Data Management Policy

Last updated: May 2026

1. Scope of Data Managed

We manage and process operational data critical to running our heavy machinery repair activities. This includes client registration data (CUI, EUID, addresses), employee account data, vehicle license plates (saved for scheduling logistics), technician work sheets (manpower hours, standby hours, travelled distance), billing rates, project currency choices (EUR vs RON), and uploaded attachments (damage photos, safety certifications).

2. Data Flow and Infrastructure Architecture

All structured operational data, including project details and completed work sheets, are stored securely on a Neon PostgreSQL database hosted on cloud servers. Uploaded files, damage reports, and photos are safely stored and managed via Cloudinary integration. Communication between the user browser, API routes, and database triggers is fully encrypted via SSL (HTTPS).

3. Storage Retention and Deletion

Completed worksheets (deviz) and project settings are stored for a period of 5 years to meet regional tax, accounting, and technical safety auditing requirements. Operational data that is no longer required is permanently deleted from active storage. Upon request, customer/client records can be exported or purged in compliance with GDPR guidelines, provided all pending commercial contracts are resolved.

4. Database Security and Access Controls

Data access is strictly limited to authorized personnel. Admin dashboards and technician sheet generators are protected by NextAuth session authentication tokens. We employ advanced SQL injection prevention, parameterised query execution via Prisma ORM, and secure API key management to ensure that database queries are protected against leakage.

5. Contact & Data Officer

For data export queries or to request technical operational audit logs, please contact our data coordinator: KRANE XPERT SRL, office@krane-xpert.com.