content (processor): as directed by you; typically until deletion, export, or account closure.
- Telemetry/logs: typically 12–24 months, unless needed longer for security or investigations.
- Support records: up to 3 years after resolution.
- Recruitment data: generally 12 months (longer with your consent).
We may retain aggregated/de‑identified data that cannot reasonably identify you.
10) Security
We implement appropriate technical and organisational measures (TOMs) designed to protect personal data, including: encryption in transit and at rest; access controls and least privilege; SSO and MFA options; network segmentation; monitoring and logging; secure development lifecycle; vulnerability management and penetration testing. No system is perfectly secure; if we become aware of a data breach impacting personal data, we will notify affected customers without undue delay and provide relevant information to support their own regulatory notifications where they are the controller.
11) Your rights (EU/EEA, UK, Switzerland)
Depending on your location and subject to conditions/exceptions, you have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests and to direct marketing), and data portability. Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.
To exercise your rights, contact legal@3l3c.ai. We may ask you to verify your identity. You also have the right to lodge a complaint with your local supervisory authority or with the Romanian authority:
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) – anspdcp.ro
Email/phone details are available on the ANSPDCP website.
12) Children
The Services are intended for adults (18+) and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
13) Third‑party links and integrations
Our Services may link to or integrate with third‑party websites and platforms. Their privacy practices are governed by their own policies. Please review them before connecting or using those services.
14) Changes to this Policy
We may update this Policy from time to time. If changes materially affect your rights, we will provide reasonable advance notice (e.g., email or in‑app). The “Last updated” date shows the latest revision. Continued use of the Services after the effective date constitutes acceptance.
15) Contact
Questions about privacy or this Policy: legal@3l3c.ai
Security incidents: legal@3l3c.ai (please include “Security” in the subject)
Postal: Sector 1, Str. CĂPRIORILOR, Nr. 5B, Et. 1, Ap. 12, București, Romania
Annex A — Processing as a Processor (DPA summary)
Subject matter & duration: Provision of the Services for the term of your subscription.
Nature & purpose: Hosting, creation, scheduling, publishing, optimisation, analytics and support.
Types of personal data: Whatever your users submit or connect (may include names, contacts, identifiers, online identifiers).
Categories of data subjects: Your employees, contractors, customers, prospects, or social media audiences as determined by you.
Obligations: We will process only on your documented instructions; maintain confidentiality; implement TOMs; assist with data subject requests and DPIAs; notify you of personal data breaches without undue delay; delete or return personal data at end of provision; and flow down obligations to sub‑processors.
International transfers: SCCs/UK IDTA/Swiss addendum as applicable.
Annex B — Marketing communications
We may send service and transactional messages (account, security, billing).
For marketing emails, we rely on consent where required or legitimate interest (B2B) with the ability to unsubscribe at any time.
If you prefer not to receive marketing, use the unsubscribe link or email legal@3l3c.ai.
Annex C — Regional supplements (if applicable)
If you are a resident of a jurisdiction with additional privacy rights (e.g., certain US states, Brazil), we will honour those rights. Where our website engages in cross‑context behavioural advertising or “sharing” under such laws, you can opt out via our cookie preferences or a “Do Not Sell or Share” link (where required).