Privacy Policy

Last updated: April 4, 2026 · ClearSecurity Vision

This Privacy Policy explains how ClearSecurity Vision S.R.L. ("Company", "we", "us"), registered office at Feleacu 24F, Cluj-Napoca, Romania, CUI 32776248, Registered in the Romanian Trade Register under number J12/420/2014, collects, uses, and protects your personal data when you use CERTO ("Service").

We are committed to GDPR compliance as data controller under Regulation (EU) 2016/679.

1. Data We Collect

Category	Data	Purpose
Account	Email address, password (hashed)	Authentication
Organization profile	Company name, CUI, sector, contacts	Compliance documentation
Compliance data	Incidents, risks, audits, vendors, gap assessments	Service functionality
Billing	Subscription status (no card data stored by us)	Access control
Usage	Activity logs within the platform	Audit trail, service improvement

We do not collect payment card data — this is handled entirely by our payment processor (Paddle).

2. Legal Basis for Processing

Contract performance — processing necessary to deliver the Service you subscribed to
Legal obligation — maintaining records as required by Romanian law
Legitimate interest — security monitoring, fraud prevention, service improvement

3. Data Storage and Security

All data is stored in the Supabase EU West data center, within the European Union. Data is encrypted in transit (TLS 1.3) and at rest. Access is restricted to your organization only via Row Level Security (RLS).

4. Data Sharing

We do not sell your data. We share data only with the following sub-processors, all operating under GDPR-compliant terms:

Supabase Inc. — database and authentication (EU West region)
Paddle.com — payment processing and subscription management
Resend Inc. — transactional email delivery
Cloudflare Inc. — content delivery and DDoS protection (transfers outside EEA covered by Standard Contractual Clauses)
Functional Software Inc. (Sentry) — error monitoring / observability (EU data center, Frankfurt)
cron-job.org — scheduled jobs (EU, Germany)

Full list with data categories and regions is available at /subprocessors.html.

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data is permanently deleted within 30 days, except where retention is required by law (e.g., billing records retained for 5 years per Romanian accounting law).

6. Your Rights (GDPR)

As a data subject, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Portability — receive your data in a machine-readable format
Restriction — limit processing of your data
Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us at support@clearsecurity.vision. We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.

7. Cookies

The CERTO application uses only functional cookies necessary for authentication (session management). We do not use tracking, advertising, or analytics cookies.

8. Changes to this Policy

We may update this Privacy Policy and will notify you by email at least 14 days before material changes take effect.

Data protection inquiries: support@clearsecurity.vision