BalassLabs

Legal

Legal, privacy and cookie policy

Last updated: 16 April 2026

This page combines the main legal, privacy and cookie information for balasslabs.com. BalassLabs is the public brand of the site, while the current operator is Robert Balassan as an individual operator.

1. Operator details

BrandBalassLabs
OperatorRobert Balassan
Websitebalasslabs.com
Email[email protected]
Location
Bucharest, Romania

BalassLabs is not currently incorporated as a separate company. If the legal structure changes in the future, this page will be updated with the new company details.

2. Scope of this page

This page applies to balasslabs.com and related services operated through it, including project pages, downloads, contact forms, account registration, login, profile management and associated account-security features.

3. Acceptable use

You agree not to:

  • abuse, attack, scrape, reverse engineer or disrupt the platform;
  • attempt unauthorized access to accounts, systems or data;
  • upload or transmit malicious code, spam or unlawful content;
  • misuse downloads, APIs or identity features in ways that violate applicable law.

4. Accounts, downloads and content

If you create an account, you are responsible for keeping your login details confidential and for activity carried out through that account. BalassLabs may suspend or terminate access where there is abuse, fraud or repeated policy violations.

Downloadable files are provided on an "as available" basis for legitimate personal, evaluation or internal testing use unless a project-specific license states otherwise. Third-party platforms linked from the site, such as social platforms or external video pages, remain subject to their own terms and policies.

5. Age restriction

BalassLabs services are not directed to children. To create an account on balasslabs.com you must be at least 16 years old. By registering you confirm that you meet this age requirement. If BalassLabs becomes aware that an account was created by a person under 16, the account will be removed and any associated personal data deleted.

6. What personal data BalassLabs may process

  • account details such as username, display name, email address and encrypted authentication data;
  • optional profile information you choose to add, such as avatar, first name, last name or phone number;
  • contact form submissions;
  • download request details, including IP address, request timing and file metadata;
  • service security and operational data such as IP addresses, refresh-token records, audit logs and request metadata;
  • privacy-choice records stored in browser storage;
  • optional analytics consent choices stored locally in the browser.

7. Why this data is processed

  • to provide requested services such as account access, profile management and downloads;
  • to respond to messages sent through the contact form;
  • to send account-related emails such as verification and password reset messages;
  • to secure the site, prevent abuse, rate-limit suspicious traffic and investigate incidents;
  • to understand site usage through analytics, but only when optional analytics consent is granted.

Depending on the feature, the main legal basis is performance of requested services, taking steps requested by you before using an account feature, the operator's legitimate interest in securing and running the site, or your consent for optional analytics storage.

Some data is necessary to provide the requested service. For example, account and authentication details are needed to create and secure an account, contact details are needed to reply to a message, and certain security and request metadata are needed to deliver downloads and protect the site against abuse. If you do not provide required data for a specific feature, BalassLabs may not be able to provide that feature.

8. Cookies and browser storage

Essential storage is used for privacy choices and sign-in continuity. After login, the site may use a secure HttpOnly refresh-token cookie together with a local session hint so that the account session can be restored.

Local optional consent currently covers Analytics only. If you allow analytics, BalassLabs loads Google Analytics to measure visits and site usage. That may involve cookies or similar identifiers and technical information associated with your visit, such as page views, interaction events, browser or device details and request-related identifiers used by Google's measurement tooling. Advertising and personalized ads are not currently active on balasslabs.com.

You can reject optional storage, allow analytics or review the current privacy controls shown on the site.

  • refreshToken — first-party HttpOnly cookie used to restore signed-in sessions; expires after up to 7 days unless rotated or revoked earlier.
  • balasslabs_auth_hint — first-party local storage flag used to know whether silent session restoration should be attempted; cleared on logout.
  • balasslabs_cookie_consent_v2 — first-party local storage entry containing privacy-choice state and the last update timestamp; remains until you change it or clear browser storage.
  • Google Analytics storage — only loaded after analytics consent is granted; may set Google-managed cookies or similar identifiers for measurement purposes.

