As a company incorporated in Romania (EU), we are subject to the General Data Protection Regulation (GDPR). You have meaningful rights over your personal data — see Section 7.
1. Introduction
AI Digital (registration no. 49856856), incorporated in Romania, operates the Skillmint platform and acts as the data controller for personal data processed through the Platform. This Privacy Policy explains how we collect, use, store, share, and protect your personal data, and describes your rights under the GDPR.
By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Platform.
2. Data Controller
The data controller responsible for your personal data is:
3. Data We Collect
3.1 Data You Provide Directly
- Account information: full name, email address, username, and hashed password;
- Profile information: profile picture, bio, and professional details (Publishers);
- Payment information: billing name, country, and last four digits of card (full card details are held exclusively by Stripe, Inc.);
- Payout information: bank account or Stripe Connect details for receiving Publisher payouts;
- Support communications: any messages you send to our team.
3.2 Data Collected Automatically
- Log data: IP address, browser type, OS, pages visited, timestamps, and referrer URLs;
- Device information: device type and identifiers;
- Cookie data: session and persistent cookies (see Section 9);
- Usage data: search queries, purchase history, and download events.
3.3 Data from Third Parties
- Stripe, Inc.: transaction status, payment confirmation, and fraud signals;
- Cloudinary: metadata related to uploaded media files.
4. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Performance of contract |
| Processing purchases and file downloads | Performance of contract |
| Publisher payout processing | Contract / Legal obligation |
| Transactional emails (confirmations, links) | Performance of contract |
| Customer support | Legitimate interests |
| Fraud prevention and platform security | Legitimate interests / Legal obligation |
| Usage analytics to improve the Platform | Legitimate interests |
| Legal and regulatory compliance | Legal obligation |
| Marketing emails (opted-in only) | Consent (withdrawable at any time) |
5. Data Sharing
We do not sell your personal data. We may share it with the following recipients:
- Stripe, Inc. — for payment processing and payout management;
- Cloudinary — for media file storage and delivery;
- Cloud infrastructure providers (e.g., Vercel, AWS) — for hosting;
- Analytics providers — for aggregated, anonymised usage analytics;
- Law enforcement or regulatory authorities — when required by law or to protect legal rights.
Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards — such as Standard Contractual Clauses approved by the European Commission — are in place.
6. Data Retention
We retain your data for as long as necessary to fulfil the purposes described:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after deletion |
| Transaction records | 10 years (Romanian/EU tax law) |
| Support communications | 2 years |
| Log data | 12 months |
| Marketing consent records | Until withdrawn + 1 year |
7. Your GDPR Rights
As a data subject under the GDPR, you have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data, subject to legal obligations.
Right to Restriction
Request that we limit how we use your data.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Withdraw Consent
Withdraw consent at any time without affecting prior processing.
Lodge a Complaint
Complain to the ANSPDCP (Romania's supervisory authority) at dataprotection.ro.
To exercise any of these rights, contact us at legal@skill-mint.com. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- Encryption of data in transit using TLS/HTTPS;
- Passwords stored as salted hashes — we never store plaintext passwords;
- Access controls limiting personal data access to authorised personnel only;
- Regular security reviews of infrastructure and code;
- Secure, time-limited download tokens for purchased Skills.
Despite these measures, no internet transmission is completely secure. In the event of a data breach posing a risk to your rights, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.
10. Children's Privacy
The Platform is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a child, please contact us at legal@skill-mint.com and we will delete it promptly.
11. Third-Party Links
The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
12. Changes to This Policy
We may update this Privacy Policy at any time. Material changes will be communicated via email or a prominent Platform notice at least 14 daysbefore taking effect. The "Effective Date" at the top of this document indicates when the current version was last updated.
13. Contact Us
For questions, requests, or concerns regarding this Privacy Policy or your personal data:
Romanian Supervisory Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
www.dataprotection.ro