What services does MHLSQ offer?

MHLSQ transforms your ideas into production-ready web products. From MVP development to scaling SaaS platforms, we handle everything: Next.js & React applications, Firebase integration, custom web platforms, and seamless user experiences. Every project is built with performance, accessibility, and scalability at its core.

Where is MHLSQ located?

MHLSQ is based in Bucharest, Romania, but we serve clients worldwide. We work remotely with startups and businesses across Europe, United States, and globally.

What technologies does MHLSQ use?

We primarily work with Next.js, React, TypeScript, Firebase, Tailwind CSS, Node.js, and Vercel. We focus on modern web technologies that ensure high performance, scalability, and excellent user experience.

How can I contact MHLSQ?

You can contact MHLSQ via email at alexmihalascu@gmail.com or by phone at +40752571265. We typically respond within 24 hours.

What is the typical project timeline?

Timelines vary by scope and complexity. A focused MVP or digital experience takes 2-4 weeks, while a full-featured SaaS platform or web application typically requires 6-12 weeks. Every project includes a clear milestone plan with defined deliverables.

Last updated 16 November 2025

Privacy Policy

Name: MHLSQ
Address: Bucharest, Bucharest, Bucharest, RO
Telephone: +40752571265
Price range: $$

How I collect, keep, and use the information you share while browsing mhlsq.ro or submitting a contact request.

Data Controller

Under the General Data Protection Regulation (GDPR) and Romanian Law 190/2018, I am the data controller responsible for your personal information collected through this website.

Name: Alexandru Mihalascu
Location: Bucharest, Romania
Email: alexmihalascu@gmail.com
Phone/WhatsApp: +40 752 571 265
Website: https://mhlsq.ro

Who I am

My name is Alexandru Mihalascu. I design and build web products independently from Bucharest, Romania, and I am the sole operator of this website. You can reach me at alexmihalascu@gmail.com or by phone/WhatsApp at +40 752 571 265.

Personal data I collect

I only collect the information that is necessary to reply to messages, plan a project, or improve the experience of this site.

Contact and project forms

Name, email address, and optional phone number so I can reply.
Context you voluntarily share about your product, timeline, budget, or files.
The date/time of your submission and the referrer page for troubleshooting.

Direct communication

Emails, LinkedIn/WhatsApp conversations, and meeting notes relevant to our work.

Usage data

Google Analytics 4 cookies (_ga, _ga_*, _gid) collect anonymous metrics (page views, session duration, traffic sources, device type, approximate region) only after you opt in through the cookie banner.
Google Analytics data is processed according to Google's Data Processing Terms and stored for up to 26 months.
Error logs and performance metrics supplied by Vercel if something breaks while you browse.

How I use your information

To answer questions, provide quotes, and deliver services you requested.
To prepare proposals, invoices, or contractual paperwork when we decide to work together.
To operate, secure, and debug the site (for example, deterring spam and abuse).
To analyse aggregated usage when analytics cookies are enabled (via Google Analytics 4) so I can prioritise improvements and understand which content is most helpful.
Anonymous analytics data is shared with Google LLC for processing according to their Data Processing Terms.
To comply with legal or accounting obligations in Romania.

Legal bases

Legitimate interest in running my business and replying to genuine enquiries.
Consent, when you explicitly opt in to optional analytics or marketing updates.
Contractual necessity when we sign a statement of work, purchase order, or NDA.

Storage & retention

Contact form submissions are stored securely in Firebase (Cloud Firestore) and in my email inbox. I review enquiries every quarter and delete messages that are older than 18 months unless we are actively collaborating or I am legally required to keep them. Google Analytics data is automatically deleted after 26 months. You can request deletion of your contact data at any time by emailing alexmihalascu@gmail.com.

Data processors (Third-party services)

Under GDPR, these services act as data processors, processing data on my behalf under data processing agreements (DPAs):

Firebase (Google Cloud)

Role: Data Processor. Hosts the contact form, portfolio content, and file storage. Google processes data on my behalf under the Firebase Data Processing and Security Terms and Google Cloud Data Processing Addendum. Location: EU and US data centers. GDPR-compliant with Standard Contractual Clauses.

