Privacy Policy

"Account Data" includes information You provide when creating an account or completing Business Enrollment, such as:

• Name and email address
• Business name, address, and VAT identification number
• Job title and role
• Login credentials (stored in hashed form)

"Billing Data" includes information necessary for payment processing, such as billing address, payment method details, and transaction history. Payment card information is processed by Our third-party payment processors and is not stored on Our systems.

"Usage Data" includes information about how You interact with the Sites and Service, such as features accessed, actions performed, and timestamps of activity.

"Technical Data" includes information automatically collected when You access the Sites, such as:

• IP address
• Browser type and version
• Operating system
• Device information
• Referring URL and pages visited

"Communication Data" includes information You provide when contacting Us for support, inquiries, or feedback, such as the content of Your messages and any attachments.

Directly from You: We collect data that You provide directly when You create an account, complete Business Enrollment, contact Us, or otherwise interact with the Sites or Service.

Automatically: We collect Technical Data automatically when You access the Sites through server logs and similar technologies.

From Third Parties: We may receive data from third-party service providers, such as payment processors (transaction confirmations) or identity verification services.

Contract Performance as per Article 6(1)(b) GDPR:

• Providing and maintaining the Service
• Processing payments and managing billing
• Providing customer support
• Communicating with You about Your account and the Service
• Maintaining audit logs of user actions in the Service (retained in accordance with Your organization's settings and the applicable Subscription Plan)

Legal Obligations as per Article 6(1)(c) GDPR:

• Complying with tax and accounting requirements
• Responding to lawful requests from public authorities

Legitimate Interests as per Article 6(1)(f) GDPR:

• Ensuring IT security and preventing fraud (Technical Data from the Sites is retained for a maximum of 48 hours unless required for ongoing security investigations)
• Analyzing and improving the Sites and Service
• Enforcing Our terms and protecting Our rights

Consent as per Article 6(1)(a) GDPR:

• Sending marketing communications (consent may be withdrawn at any time)

Service Providers: We engage third-party providers to perform services on Our behalf, including:

• Cloud infrastructure providers for hosting the Service and the Sites
• Payment processors for billing and transactions
• Customer support tools
• Analytics providers

These providers process data only on Our instructions and are contractually bound to protect Your data. A current list of sub-processors is available at Sub-Processors.

Legal Requirements: We may disclose data when required by law, regulation, legal process, or enforceable governmental request, or when necessary to protect Our rights.

Business Transfers: In connection with a merger, acquisition, or sale of assets, Your data may be transferred as part of the transaction. We will notify You of any such change.

Where We transfer personal data outside the European Economic Area (EEA), We ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission.

In accordance with Article 5(1)(e) GDPR (storage limitation), We retain Your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Specific retention periods depend on the nature of the data and the purposes of processing:

• Account Data is retained for the duration of Your account and for a reasonable period thereafter to enable account reactivation or respond to inquiries
• Billing Data is retained for the period required by tax and commercial law (typically 10 years)
• Technical Data collected from the Sites for IT security is retained for a maximum of 48 hours
• Audit logs in the Service are retained in accordance with Your organization's settings and the applicable Subscription Plan
• Communication Data is retained for as long as necessary to resolve Your inquiry and for a reasonable period thereafter

When data is no longer required, it is securely deleted or anonymized.

You may contact Us at any time to exercise the following rights:

• Request copies of Your personal data from Us (subject to a small fee)
• Request correction of inaccurate or incomplete personal data
• Request the deletion of Your personal data
• Request restriction of the processing of Your personal data
• Request that We transfer Your personal data to another controller
• Revoke Your consent, where applicable
• Object to the processing of Your personal data

Please note that We are not obligated to delete Your personal data or stop processing it if further storage or processing is necessary (e.g., to fulfill legal obligations or to defend against legal claims) or if We can show that such processing and storage is in Our legitimate interest that outweighs Yours.

The Sites use only functional cookies that are necessary for the operation of the Sites and Service. We do not use cookies for advertising, tracking, or personalized marketing purposes.

Functional cookies We use include:

• Session cookies to maintain Your login state
• Security cookies to prevent cross-site request forgery
• Preference cookies to remember Your settings

You can control cookies through Your browser settings. Disabling functional cookies may affect the functionality of the Sites and Service.

In accordance with Article 32 GDPR, We implement appropriate technical and organizational measures to protect Your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, without limitation:

• Hosting in secure data centers within the European Union
• Encryption of data in transit using TLS
• Access controls and authentication
• Regular security assessments

We may update this Privacy Policy from time to time to reflect changes in Our practices or applicable law. We will notify You of material changes by posting the updated Privacy Policy on the Sites and updating the "Last Updated" date. We encourage You to review this Privacy Policy periodically to stay informed about how We protect Your data.