Privacy Policy

Last updated: 2026-04-21

This Privacy Policy explains what personal data LineageRemote collects, why, and how it's handled. It applies to the website at l2.smart123.ro and to the LineageRemote Windows client.

1. Who we are

LineageRemote is operated by the owner of l2.smart123.ro, acting as data controller under Regulation (EU) 2016/679 ("GDPR"). Contact: contact@smart123.ro.

2. What we collect

Account data

• Email address (used as login identifier and for transactional email)
• A password hash (we never store passwords in clear text)
• Account creation timestamp

Device data

• A random host key, device name, and public key for each PC you pair
• Local-network address of the PC (used to offer LAN direct-connect)
• The last timestamp we saw the device online
• Optional: which other accounts you've shared access with

Billing data

• A Stripe customer ID and subscription ID tied to your account
• Subscription status, current period end, and quantity

We do not receive or store your card number. Card data is collected and stored by our payment processor, Stripe, Inc., under their own terms and privacy policy (stripe.com/privacy).

Operational logs

• Authentication events, pairing attempts, and administrative actions (for security auditing)
• Short-lived application logs from the Windows client, sent back for support and diagnostics
• HTTP access logs (IP, user agent, endpoint, response code) maintained by our reverse-proxy for security and abuse prevention

Streaming content

The video and input streams between your viewer and your PC go through a WebRTC connection that prefers direct / LAN paths and falls back to our TURN relay when necessary. We do not record these streams. Media relayed through TURN is end-to-end encrypted and is not retained.

3. Why we collect it (legal bases)

• Contract (Art. 6(1)(b) GDPR) — to provide the Service you subscribed to.
• Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse, and debug problems.
• Legal obligation (Art. 6(1)(c)) — for invoicing and accounting records required by law.

4. Who we share with

• Stripe, Inc. — payment processing (PCI-DSS compliant).
• Our hosting provider — server infrastructure in the EU.
• No advertising networks, no data brokers, no third-party analytics on the dashboard.

5. How long we keep it

• Account and device data: for as long as your account is active, plus 30 days after deletion.
• Invoices and payment records: 7 years, as required by accounting regulations.
• Access logs: up to 90 days.
• Client application logs: up to 30 days.

6. Your rights

Under GDPR you can ask us to:

• confirm what data we hold about you and get a copy;
• correct data that's wrong or incomplete;
• delete your data (subject to legal retention obligations);
• restrict or object to certain processing;
• receive your data in a portable format;
• lodge a complaint with your national data-protection authority.

To exercise any of these rights, email contact@smart123.ro. We'll respond within 30 days.

7. Security

We use HTTPS everywhere, store password hashes with a modern KDF, sign authentication tokens with Ed25519, and pin the TLS certificate in our Windows client to prevent traffic interception. Access to the production database is restricted to a dedicated service account, and administrative actions are audit-logged.

No system is perfectly secure. If we discover a breach affecting your personal data, we'll notify you and the relevant authorities within the timeframes required by law.

8. Cookies

We use only strictly necessary cookies: session cookies for authentication and a CSRF token. We do not use analytics or advertising cookies.

9. International transfers

Our servers are located in the European Union. Stripe may process data outside the EU under the Standard Contractual Clauses; see Stripe's privacy policy for details.

10. Children

LineageRemote is not directed to children under 18. We don't knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

11. Changes

If we make material changes to this policy, we'll notify you by email or via the dashboard. The "Last updated" date at the top always reflects the current version.