Vercel Inc.

Role: Data Processor. Serves the Next.js application and provides performance/error logs. No personal data is shared beyond what is required to deliver webpages. Location: US and EU edge locations. GDPR-compliant with Standard Contractual Clauses.

Google Analytics 4 (Google LLC)

Role: Data Processor. Measures anonymous usage trends (page views, traffic sources, popular content) only after explicit consent. IP anonymization is enforced. No advertising features enabled. Google processes analytics data under the Google Ads Data Processing Terms. Location: Primarily US data centers. EU-U.S. Data Privacy Framework certified. You can opt out at any time.

Email + productivity tools

Gmail and Notion are used for communication and project planning. Shared information remains private unless you authorise otherwise. Both services are GDPR-compliant data processors.

Data security

I implement appropriate technical and organizational measures to protect your personal data:

HTTPS/TLS encryption for all data transmission between your browser and the server.
Firebase Security Rules to prevent unauthorized access to contact form data.
Regular security updates and dependency patches for all software components.
Minimal data collection principle – I only collect what is strictly necessary.
Access controls – only I (Alexandru Mihalascu) have access to personal data; no team members or third parties.
Secure authentication for dashboard access using Firebase Authentication.
Regular backups stored in secure, encrypted cloud storage.

Your rights under GDPR

Under GDPR (General Data Protection Regulation) and Romanian Law 190/2018, you have the following rights:

Right of access (Art. 15 GDPR) – request a copy of the personal data I hold about you.
Right to rectification (Art. 16 GDPR) – correct inaccurate or incomplete information.
Right to erasure / 'right to be forgotten' (Art. 17 GDPR) – request deletion of your data when it is no longer necessary or if you withdraw consent.
Right to restriction of processing (Art. 18 GDPR) – ask me to limit how I use your data in certain circumstances.
Right to object (Art. 21 GDPR) – object to processing based on legitimate interests, including analytics tracking (simply decline analytics cookies).
Right to data portability (Art. 20 GDPR) – receive your data in a structured, machine-readable format (JSON/CSV).
Right to withdraw consent (Art. 7 GDPR) – change your analytics cookie preference at any time without affecting other services.
Right to lodge a complaint – you can file a complaint with the Romanian supervisory authority (ANSPDCP) if you believe your rights have been violated.

Supervisory Authority

You have the right to lodge a complaint with the Romanian Data Protection Authority (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal):

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București, România
Phone: +40 318 059 211 / +40 318 059 212
Email: anspdcp@dataprotection.ro
Website: https://www.dataprotection.ro
You can also contact your local EU data protection authority if you reside in another EU member state.

International data transfers

Some services I use (Firebase, Google Analytics) may transfer your data to servers outside the European Economic Area (EEA). These providers comply with GDPR requirements:

Google LLC is certified under the EU-U.S. Data Privacy Framework for lawful data transfers to the United States.
Google processes data as a data processor under standard contractual clauses approved by the European Commission.
You can review Google's data transfer mechanisms at https://privacy.google.com/businesses/compliance/.

Cookies & tracking

Essential cookies keep the site running, and a single analytics cookie is optional. Visit the Cookies Policy to review every entry and manage your preferences through the consent banner.

How to contact me

Email is the fastest way to reach me: alexmihalascu@gmail.com. If you prefer, send a message through the contact page or call/WhatsApp +40 752 571 265.

Children's privacy

This website is not intended for children under 16 years of age. I do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal data, please contact me immediately and I will delete it.

Data breach notification

In the unlikely event of a data breach that affects your personal information, I will notify you and the Romanian Data Protection Authority (ANSPDCP) within 72 hours as required by Article 33 and 34 GDPR. The notification will include the nature of the breach, likely consequences, and measures taken to address it.

Automated decision-making

I do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All communications and business decisions are made manually by me (Alexandru Mihalascu).

Updates to this policy

I review this policy whenever I add new tooling or launch major features. The effective date above reflects the latest revision. Material changes will be announced on the homepage or via email if you have an ongoing project with me.