Oria

Legal

GDPR
Notice.

Your rights and our obligations under Regulation (EU) 2016/679 (GDPR) when you interact with Oria or have your property captured by us.

Last updated: May 19, 2026

1. The controller

The controller of your personal data is ZETTASOURCE S.R.L., a Romanian company with registered office at Str. Serelor nr. 5B, Onești, jud. Bacău, 601115, Romania, registered with the Trade Registry under J04/1144/2021, CUI 44525193, EUID ROONRC.J2021001144043.

Contact for GDPR matters: contact@zetta360.com. We have not appointed a Data Protection Officer; GDPR enquiries are handled by the founders directly.

2. Scope of this notice

This notice applies to personal data we process when you visit realoria.com, request a quote, sign up to the waitlist, create an account, become a client of our Studio or Air services, or are recorded incidentally during a Studio capture session.

It complements our Privacy Policy and Terms of Service.

3. Categories of data

  • Identification & contact — name, email, phone, company, role.
  • Account & authentication — email, hashed password or identity provider identifiers, session tokens.
  • Commercial — quote, project briefs, billing details, VAT number.
  • Property & capture media — addresses, photos, videos, floor plans, and 3D scans of the property.
  • Technical — IP address, browser, device, log timestamps, and aggregate tour analytics.

We do not knowingly process special categories of personal data (Art. 9 GDPR). If you appear in the background of a capture session, we will take reasonable steps to blur or remove identifying features on request.

4. Purposes & legal bases

  • Deliver the service — Art. 6(1)(b) GDPR, performance of a contract.
  • Manage accounts & security — Art. 6(1)(b) and (f), contract and legitimate interests in keeping the service secure.
  • Marketing communications — Art. 6(1)(a), your consent. You can withdraw consent at any time.
  • Invoicing & accounting — Art. 6(1)(c), legal obligation under Romanian fiscal law.
  • Product analytics & improvement — Art. 6(1)(f), legitimate interest in operating and improving the service, balanced against your rights.

5. Recipients

We share personal data only with processors acting on our instructions: cloud hosting and database providers (Vercel, Supabase), email and messaging providers, payment processors, and our accountants. We do not sell personal data. Public authorities receive data only when legally required.

6. International transfers

We prefer EU/EEA-hosted infrastructure. Where a processor operates outside the EEA, the transfer is governed by Standard Contractual Clauses approved by the European Commission and complemented by appropriate technical and organisational measures.

7. Retention

  • Enquiries and quotes: up to 24 months from last contact.
  • Account data: for the life of the account plus 90 days.
  • Tour media: for the hosting term plus 30 days.
  • Invoices: 10 years (Romanian fiscal law).
  • Marketing consents: until withdrawn, plus a short record of the withdrawal.

8. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectify inaccurate or incomplete data (Art. 16).
  • Erasure — request deletion where the data is no longer necessary or processed on consent (Art. 17).
  • Restrict processing in specific situations (Art. 18).
  • Data portability — receive a copy in a structured, machine-readable format (Art. 20).
  • Object to processing based on legitimate interests, including profiling (Art. 21).
  • Withdraw consent at any time, without affecting prior lawful processing (Art. 7).

9. How to exercise rights

Send your request to contact@zetta360.com with enough information to identify you and the right you want to exercise. We will respond within 30 days. We may ask for additional verification before disclosing personal data, and we may extend the deadline by up to 60 days for complex requests, telling you why.

Where a request is manifestly unfounded or excessive, we may refuse it or charge a reasonable fee, as permitted under Art. 12(5) GDPR.

10. Automated decisions

We use automated processing in our Air pipeline to stabilise footage, register frames, and produce a Gaussian-Splatting reconstruction. These steps do not produce legal effects or significantly similar effects on you within the meaning of Art. 22 GDPR. A human editor reviews every Air delivery before it is released.

11. Supervisory authority

If you believe we have processed your personal data in breach of the GDPR, you can lodge a complaint with the Romanian Data Protection Authority — Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal:

You may also lodge a complaint with the supervisory authority of your habitual residence or place of work in the EU.

Data controller

ZETTASOURCE S.R.L.

Trade Registry
J04/1144/2021
Sole Registration Code (CUI)
44525193
EUID
ROONRC.J2021001144043
CAEN
6201 — Computer programming activities
Registered office
Str. Serelor nr. 5B, Onești, jud. Bacău, 601115, Romania
Website
realoria.com