How it worksAI assistantPricingFAQ

Legal

Privacy Policy

We believe in full transparency about how we handle your data. This policy explains what we collect, why, and how you can control it.

Last updated: April 2, 2026·Effective: April 2, 2026·GDPR compliant

1. Who We Are

Perqly is a service operated by nano-soft technology srl, a company incorporated and registered in Romania (European Union). We operate the website at perqly.xyz and provide a curated directory of startup perks and credits.

For the purposes of the General Data Protection Regulation (GDPR) and Romanian Law no. 190/2018, nano-soft technology srl acts as the data controller for all personal data processed through our services.

Data Controller

nano-soft technology srl

Romania, European Union

Privacy enquiries: hello@perqly.xyz

2. Data We Collect

We collect only the data strictly necessary to provide and improve the Service.

Account data

When you create an account, we collect your email address. Passwords are never stored in plain text — they are hashed and managed securely by Supabase Auth.

Profile data

During onboarding, we ask for your role (e.g. founder, developer), business type (bootstrapped, VC-backed), and areas of interest. This helps us personalise the perks we surface for you.

Usage data

We store which perks you have saved or bookmarked in the dashboard. This data is tied to your account.

Payment data

Subscription billing is handled entirely by Stripe. We do not store your card number, CVV, or full payment details. We receive from Stripe only a customer ID, subscription status, and billing period.

Newsletter email

If you opt in to our newsletter via the footer form, we store your email address to send product updates. This is entirely optional and independent of account creation.

4. How We Use Your Data

  • Authenticate you and keep your account secure
  • Personalise the perks directory based on your role and interests
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (account confirmation, password reset, receipts)
  • Send product updates — only if you have opted in to our newsletter
  • Detect and prevent abuse, fraud, or unauthorised access
  • Comply with legal obligations under Romanian and EU law

We do not sell, rent, or trade your personal data to any third party.

5. Data Sharing & Sub-processors

We share data with a minimal set of trusted sub-processors, each bound by a data processing agreement:

Supabase

EU (AWS)

Authentication and database storage. User profiles, account data, and saved perks are stored on Supabase-managed PostgreSQL instances hosted within EU regions.

Stripe

USA (SCC)

Payment processing and subscription management. Stripe processes and stores payment details under their own PCI-DSS compliant infrastructure. Transfers outside the EU are covered by Standard Contractual Clauses.

We may also disclose data where required by law, court order, or to protect the rights, property, or safety of nano-soft technology srl, its users, or the public.

6. Data Retention

Account dataRetained while your account is active, plus 30 days after deletion to allow for recovery.
Payment recordsRetained for 5 years to comply with Romanian and EU accounting regulations.
Newsletter emailsRetained until you unsubscribe or request deletion.
Usage dataDeleted immediately upon account deletion.

7. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

Right of access

Request a copy of all personal data we hold about you.

Right to rectification

Correct inaccurate or incomplete personal data.

Right to erasure

Request deletion of your data ("right to be forgotten").

Right to portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests.

Right to restrict

Request that we limit how we process your data.

Withdraw consent

Unsubscribe from newsletters or revoke consent at any time.

Right to complain

Lodge a complaint with the Romanian supervisory authority (ANSPDCP).

To exercise any of these rights, email hello@perqly.xyz. We will respond within 30 days. The supervisory authority in Romania is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP), reachable at www.dataprotection.ro.

8. Cookies

We use only the minimal set of cookies necessary for the Service to function:

Session cookiesSet by Supabase Auth to maintain your authenticated session. These expire when you close your browser or log out.
Preference cookiesUsed to remember lightweight UI preferences across sessions.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Disabling cookies in your browser will prevent you from staying logged in.

9. Security

We implement industry-standard technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS/TLS
  • Passwords are hashed using bcrypt via Supabase Auth — never stored in plain text
  • Payment data is handled exclusively by Stripe (PCI-DSS Level 1 certified)
  • Database access is restricted to authenticated server-side code only
  • We conduct regular security reviews of our infrastructure

In the event of a data breach affecting your rights and freedoms, we will notify you and the ANSPDCP within 72 hours as required by GDPR Article 33.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

Questions, concerns, or data requests related to this policy:

nano-soft technology srl

Operating Perqly (perqly.xyz)

Romania, European Union

hello@perqly.xyz

Read our Terms of Service →← Back to Perqly