Privacy Policy

Last updated: May 2026

1. Data Controller

Avalw S.R.L.
Romania, European Union

Data Protection Officer (DPO): office@avalw.com (Subject: DPO)

This Privacy Policy explains how Avalw S.R.L. ("AVALW," "we," "us," or "our") collects, uses, stores, and protects your personal data when you visit AVALW.COM ("the Platform"). We are committed to protecting your privacy and processing your data in compliance with applicable data protection laws.

2. Legal Framework

This Privacy Policy is designed to comply with the following regulations:

GDPR (Regulation (EU) 2016/679) -- the primary framework governing data processing for all users.
ePrivacy Directive (Directive 2002/58/EC, as amended) -- governing cookies and electronic communications.
Canada PIPEDA / CPPA -- Personal Information Protection and Electronic Documents Act and upcoming Consumer Privacy Protection Act.
Australia Privacy Act 1988 -- including the 13 Australian Privacy Principles (APPs).
Brazil LGPD (Lei Geral de Proteção de Dados, Law No. 13,709/2018) -- Brazil's comprehensive data protection law.
Japan APPI (Act on the Protection of Personal Information) -- Japan's data protection framework, enforced by the PPC.
China PIPL (Personal Information Protection Law) -- China's personal data protection law, effective November 2021.
India DPDP Act 2023 (Digital Personal Data Protection Act) -- India's first standalone data protection framework.
South Korea PIPA (Personal Information Protection Act) -- as amended in 2026 with enhanced penalties up to 10% of revenue.
Türkiye KVKK (Kişisel Verileri Koruma Kanunu, Law No. 6698) -- Turkey's personal data protection law.
Thailand PDPA (Personal Data Protection Act, B.E. 2562) -- Thailand's data privacy law, fully effective since June 2022.
UAE PDPL (Federal Decree-Law No. 45 of 2021) -- United Arab Emirates personal data protection law.
EU AI Act (Regulation (EU) 2024/1689) -- transparency obligations for AI-generated content, effective August 2, 2026.

For jurisdictions not listed above, AVALW applies the highest applicable standard, which is generally the EU GDPR.

3. Data We Collect

AVALW News is designed with data minimization as a core principle. We do not require user accounts, logins, or registrations to access the Platform. The data we collect is limited to what is strictly necessary for the operation and security of the service.

Data	Purpose	Retention	Legal Basis
IP address	Rate limiting and abuse prevention	Not stored persistently; used in-memory only	Legitimate interest (Art. 6(1)(f))
Consent preference	Recording your cookie/consent choice	12 months (localStorage)	Legal obligation (Art. 6(1)(c))
View counts	Internal analytics (aggregate, anonymous)	Indefinite (no personal data)	Legitimate interest (Art. 6(1)(f))
Email address (newsletter only)	Sending newsletter to subscribers	Until unsubscribe	Consent (Art. 6(1)(a))
Verification code (newsletter only)	Confirming newsletter subscription	Deleted after verification	Consent (Art. 6(1)(a))

Data We Do Not Collect

Browser fingerprints or device information.
Geolocation, GPS, or precise location data.
Browsing history or clickstream data.
Sensitive personal data (race, ethnicity, political opinions, religious beliefs, health data, sexual orientation, genetic or biometric data).
Data from children under the age of 16 (see Section 13).

4. How We Use Your Data

We use the data we collect for the following purposes only:

Security and abuse prevention: IP addresses are used in-memory for rate limiting to protect the Platform from abuse and denial-of-service attacks. They are not stored in logs or databases.
Consent management: Your cookie/consent preference is stored in your browser's localStorage to remember your choice and avoid repeated prompts.
Internal analytics: We maintain anonymous view counters for articles. These are aggregate numbers with no connection to any individual user.
Newsletter delivery: If you voluntarily subscribe to our newsletter, we use your email address solely to send you newsletter content. Subscription requires email entry and verification via a code sent to your email.

We do not use your data for profiling, behavioral advertising, content personalization based on user tracking, or any form of automated decision-making that produces legal effects concerning you.

5. Cookie Policy

What We Use

Item	Type	Purpose	Duration
Consent preference	localStorage	Records whether you accepted or rejected cookies	12 months
View counter	Server-side	Counts page views (anonymous, aggregate)	N/A (no client-side storage)
Newsletter subscription	Server-side	Stores email for newsletter delivery	Until unsubscribe

What We Do Not Use

No third-party advertising cookies.
No tracking pixels or web beacons.
No Google Analytics or any third-party analytics service.
No social media tracking cookies.
No cross-site tracking of any kind.

