LEGAL

Privacy // Terms // Cookies // security2035.tech

Privacy Policy

Last updated · 17 April 2026

security2035.tech ("the Site") is operated by Dan Tenescu, Bucharest, Romania. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian Law 190/2018.

01 // Data Controller

Dan Tenescu
Email: contact@security2035.tech
Bucharest, Romania

02 // What Data We Collect

Email address — required for account creation and digest delivery
Name — optional, for personalization
Password — stored as a bcrypt hash, never in plaintext
Preferences — severity filters, vendor interests, category interests, digest schedule
Session data — a session cookie for authentication (see Cookie Policy)
Visitor analytics — if you accept analytics, we record anonymous page views: page path, referrer, UTM parameters, device and browser class, screen-size class, and country (derived from your IP, which is itself never stored), tied to a random first-party cookie ID. See Cookie Policy.

We do not collect: browser fingerprints, precise location, raw IP addresses, or any data from third-party trackers. Analytics is first-party and self-hosted, and runs only with your consent.

03 // Purpose & Legal Basis

Account & authentication — to provide the service (Art. 6(1)(b) GDPR — contract performance)
Email digest — to deliver the daily security news digest you opted into (Art. 6(1)(a) GDPR — consent)
Preferences — to personalize your feed and digest (Art. 6(1)(b) — contract performance)
Visitor analytics — to understand site usage and improve the service (Art. 6(1)(a) GDPR — consent)

04 // Data Retention

Account data — retained until you delete your account or request erasure
Session cookies — expire after 8 hours
Articles — stored indefinitely (public cybersecurity news, no personal data)
Analytics events — automatically deleted after 400 days

05 // Data Sharing

We do not sell, rent, or share your personal data with third parties. Email delivery is handled by our own mail server (Postfix) running on the same infrastructure. No external email services are used.

06 // Your Rights (GDPR Articles 15–22)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data (via Settings)
Erasure — request deletion of your account and all associated data ("right to be forgotten")
Data portability — receive your data in a structured, machine-readable format
Withdraw consent — unsubscribe from digest at any time via the link in every email
Lodge a complaint — with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro

To exercise any of these rights, contact: contact@security2035.tech

07 // Security Measures

HTTPS/TLS encryption for all traffic
Passwords hashed with bcrypt (12 rounds)
Session cookies: HttpOnly, Secure, SameSite=Strict
CSRF protection on all state-changing requests
Brute-force protection with account lockout
No third-party scripts or trackers; analytics is first-party, self-hosted, and consent-based

08 // International Transfers

All data is processed and stored on servers located in the European Union. No data is transferred outside the EU/EEA.

Terms of Service

Last updated · 17 April 2026

01 // Service Description

security2035.tech is a free cybersecurity news aggregator that collects articles from public RSS feeds, classifies them by severity, tags them by category and vendor, generates AI summaries, and optionally delivers a daily email digest.

02 // Content Disclaimer

All articles displayed on this site are aggregated from third-party sources. We do not author, verify, or endorse the content. Article titles, descriptions, and links belong to their respective publishers. AI-generated summaries are produced automatically from RSS feed descriptions and may contain inaccuracies.

03 // Account

Registration is free and optional
You must provide a valid email address
You are responsible for keeping your password secure
We reserve the right to suspend accounts that violate these terms

04 // Acceptable Use

You agree not to:

Use automated tools to scrape or bulk-download articles
Attempt to gain unauthorized access to the system
Use the service for commercial redistribution of aggregated content

05 // Availability

The service is provided "as is" without guarantees of uptime or availability. We may modify, suspend, or discontinue the service at any time.

06 // Intellectual Property

The security2035.tech platform (code, design, branding) is the property of the operator. Third-party article content remains the property of its respective publishers.

07 // Limitation of Liability

To the maximum extent permitted by law, the operator is not liable for any damages arising from the use of this service, including but not limited to reliance on aggregated content, service interruptions, or data loss.

08 // Governing Law

These terms are governed by the laws of Romania and the European Union. Any disputes shall be resolved by the competent courts of Bucharest, Romania.

Cookie Policy

Last updated · 19 May 2026

01 // What Cookies We Use

Strictly necessary cookie — no consent required:

connect.sid — Session cookie for authentication. HttpOnly, Secure, SameSite=Strict. Expires after 8 hours. Without this cookie, login functionality would not work.

Analytics cookie — set only if you select “Accept” on the cookie notice:

sf_vid — A random first-party identifier used to count unique visitors. HttpOnly, Secure, SameSite=Lax. Expires after 400 days. It is never shared with third parties and is not used for advertising. If you decline analytics, this cookie is never set.

02 // What We Do NOT Use

No third-party analytics (Google Analytics, Matomo, etc.) — our analytics is first-party and self-hosted
No advertising cookies
No third-party tracking cookies
No social media cookies or embeds
No fingerprinting or cross-site tracking

03 // Local Storage

We use browser localStorage for:

secfeed.theme — your selected light/dark theme
landing-dismissed — whether you've seen the welcome page
personalized — your feed personalization toggle state
secfeed.consent — whether you accepted or declined analytics

localStorage is not sent to the server and contains no personal data.

04 // Consent

Under the ePrivacy Directive (2002/58/EC) and GDPR, the strictly necessary session cookie does not require consent. The sf_vid analytics cookie does require consent: it is set only after you select “Accept” on the cookie notice, and never if you select “Decline”. You can withdraw consent at any time by clearing the secfeed.consent value in your browser storage; you can also delete cookies through your browser settings.

05 // Contact

For questions about our cookie usage: contact@security2035.tech