Legal and business information
Privacy Policy
How ChirpStack Online processes account, billing, telemetry, support, analytics, and security data.
Effective date: 18 July 2026
Controller
Bogdan Bujor Coroi PFA
COROI BOGDAN-BUJOR PERSOANA FIZICA AUTORIZATA
Romanian tax ID (CUI): 51064823
EU VAT code: RO54488238
Registration no.: F2024019145008
Registered office: Principala 185, Sanpaul, Cluj, 407532, Romania
Email: [email protected]
Phone: +40 720 036 170
Privacy contact: [email protected].
Data we process
We process account data, tenant/company name, encrypted credentials, subscription status, billing metadata, support messages, security logs, gateway and device metadata, API/webhook/MQTT configuration, telemetry needed to provide the service, and analytics events when consent is given.
Purposes and legal bases
Data is processed to create accounts, provide hosted ChirpStack access, manage subscriptions, secure the service, send password resets and support emails, process payments, comply with legal obligations, and improve the website where analytics consent is provided.
Processors and providers
We may use infrastructure, email, Cloudflare, Stripe, Google Analytics, ChirpStack, backup, monitoring, and support providers. Payment card data is processed by Stripe; ChirpStack Online does not store card numbers.
Retention
Telemetry retention follows the active plan: 14 days for plans up to 30 EUR/month, 6 months for the 50 EUR/month plan, and 1 year for plans above 50 EUR/month, unless a shorter deletion is technically required or a longer legal retention duty applies. Account, billing, security, and invoice records are retained as required for contracts, accounting, security, and legal defense.
Your rights
Under GDPR you may request access, rectification, deletion, restriction, portability, objection, or withdrawal of consent where applicable. You may also lodge a complaint with the Romanian data protection authority: dataprotection.ro.
International transfers
Some providers may process data outside Romania or the EEA. Where applicable, we rely on adequacy decisions, contractual safeguards, provider terms, or another valid transfer mechanism.