Last updated: January 5, 2026
This Privacy Policy explains how personal data is collected, used, stored and protected in connection with the My 5 Contacts mobile application and the website https://my5contacts.com (hereinafter referred to as the “Service”).
This Service is provided by S.C. ANDRUINO S.R.L., Romania (hereinafter referred to as the “Company”, “we”, “us” or “our”), acting as data controller in accordance with Regulation (EU) 2016/679 (“GDPR”).
By using the My 5 Contacts application or the associated website, you acknowledge that you have read and understood this Privacy Policy.
S.C. ANDRUINO S.R.L.
Romania
Email:
contact@andruino.ro
This Privacy Policy applies exclusively to:
the My 5 Contacts mobile application
the website https://my5contacts.com
The website does not use cookies and does not perform tracking, profiling or behavioral analysis.
When creating an account in the My 5 Contacts application, we process:
username
password (stored in hashed form)
email address (used for account management and recovery, if applicable)
The My 5 Contacts application allows users to manually select up to five contacts from their device’s address book.
For these selected contacts, the following data may be stored on our servers:
contact name
phone number
Only the contacts explicitly selected by the user are
processed.
We do not automatically collect or upload the
full contact list of the device.
Personal data is processed strictly for the following purposes:
providing the core functionality of the My 5 Contacts application
allowing users to securely store up to five contacts on a remote server
allowing users to access and call those contacts from another device if their primary phone becomes unavailable
account management and user authentication
ensuring the security and proper functioning of the Service
Personal data is not used for marketing, advertising, profiling or analytics.
We process personal data based on:
Article 6(1)(b) GDPR – performance of a contract (providing the Service requested by the user)
Article 6(1)(f) GDPR – legitimate interest in ensuring the security and proper operation of the Service
Article 6(1)(a) GDPR – consent, where applicable
We take data security seriously and apply appropriate technical and organizational measures to protect personal data.
Sensitive data stored on our servers is encrypted using AES-128.
Passwords are stored using secure one-way hashing (SHA-256).
Data transmission between the application and the server is protected using secure communication protocols.
Despite these measures, no method of transmission or storage is 100% secure, but we strive to use industry-standard protections.
We do not sell, rent or share personal data with third parties for marketing or commercial purposes.
Personal data may be disclosed only:
to service providers involved in hosting or maintaining the Service (acting as data processors)
if required by law or by a competent public authority
All processors act under contractual obligations to protect personal data in accordance with GDPR.
Personal data is stored only for as long as necessary to provide the Service.
Account and contact data is retained while the user account is active.
Users may delete their account at any time (see Section 9).
After account deletion, all associated personal data is permanently removed from our servers, except where retention is required by law.
Users can delete their account and all associated data directly from within the My 5 Contacts application.
Upon account deletion:
all stored contacts and account data are permanently erased from our servers
the Service becomes inaccessible to the user
This process is irreversible.
As a data subject, you have the following rights:
right of access
right to rectification
right to erasure (“right to be forgotten”)
right to restriction of processing
right to data portability
right to object to processing
right to withdraw consent at any time
To exercise these rights, please contact us at: contact@andruino.ro
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:
National Authority for the Supervision of Personal Data
Processing (Romania)
B-dul G-ral Gheorghe Magheru 28-30
Sector 1, Bucharest, Romania
Email:
anspdcp@dataprotection.ro
We may update this Privacy Policy from time to time.
Any
changes will be published on this page and will become effective upon
publication.