Cookie Controls

A "Reject All" option is always available.
No cookie walls: access to all content is never conditioned on accepting cookies.
You may clear your localStorage at any time through your browser settings.
Consent choices are stored locally in your browser and are never transmitted to our servers.

6. Google Fonts

The Platform loads fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When you visit the Platform, your browser makes requests to Google's servers to download these font files. This means Google receives your IP address and standard HTTP request headers.

AVALW does not control how Google processes this data. Google's handling of this information is governed by Google's Privacy Policy. We use Google Fonts for typographic quality and do not use any other Google services on the Platform.

7. Newsletter

AVALW offers an optional email newsletter. If you choose to subscribe:

You provide your email address voluntarily.
A verification code is sent to your email to confirm your subscription (double opt-in).
Your email address is stored securely and used solely for delivering newsletter content.
You can unsubscribe at any time using the unsubscribe link in every newsletter email, or by contacting office@avalw.com (Subject: Unsubscribe).
Upon unsubscription, your email address is deleted from our systems within 30 days.
We never share, sell, or rent your email address to any third party.

8. Data Retention

Data	Retention Period	Deletion Method
IP addresses	Not stored (in-memory only during request processing)	Automatic (memory cleared)
Consent preference	12 months	Automatic expiry or manual browser clear
Newsletter email	Until unsubscribe + 30 days	Permanent deletion from database
Verification codes	Deleted immediately after use or within 24 hours if unused	Automatic deletion
View counts	Indefinite (anonymous aggregate data, not personal data)	N/A

9. Your Rights (GDPR Articles 15-22)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

Right	GDPR Article	Description
Right of access	Article 15	Request a copy of any personal data we hold about you
Right to rectification	Article 16	Request correction of inaccurate personal data
Right to erasure	Article 17	Request deletion of your personal data ("right to be forgotten")
Right to restrict processing	Article 18	Request that we limit how we use your data
Right to data portability	Article 20	Receive your data in a structured, machine-readable format (JSON/CSV)
Right to object	Article 21	Object to processing based on legitimate interest
Right to withdraw consent	Article 7(3)	Withdraw consent at any time (e.g., newsletter unsubscribe)

To exercise any of these rights, contact office@avalw.com (Subject: Privacy). We will respond within 30 days as required by GDPR Article 12(3). In complex cases, this may be extended by an additional 60 days, and we will inform you of any extension within the initial 30-day period.

Exercising your rights is free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests, as permitted by GDPR Article 12(5).

10. Automated Decision-Making

AVALW does not engage in any automated decision-making or profiling that produces legal effects or similarly significantly affects users, as described in GDPR Article 22. Our AI systems are used exclusively for content creation (article synthesis and image generation), not for making decisions about individuals.

11. AVALW Live Protocol — Broadcast Data Processing

AVALW operates the AVALW Live Protocol, a real-time broadcast monitoring system that processes audio from publicly available live television news streams to generate original news articles. This section explains what data is and is not processed by this system.

What the Live Protocol Processes

Publicly broadcast audio: Audio from freely available, unencrypted live television news streams is captured and transcribed in real time. Audio is processed in transient memory buffers and is never recorded, stored, or archived.
Speech-to-text transcripts: Transcriptions of broadcast speech are generated using OpenAI Whisper running on AVALW's own infrastructure. Transcripts are used solely for news story detection and article generation, then deleted after processing.
Factual data points: Names of public figures, events, locations, dates, and other newsworthy facts mentioned in broadcasts are extracted for journalistic purposes under the public interest and freedom of the press exemptions.

What the Live Protocol Does NOT Collect or Store

No audio recordings are made or retained.
No video or visual content from broadcasts is captured, stored, or reproduced.
No personal data of broadcast viewers or audience members is collected.
No biometric data (voice prints, facial recognition) is extracted or processed.
No personal data of journalists, anchors, or reporters is collected beyond what they publicly state on air in their professional capacity as part of newsworthy events.
No broadcast content is rebroadcast, retransmitted, redistributed, or made available in its original form.

