Agency Partner Privacy Policy — Profit Bid
This Agency Partner Privacy Policy (“Agency Privacy Policy”) explains how S.C. AXP GLOBAL RETAIL S.R.L., VAT: RO48715417, J02/1304/2023, Romania (office@profit-bid.com) (“Profit Bid”, “we”, “us”) processes personal data of participants in the Profit Bid agency partner program (“Agency Partners”).
This document supplements our general Privacy & Cookie Policy, which also applies to your use of the Profit Bid website and platform. For agency-specific processing described below, this Agency Privacy Policy takes precedence where details differ.
1. Data Controller
S.C. AXP GLOBAL RETAIL S.R.L.
Romania
Email: office@profit-bid.com
2. Scope
This policy covers data we process when you:
- Apply to or enroll in the Agency Program.
- Use the agency dashboard, license tools, and commission reports.
- Connect Stripe Connect for payouts.
- Communicate with us about agency billing, payouts, or support.
3. Categories of Data We Collect
3.1 Registration and account data
- Company name and contact person name
- Business email address
- Account credentials (password stored in hashed form by our auth provider)
- Billing address, city, postal code, country
- VAT payer status, VAT rate, and VAT/tax identification number where provided
3.2 Program and payout data
- Agency application status and assigned commission rate
- Stripe Connect account identifier and onboarding completion status
- Commission records, invoice references, transfer IDs, payout status (paid/pending)
- Monthly statements and reconciliation metadata
- License keys and subscription attribution linked to your agency account
3.3 Limited end-customer data for attribution
To calculate and audit commissions, we may process limited data about subscriptions you refer, such as:
- License key and linked subscription identifiers
- Customer email associated with a referred license (where required for tracking)
- Invoice amounts, billing periods, and payment status from Stripe
We do not provide agencies with full access to unrelated customers' personal data. You must only submit or link client information you are legally permitted to share.
3.4 Technical and security data
- IP address, browser/device information, and access logs
- Dashboard activity necessary for security, fraud prevention, and audit
4. Purposes and Legal Bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Agency enrollment, account management, authentication | Contract (Art. 6(1)(b) GDPR) — performance of Agency Program terms |
| Commission calculation, statements, and Stripe Connect payouts | Contract; Legal obligation for financial records where applicable |
| Fraud prevention, security monitoring, dispute resolution | Legitimate interests (Art. 6(1)(f) GDPR) |
| Program communications (payout notices, policy updates) | Contract; Legitimate interests |
| Tax and accounting compliance | Legal obligation (Art. 6(1)(c) GDPR) |
5. Recipients and Processors
We share agency data only as needed with trusted service providers, including:
- Stripe — payment processing, subscription billing events, and Stripe Connect payouts (may involve international data transfers under appropriate safeguards).
- Supabase — database hosting and authentication infrastructure.
- Resend (or equivalent email provider) — transactional emails such as welcome messages and payout-related notices.
- Vercel — application hosting and delivery.
We may also disclose data when required by law, court order, or to protect rights, safety, and integrity of the Service.
6. International Transfers
Some processors may store or process data outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms approved under GDPR.
7. Retention
- Agency account and commission records are retained for as long as your agency relationship is active and thereafter as needed for legal, tax, and accounting obligations.
- Financial and invoicing-related records may be kept for up to 10 years in line with Romanian fiscal requirements.
- Security logs are retained for a limited period appropriate to investigation and compliance needs.
8. Your Rights
Under GDPR, you may have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (subject to legal retention duties)
- Restrict or object to certain processing
- Data portability where applicable
- Withdraw consent where processing is consent-based
- Lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or your local supervisory authority
To exercise your rights, contact office@profit-bid.com. We may need to verify your identity before responding.
9. Security
We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit, and restricted administrative access. No method of transmission or storage is 100% secure; please use strong passwords and protect your agency credentials.
10. Cookies and Website Analytics
Use of the public Profit Bid website and marketing pages is governed by our general Privacy & Cookie Policy, including cookies used for analytics and advertising.
11. Children
The Agency Program is intended for business users. We do not knowingly collect data from individuals under 18.
12. Changes to This Policy
We may update this Agency Privacy Policy from time to time. The current version will always be available at this URL. Material changes may be communicated by email or dashboard notice where appropriate.
13. Contact
Privacy inquiries: office@profit-bid.com
See also: Agency Terms and Conditions · Agency Program
Last updated: June 2026






