this2that

Privacy Policy

Last updated: 11 April 2026

1. Introduction

This Privacy Policy explains how FUN MANAGEMENT SRL (“we”, “us”, “our”) collects, uses, and protects your personal data when you use This2That (the “Service”), a tool that helps you transfer video files from Vimeo to Google Drive.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Romanian data protection law.

2. Data Controller

The data controller responsible for your personal data is:

FUN MANAGEMENT SRL
str. D.D. Rosca nr. 12, Cluj-Napoca, Romania
Registration number: RO23772000
Email: support@funmanagement.ro

3. Data We Collect

We are designed to collect as little personal data as possible. Here is exactly what we collect and why:

3.1 Authentication Data (OAuth Tokens)

When you connect your Vimeo and Google Drive accounts, we receive OAuth access tokens. These tokens allow us to read your videos from Vimeo and upload them to Google Drive on your behalf.

  • We do not receive or store your Vimeo or Google passwords.
  • OAuth tokens are stored encrypted and only for the duration needed to complete your transfers.
  • Tokens are automatically deleted within 24 hours of transfer completion or expiration.

3.2 Account Identifiers

We collect your Vimeo user ID to track your purchases and transfer history. This is a numeric identifier provided by Vimeo, not your email or password.

3.3 Payment Information

Payments are processed by Stripe, our third-party payment provider. We do not see or store your full credit card details. Stripe provides us with:

  • Your email address (for receipts and customer support)
  • A Stripe customer ID (for matching purchases to upgrades)
  • Payment status and amount

Stripe's own privacy policy applies to the payment process and is available at stripe.com/privacy.

3.4 Transfer Metadata

For each video you transfer, we store:

  • The Vimeo video ID
  • The video title
  • The file size
  • Transfer status (pending, in progress, completed, failed)
  • Timestamps

This metadata is used to track your purchased capacity, show you transfer progress, and provide customer support if something goes wrong.

3.5 Technical Data

When you use the Service, our servers automatically log:

  • IP addresses (for rate limiting and security)
  • Browser type and version
  • Error messages and diagnostic information
  • Timestamps of API requests

Logs are retained for 30 days, then automatically deleted.

3.6 What We Do NOT Collect

  • We do not store your video content. Files are streamed directly from Vimeo to Google Drive without being saved on our servers.
  • We do not collect your name, phone number, or address (Stripe handles billing details).
  • We do not use tracking cookies, advertising pixels, or third-party analytics that profile you.
  • We do not sell or share your data with advertisers or data brokers.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

  • Performance of a contract: Processing your OAuth tokens, transfer metadata, and payment information is necessary to provide the Service you have purchased.
  • Legitimate interests: We process technical logs for security, fraud prevention, and to maintain the integrity of the Service.
  • Legal obligation: We retain certain payment records to comply with Romanian and EU tax law.
  • Consent: When you connect your Vimeo and Google Drive accounts via OAuth, you provide consent for us to access those accounts as authorized.

5. How We Use Your Data

We use your personal data only for the following purposes:

  • To execute the video transfers you request
  • To process your payments and issue receipts
  • To track your purchased transfer capacity and prevent abuse
  • To provide customer support when you contact us
  • To detect and prevent fraud, abuse, or unauthorized access
  • To comply with legal obligations (such as tax record-keeping)
  • To improve the Service based on aggregated, anonymized usage patterns

We do not use your data for marketing, profiling, or automated decision-making that produces legal effects.

6. Who We Share Your Data With

We share your personal data only with the following categories of recipients, and only when necessary:

6.1 Service Providers

  • Stripe (Ireland/USA): payment processing
  • Hetzner (Germany): cloud hosting infrastructure
  • Google (USA): Google Drive API for uploading your videos
  • Vimeo (USA): Vimeo API for accessing your videos

6.2 Legal Disclosures

We may disclose your data if required by law, court order, or to protect our legal rights. We will notify you of such requests unless prohibited by law.

6.3 Business Transfers

If FUN MANAGEMENT SRL is acquired, merged, or sells assets, your data may be transferred as part of that transaction. We will notify you in advance and ensure the new entity respects this Privacy Policy.

7. International Data Transfers

Some of our service providers (Stripe, Google, Vimeo) are located outside the European Economic Area, including in the United States. When your data is transferred to these countries, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-U.S. Data Privacy Framework certifications where applicable
  • Service provider compliance with international privacy frameworks

By using the Service, you understand and accept that your data may be processed in countries outside the EEA.

8. Data Retention

We retain different types of data for different periods:

  • OAuth tokens: deleted within 24 hours of transfer completion or expiration
  • Transfer metadata: retained for 12 months for customer support purposes
  • Payment records: retained for 10 years to comply with Romanian tax law
  • Technical logs: retained for 30 days, then automatically deleted
  • Email correspondence: retained for 24 months from the last interaction

After these periods, data is permanently deleted or anonymized.

9. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: Ask us to limit how we process your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw your OAuth authorization at any time via your Vimeo or Google account settings.
  • Right to lodge a complaint: File a complaint with a data protection authority.

To exercise any of these rights, contact us at support@funmanagement.ro. We will respond within 30 days.

If you believe we have not handled your request properly, you may file a complaint with the Romanian Data Protection Authority (ANSPDCP):

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Website: dataprotection.ro

10. Data Security

We take reasonable technical and organizational measures to protect your personal data, including:

  • All data transmitted between you and our servers is encrypted using TLS (HTTPS)
  • OAuth tokens are encrypted at rest using industry-standard encryption
  • Access to our infrastructure is restricted and logged
  • We follow security best practices for our cloud infrastructure
  • Regular security updates are applied to our systems

However, no method of transmission or storage is 100 percent secure. While we strive to protect your data, we cannot guarantee absolute security.

If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities within 72 hours, as required by GDPR.

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we discover that we have collected data from a person under 18, we will delete it promptly.

12. Cookies and Local Storage

We use minimal cookies and browser storage, only as necessary to operate the Service:

  • Session cookies: to maintain your authentication state during a transfer session
  • Local storage: to track free trial usage (10-file limit) and remember your preferences

We do not use third-party tracking cookies, advertising cookies, or analytics that profile you across websites. There is no cookie consent banner because we do not use tracking cookies that would require one.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Service, legal requirements, or our practices. The updated version will be posted on our website with a new “Last updated” date.

If we make significant changes that affect your rights, we will notify you by email if we have your contact information from a previous purchase.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us at:

FUN MANAGEMENT SRL
str. D.D. Rosca nr. 12, Cluj-Napoca, Romania
Email: support@funmanagement.ro
Registration number: RO23772000

We will do our best to respond to your inquiry within a reasonable timeframe and within 30 days as required by GDPR.