Legal Basis for Processing

Processing of broadcast content under the AVALW Live Protocol is based on:

GDPR Article 6(1)(f) — Legitimate interest: Journalistic processing of publicly broadcast information in the public interest.
GDPR Article 85 — Processing for journalistic purposes: Member States shall provide exemptions or derogations from certain GDPR provisions for processing carried out for journalistic purposes, insofar as necessary to reconcile the right to data protection with freedom of expression and information.
GDPR Recital 153: Processing of personal data solely for journalistic purposes should be subject to derogations or exemptions if necessary to reconcile the right to protection of personal data with the right to freedom of expression.

Data Retention for Live Protocol

Data	Retention	Notes
Audio buffers	0 seconds (not stored)	Processed in memory, immediately discarded
Raw transcripts	Deleted after article generation	Typically within minutes of creation
Published articles	Indefinite	Original works; do not contain broadcast content

Rights Regarding Live Protocol Content

If you are a public figure mentioned in an AVALW Live Protocol article and wish to request a correction or removal, contact office@avalw.com (Subject: Live Protocol). Requests are reviewed on a case-by-case basis, balancing the right to privacy with the public interest in news reporting.

Broadcasters who wish to exclude their channel from monitoring may request an opt-out at office@avalw.com (Subject: Live Protocol Opt-Out).

12. International Data Transfers

AVALW's infrastructure is located in the European Union (Romania). We process data primarily within the EU/EEA.

When data is transferred outside the European Economic Area (such as through the use of Google Fonts), we ensure an adequate level of protection through:

Adequacy decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
Standard Contractual Clauses (SCCs): As adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) for transfers to other jurisdictions.
UK International Data Transfer Agreement (IDTA): For transfers to/from the United Kingdom post-Brexit.
Technical safeguards: Encryption in transit (TLS 1.3) for all data transmitted to and from the Platform.

UK Representative

As required by UK GDPR Article 27, users in the United Kingdom may direct data protection inquiries to our UK point of contact: legal@avalw.com (Subject: UK GDPR). We are in the process of appointing a formal UK representative and will update this section upon completion.

Geographic Restrictions

AVALW News is not available in jurisdictions requiring a news publishing license that has not been obtained, including the People's Republic of China. See Section 15 of our Terms and Conditions for details.

13. Data Security

AVALW implements appropriate technical and organizational measures to protect personal data, in accordance with GDPR Article 32:

Encryption in transit: TLS 1.3 for all connections to the Platform.
Encryption at rest: AES-256 encryption for any stored personal data.
Access control: Strict role-based access with the principle of least privilege.
Infrastructure security: DDoS protection, firewall rules, and intrusion detection.
Data minimization: We collect and retain only the minimum data necessary for each stated purpose.

14. Children's Privacy

AVALW News is a general-audience news platform. We do not knowingly collect, store, or process personal data from children under the age of 16.

The Platform does not require registration or login, so we have no mechanism to verify the age of visitors. If we become aware that we have inadvertently collected personal data from a child under 16 (for example, through a newsletter subscription), we will delete that data immediately upon discovery.

If you are a parent or guardian and believe your child has provided personal data to AVALW, please contact us at office@avalw.com (Subject: Privacy) and we will promptly delete the information.

15. Data Breach Notification

In the event of a personal data breach, AVALW follows the procedures required by GDPR Articles 33 and 34:

Stage	Timeline	Action
Detection	T+0	Breach identified and containment measures initiated immediately
Assessment	T+24h	Scope, severity, and risk assessment completed
Authority notification	T+72h	ANSPDCP (Romanian DPA) notified if breach poses risk to individuals (GDPR Art. 33)
Individual notification	Without undue delay	Affected individuals notified if breach poses high risk to their rights and freedoms (GDPR Art. 34)
Post-incident report	T+7 days	Root cause analysis and remediation report completed

Notifications to affected individuals will include: the nature of the breach, the data involved, likely consequences, measures taken to address the breach, and contact details for further information.

16. Data Sharing

We never sell, rent, or trade personal data to any third party.

Limited data exposure may occur through:

Google Fonts: Your browser sends requests to Google's servers to load fonts (see Section 6).
Email delivery: Newsletter emails are transmitted through email infrastructure, which processes your email address for delivery purposes only.

Personal data may be disclosed to law enforcement or regulatory authorities only in response to a valid court order or binding legal obligation under Romanian or EU law.

17. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

Right to Know: What personal information is collected, used, and shared.
Right to Delete: Request deletion of personal information.
Right to Opt-Out: Opt out of the sale or sharing of personal information.
Right to Non-Discrimination: Equal service regardless of privacy choices.
Right to Limit Use of Sensitive Information: Limit processing of sensitive data.

AVALW does not sell or share personal information. We do not engage in targeted advertising, behavioral profiling, cross-context behavioral advertising, or data brokerage of any kind.

To exercise your California privacy rights, contact office@avalw.com (Subject: CCPA Request). We will respond within 45 days as required by law.

18. Changes to This Policy

Avalw S.R.L. reserves the right to update this Privacy Policy. When changes are made:

Material changes affecting your rights or how we process your data will be announced with 30 days advance notice.
The "Last updated" date at the top of this page will be revised.
If you have subscribed to our newsletter, we may notify you of material changes by email.
Continued use of the Platform after the notice period constitutes acceptance of the revised policy.

19. Contact and Complaints

For any questions, concerns, or requests related to your personal data or this Privacy Policy:

Privacy inquiries: office@avalw.com (Subject: Privacy)
Data Protection Officer: office@avalw.com (Subject: DPO)
General contact: contact@avalw.com

We aim to respond to all privacy-related inquiries within 30 days.

Right to Lodge a Complaint

If you are unsatisfied with our response or believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.

Romanian supervisory authority (ANSPDCP):

Website: www.dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucuresti, Romania

EU residents may also lodge a complaint with the data protection authority in their country of residence.

Canadian Users (PIPEDA / CPPA)

Canadian residents are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the upcoming Consumer Privacy Protection Act (CPPA). You may file a complaint with the Office of the Privacy Commissioner of Canada: www.priv.gc.ca.

Australian Users (Privacy Act 1988)

Australian residents are protected under the Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). You may file a complaint with the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au.

Brazilian Users (LGPD)

Brazilian residents are protected under Lei Geral de Proteção de Dados (LGPD), Law No. 13,709/2018. You have the right to access, correct, anonymize, delete, or obtain a copy of your personal data. Complaints may be filed with the Autoridade Nacional de Proteção de Dados (ANPD): www.gov.br/anpd.

Japanese Users (APPI)

Japanese residents are protected under the Act on the Protection of Personal Information (APPI). AVALW complies with APPI requirements regarding the collection, use, and disclosure of personal information. Complaints may be filed with the Personal Information Protection Commission (PPC): www.ppc.go.jp.

Chinese Users (PIPL)

Users in the People's Republic of China are protected under the Personal Information Protection Law (PIPL). AVALW does not operate servers within China and does not collect personal information beyond what is described in this policy. For inquiries, contact office@avalw.com (Subject: PIPL).

Indian Users (DPDP Act 2023)

Indian residents are protected under the Digital Personal Data Protection Act, 2023 (DPDP Act). You have the right to access, correct, and erase your personal data. AVALW processes minimal personal data and does not require user registration. For data-related requests, contact office@avalw.com (Subject: DPDP).

South Korean Users (PIPA)

South Korean residents are protected under the Personal Information Protection Act (PIPA), as amended in 2026 with fines up to 10% of total revenue for serious violations. AVALW complies with PIPA requirements. Complaints may be filed with the Personal Information Protection Commission (PIPC): www.pipc.go.kr.

Turkish Users (KVKK)

Users in Türkiye are protected under Kişisel Verileri Koruma Kanunu (KVKK), Law No. 6698. You have the right to request information about your data, its correction, or deletion. Complaints may be filed with the Kişisel Verileri Koruma Kurumu: www.kvkk.gov.tr.

Thai Users (PDPA)

Thai residents are protected under the Personal Data Protection Act (PDPA), B.E. 2562 (2019). You have the right to access, correct, delete, and withdraw consent for your personal data. Complaints may be filed with the Personal Data Protection Committee or the Expert Committee under the PDPA.

UAE Users (PDPL)

Users in the United Arab Emirates are protected under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. You have the right to access, correct, and request deletion of your data. Complaints may be filed with the UAE Data Office.

Other Jurisdictions

If you reside in a jurisdiction with data protection laws not specifically listed above, AVALW commits to processing your data in accordance with the highest applicable standard, which is generally the EU GDPR. You may exercise your rights by contacting office@avalw.com (Subject: Privacy).