9. Sharing and recipients

Personal data may be shared only where needed to operate the site and related services, for example with infrastructure and hosting providers, the transactional email provider used for account and contact mail, or Google Analytics when analytics consent has been granted. Data may also be disclosed where required by law or to protect the site, its users or the operator against abuse or fraud.

BalassLabs does not sell personal data.

10. International transfers

Depending on the provider and its infrastructure, some processing may involve systems located outside Romania or outside the EU/EEA. Where personal data is transferred outside the EU/EEA, BalassLabs relies on either an adequacy decision adopted by the European Commission under Article 45 GDPR, or on appropriate safeguards under Article 46 GDPR, in particular the Standard Contractual Clauses (SCCs) approved by the European Commission. Where required, supplementary technical and organizational measures are applied to protect the affected data. You can request a copy of the safeguards used for a specific transfer by contacting the operator at the address listed in the Contact section.

11. Retention

  • download logs are scheduled for cleanup after up to 30 days;
  • download access tokens are short-lived and expire automatically after roughly 5 minutes;
  • account action links for verification, password reset or email change expire automatically after roughly 30 minutes;
  • refresh-token cookies expire after 7 days unless replaced or revoked earlier;
  • security audit logs are scheduled for cleanup after up to 180 days;
  • cookie-consent preferences remain stored until you change them or clear browser storage;
  • account data is generally kept while the account remains active, unless deletion or cleanup is requested;
  • contact messages are not currently deleted on a fixed automatic timer; they are kept only as long as reasonably necessary to answer, follow up and maintain a record of the communication.

12. Your choices and rights

You can manage optional cookies from the privacy controls, clear browser storage, sign out, request a password reset, update profile details or delete your BalassLabs account from the account area.

If analytics consent was previously granted, you can withdraw it at any time from the privacy controls. Withdrawal does not affect processing that already took place before the change.

Subject to applicable law, and in particular the GDPR, you have the following rights in relation to personal data processed about you:

  • the right of access (Art. 15);
  • the right to rectification (Art. 16);
  • the right to erasure, also known as the "right to be forgotten" (Art. 17);
  • the right to restriction of processing (Art. 18);
  • the right to data portability (Art. 20);
  • the right to object to processing based on legitimate interests or for direct marketing (Art. 21);
  • the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal (Art. 7(3));
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you (Art. 22);
  • the right to lodge a complaint with a supervisory authority, in particular the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) for users in Romania.

To exercise any of these rights, contact the operator at the address listed in the Contact section.

Processing is carried out in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and, for users in Romania, Romanian Law no. 190/2018 implementing the GDPR.

13. Security of your data

BalassLabs uses industry-standard measures to protect personal data, including HTTPS in transit, HSTS, a strict Content Security Policy, HttpOnly refresh-token cookies, server-side hashing of authentication secrets, rate limiting on sensitive endpoints and routine cleanup of expired tokens and logs. No online service can be completely secure, so BalassLabs also maintains security audit logs and reviews suspicious activity.

14. Data breach notification

If BalassLabs becomes aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, the relevant supervisory authority will be notified within 72 hours of awareness, in line with Article 33 of the GDPR. Where the breach is likely to result in a high risk to you, BalassLabs will also notify affected users directly without undue delay, in line with Article 34 of the GDPR, using the email address on file for the account.

15. Intellectual property

Unless stated otherwise, BalassLabs content, branding, visuals and code samples are protected by applicable intellectual-property laws. You may not copy, republish or commercially reuse them without prior permission.

16. Availability and liability

Services are provided on an "as is" and "as available" basis. BalassLabs aims to keep the site reliable and secure, but uninterrupted availability cannot be guaranteed. To the maximum extent permitted by law, BalassLabs is not liable for indirect, incidental or consequential damages arising from use of the website, downloads or third-party links.

17. Changes

BalassLabs may update this page from time to time to reflect product, security or legal changes. The date at the top shows the latest revision.

18. Contact

For legal, privacy or policy questions, contact Robert Balassan at [email protected] or use the Contact page on this site.